From 2c42752b22add77d908cd98238de633f68fd2671 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Thu, 15 Dec 2016 17:43:51 +0200
Subject: [PATCH] - Forked from the example role.

---
 README.rst                   |  8 +++-----
 defaults/main.yml            |  4 +++-
 handlers/main.yml            | 12 +++++++++++-
 meta/main.yml                | 12 ++++++------
 molecule.yml                 |  4 +++-
 tasks/main.yml               | 38 +++++++++++++++++++++++++++++++-----
 templates/forwarding.conf.j2 | 11 +++++++++++
 tests/test_syslog_forward.py |  3 ++-
 vars/main.yml                |  2 +-
 9 files changed, 73 insertions(+), 21 deletions(-)
 create mode 100644 templates/forwarding.conf.j2

diff --git a/README.rst b/README.rst
index 34a183a..ba87a76 100644
--- a/README.rst
+++ b/README.rst
@@ -1,9 +1,7 @@
-Example
-#######
+Syslog forwarding
+#################
 
-An (empty) example Ansible role complete with working tests out of the box. For
-more information read the `blog post
-<https://www.shore.co.il/blog/ansible-example-role/>`_.
+Configure syslog forwarding (syslogd on OpenBSD, rsyslog on Debian).
 
 Requirements
 ------------
diff --git a/defaults/main.yml b/defaults/main.yml
index 25ca86f..4dad267 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,2 +1,4 @@
 ---
-# defaults file for ansible-role-example
+# defaults file for ansible-role-syslog-forward
+
+syslog_server:
diff --git a/handlers/main.yml b/handlers/main.yml
index 1d74a03..73be0c7 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,2 +1,12 @@
 ---
-# handlers file for ansible-role-example
+# handlers file for ansible-role-syslog-forward
+
+- name: Restart rsyslog
+  service:
+    name: rsyslog
+    state: restarted
+
+- name: Restart syslogd
+  service:
+    name: syslogd
+    state: restarted
diff --git a/meta/main.yml b/meta/main.yml
index e22f4e8..12adf7f 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,6 +1,6 @@
 galaxy_info:
   author: Nimrod Adar
-  description: An example Ansible role
+  description: Configure syslog forwarding.
   company: Shore technologies
   license: MIT
   min_ansible_version: 2.0
@@ -8,8 +8,8 @@ galaxy_info:
   - name: OpenBSD
     versions:
     - 5.9
-  galaxy_tags: [ ansible ]
-dependencies:
-    - src: https://www.shore.co.il/git/ansible-role-openbsd-bootstrap
-      scm: git
-      name: bootstrap
+  - name: Debian
+    versions:
+    - jessie
+  galaxy_tags: [ syslog ]
+dependencies: []
diff --git a/molecule.yml b/molecule.yml
index 0d86e79..5b65f4f 100644
--- a/molecule.yml
+++ b/molecule.yml
@@ -15,8 +15,10 @@ vagrant:
   platforms:
   - name: openbsd
     box: kaorimatz/openbsd-5.9-amd64
+  - name: debian
+    box: debian/jessie64
   instances:
-  - name: ansible-role-example
+  - name: ansible-role-syslog-forward
     options:
         append_platform_to_hostname: yes
   raw_config_args:
diff --git a/tasks/main.yml b/tasks/main.yml
index 066751c..1076b8b 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,7 +1,35 @@
 ---
-# tasks file for ansible-role-example
+# tasks file for ansible-role-syslog-forward
 
-- assert:
-    that:
-        - ansible_os_family == 'OpenBSD'
-        - ansible_distribution_release == '5.9'
+- name: Assert
+  assert:
+    that: ansible_os_family in [ 'Debian', 'OpenBSD' ]
+
+- name: APT install rsyslog
+  when: ansible_os_family == 'Debian'
+  apt:
+    name: rsyslog-gnutls
+    state: present
+    update_cache: yes
+    cache_valid_time: 3600
+
+- name: Configure rsyslog forwarding
+  when: ansible_os_family == 'Debian'
+  template:
+    src: forwarding.conf.j2
+    dest: /etc/rsyslog.d/forwarding.conf
+    owner: root
+    group: root
+    mode: 0o0644
+  notify:
+  - Restart rsyslog
+
+- name: Configure syslogd forwarding
+  when: ansible_os_family == 'OpenBSD'
+  lineinfile:
+    dest: /etc/syslog.conf
+    line: '*.* @tls://{{ syslog_server}}'
+    regexp: '^\*.\* '
+    state: present
+  notify:
+  - Restart syslogd
diff --git a/templates/forwarding.conf.j2 b/templates/forwarding.conf.j2
new file mode 100644
index 0000000..9a4062e
--- /dev/null
+++ b/templates/forwarding.conf.j2
@@ -0,0 +1,11 @@
+{#
+$DefaultNetstreamDriver gtls
+$DefaultNetstreamDriverCAFile {{ tls_ca_cert_path }}
+$DefaultNetstreamDriverCertFile {{ tls_cert_path }}
+$DefaultNetstreamDriverKeyFile {{ tls_key_path }}
+$ActionSendStreamDriverAuthMode x509/name
+#}
+
+$ActionSendStreamDriverPermittedPeer {{ syslog_server }}
+$ActionSendStreamDriverMode 1
+*.* @@{{ syslog_server }}
diff --git a/tests/test_syslog_forward.py b/tests/test_syslog_forward.py
index 1e0f862..3338fdc 100644
--- a/tests/test_syslog_forward.py
+++ b/tests/test_syslog_forward.py
@@ -1,5 +1,6 @@
 def test_syslog_forward(Service, SystemInfo):
     if SystemInfo.type == 'openbsd':
         assert Service('syslogd').is_running
-    if SystemInfo.type == 'linux' and SystemInfo.distribution == 'debian'
+    elif SystemInfo.type == 'linux' and SystemInfo.distribution in ['debian',
+                                                                    'ubuntu']:
         assert Service('rsyslog').is_running
diff --git a/vars/main.yml b/vars/main.yml
index 2417503..86e7759 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,2 +1,2 @@
 ---
-# vars file for ansible-role-example
+# vars file for ansible-role-syslog-forward
-- 
GitLab