Puppet Class: rsyslog::config

Defined in:: manifests/config.pp

Summary

Setup Rsyslog configuration

Overview

**NOTE: THIS IS A [PRIVATE](github.com/puppetlabs/puppetlabs-stdlib#assert_private) CLASS**

When the host uses systemd, creates a rsyslog.service override file that fixes a service ordering problem present with older versions of rsyslog.
Creates /etc/rsyslog.conf and includes all SIMP config subdirectories in /etc/rsyslog.simp.d.

NOTE Any undocumented parameters map directly to their counterparts in the Rsyslog configuration files.

Parameters:

umask (String) (defaults to: '0027') —

The umask that should be applied to the running process
localhostname (String) (defaults to: $facts['fqdn']) —

The Hostname that should be used on your syslog messages
preserve_fqdn (Boolean) (defaults to: true) —

Ensure that the “fqdn“ of the originating host is preserved in all log messages
control_character_escape_prefix (String[1,1]) (defaults to: '#')
drop_msgs_with_malicious_dns_ptr_records (Enum['off','on']) (defaults to: 'off')
escape_control_characters_on_receive (Enum['off','on']) (defaults to: 'on')
default_template (String) (defaults to: 'original') —
The default template to use to output to various services
- The provided template has been designed to work with external parsing tools that require the priority text
- You can also choose from the following values in order to select from one of the built-in rsyslogd formats.
```
* forward     -> RSYSLOG_Forward
* original    -> RSYSLOG_FileFormat
* traditional -> RSYSLOG_TraditionalFileFormat
```
syssock_ignore_timestamp (Boolean) (defaults to: true)
syssock_ignore_own_messages (Boolean) (defaults to: true)
syssock_use (Boolean) (defaults to: true)
syssock_name (Optional[String]) (defaults to: undef)
syssock_flow_control (Boolean) (defaults to: false)
syssock_use_pid_from_system (Boolean) (defaults to: false)
syssock_rate_limit_interval (Integer[0]) (defaults to: 0)
syssock_rate_limit_burst (Integer[0]) (defaults to: 1000)
syssock_rate_limit_severity (Integer[0]) (defaults to: 5)
syssock_use_sys_timestamp (Boolean) (defaults to: true)
syssock_annotate (Boolean) (defaults to: false)
syssock_parse_trusted (Boolean) (defaults to: false)
syssock_unlink (Boolean) (defaults to: true)
main_msg_queue_type (Enum['LinkedList','FixedArray']) (defaults to: 'LinkedList') —
The type of queue that will be used
- It is highly recommended that you leave this as “LinkedList“ unless you really know what you are doing.
main_msg_queue_filename (String) (defaults to: 'main_msg_queue')
main_msg_queue_size (Optional[Integer[0]]) (defaults to: undef) —
The size of the main (global) message queue
- By default, the minimum of 1% of physical memory or 1G, based on a 512B message size. The maximum number of messages that may be stored in the memory queue.
main_msg_queue_high_watermark (Optional[Integer[0]]) (defaults to: undef) —
The point at which the queue will start writing messages to disk as a number of messages
- By default, 90% of “$main_msg_queue_size“
main_msg_queue_low_watermark (Optional[Integer[0]]) (defaults to: undef) —
The point at which the queue will stop writing messages to disk as a number of messages
- NOTE: This must be lower than “$main_msg_queue_high_watermark“
- By default, 70% of “$main_msg_queue_size“
main_msg_queue_discardmark (Optional[Integer[0]]) (defaults to: undef) —
The point at which the queue will discard messages
- By default, 98% of “$main_msg_queue_size“
main_msg_queue_worker_thread_minimum_messages (Optional[Integer[0]]) (defaults to: undef) —
The minimum number of messages in the queue before a new thread can be spawned
- If left empty (the default), will calculate the value based on the following formula: “$main_msg_queue_size/(($processorcount - 1)*4)“
main_msg_queue_worker_threads (Optional[Integer[0]]) (defaults to: undef) —
The maximum number of threads to spawn on the system
- By default, “$processorcount - 1“
main_msg_queue_worker_timeout_thread_shutdown (Integer[0]) (defaults to: 5000)
main_msg_queue_timeout_enqueue (Integer[0]) (defaults to: 100)
main_msg_queue_dequeue_slowdown (Integer[0]) (defaults to: 0)
main_msg_queue_save_on_shutdown (Enum['on','off']) (defaults to: 'on')
main_msg_queue_max_disk_space (Optional[Integer[0]]) (defaults to: undef) —
The maximum amount of disk space to use for the disk queue.
- Specified as a digit followed by a unit specifier. For example:
```
* 100   -> 100 Bytes
* 100K  -> 100 Kilobytes
* 100M  -> 100 Megabytes
* 100G  -> 100 Gigabytes
* 100T  -> 100 Terabytes
* 100P  -> 100 Petabytes
```
- If not specified, will default to “$main_msg_queue_size * 1024“
main_msg_queue_max_file_size (Integer[0]) (defaults to: 5) —
The maximum file size, in Megabytes, that should be created when buffering to disk.
- NOTE: It is not recommended to make this excessively large
repeated_msg_reduction (Enum['on','off']) (defaults to: 'on')
work_directory (Stdlib::Absolutepath) (defaults to: '/var/spool/rsyslog')
interval (Integer[0]) (defaults to: 0) —

The “mark“ interval
tls_tcp_max_sessions (Integer[0]) (defaults to: 200) —

The maximum number of sessions to support
tls_input_tcp_server_stream_driver_permitted_peers (Array[String]) (defaults to: ["*.${facts['domain']}"]) —

A wildcard-capable Array of domains that should be allowed to talk to the server over “TLS“
default_net_stream_driver (Enum['gtls','ptcp']) (defaults to: 'gtls') —

When “TLS“ is enabled (client and/or server), used to set the global DefaultNetStreamDriver configuration parameter.
default_net_stream_driver_ca_file (Stdlib::Absolutepath) (defaults to: "${rsyslog::app_pki_dir}/cacerts/cacerts.pem") —

When “TLS“ is enabled (client and/or server), used to set the global DefaultNetStreamDriverCAFile configuration parameter. Currently, this is the ONLY mechanism available to set the CA file for “TLS“.
default_net_stream_driver_cert_file (Stdlib::Absolutepath) (defaults to: "${rsyslog::app_pki_dir}/public/${::fqdn}.pub") —

When “TLS“ is enabled (client and/or server), used to set the global global DefaultNetStreamDriverCertFile configuration parameter. Currently, this is the ONLY mechanism available to set the cert file for “TLS“.
default_net_stream_driver_key_file (Stdlib::Absolutepath) (defaults to: "${rsyslog::app_pki_dir}/private/${::fqdn}.pem") —

When “TLS“ is enabled (client and/or server), used to set the global used to set the global DefaultNetStreamDriverKeyFile configuration parameter. Currently, this is the ONLY mechanism available to set the key file for “TLS“.
action_send_stream_driver_mode (Enum['1','0']) (defaults to: ($rsyslog::pki or $rsyslog::tls_tcp_server or $rsyslog::enable_tls_logging) ? { true => '1', default => '0') —
- When “$rsyslog::tls_tcp_server = true“, used for imtcp module StreamDriver.Mode
- For Rsyslog 7, when “$rsyslog::enable_tls_logging = true“, used to set the deprecated, global rsyslog configuration, ActionSendStreamDriverMode. This setting and the corresponding send stream driver setting in “rsyslog::rule::remote“ are BOTH required for sending TLS-encrypted logs with Rsyslog 7.
action_send_stream_driver_auth_mode (Optional[String]) (defaults to: undef) —
- When “$rsyslog::tls_tcp_server = true“, used for imtcp module StreamDriver.AuthMode. If undefined, this value is set based on “$action_send_stream_driver_mode“.
- Otherwise deprecated. Send stream driver authentication mode is configured for individual send streams via “rsyslog::rule::remote“.
action_send_stream_driver_permitted_peers (Optional[Array[String]]) (defaults to: undef) —

Deprecated and will be removed in a later version. Send stream driver permitted peers are configured for individual send streams via “rsyslog::rule::remote“.
ulimit_max_open_files (Variant[Enum['unlimited'],Integer[0]]) (defaults to: 'unlimited') —
The maximum open files limit that should be set for the syslog server
- “1024“ is fine for most purposes, but a collection server should bump this way up.
host_list (Array[String]) (defaults to: []) —
This option is only valid in rsyslog versions < 8.6.0 Hosts that should be logged with their simple hostname
- See the “-l“ option in “rsyslogd(8)“ for more information
domain_list (Array[String]) (defaults to: []) —
This option is only valid in rsyslog versions < 8.6.0 Array of domains that should be stripped off before logging
- See the “-s“ option in “rsyslogd(8)“ for more information
suppress_noauth_warn (Boolean) (defaults to: false) —
Suppress warnings due to hosts not in the ACL
- See the “-w“ option in “rsyslogd(8)“ for more information
disable_remote_dns (Boolean) (defaults to: false) —
Disable DNS lookups for remote messages
- See the “-x“ option in “rsyslogd(8)“ for more information
enable_default_rules (Boolean) (defaults to: true) —

Enables default rules for logging common services (e.g., iptables, puppet, slapd_auditd)
read_journald (Boolean) (defaults to: $rsyslog::read_journald) —

Enable the forwarding of the “systemd“ journal to syslog
include_rsyslog_d (Boolean) (defaults to: false) —
Include all configuration files in the system-standard “/etc/rsyslog.d“
- This will place the configuration files after the global configuration but before the SIMP applied configurations.
systemd_override_file (String) (defaults to: 'unit.conf') —

The basename of the systemd override file for the rsyslog service

# File 'manifests/config.pp', line 225

class rsyslog::config (
  String                                $umask                                              = '0027',
  String                                $localhostname                                      = $facts['fqdn'],
  Boolean                               $preserve_fqdn                                      = true,
  String[1,1]                           $control_character_escape_prefix                    = '#',
  Enum['off','on']                      $drop_msgs_with_malicious_dns_ptr_records           = 'off',
  Enum['off','on']                      $escape_control_characters_on_receive               = 'on',
  String                                $default_template                                   = 'original',

  # Parameters for imuxsock with sensible defaults
  Boolean                               $syssock_ignore_timestamp                           = true,
  Boolean                               $syssock_ignore_own_messages                        = true,
  Boolean                               $syssock_use                                        = true,
  Optional[String]                      $syssock_name                                       = undef,
  Boolean                               $syssock_flow_control                               = false,
  Boolean                               $syssock_use_pid_from_system                        = false,
  Integer[0]                            $syssock_rate_limit_interval                        = 0,
  Integer[0]                            $syssock_rate_limit_burst                           = 1000,
  Integer[0]                            $syssock_rate_limit_severity                        = 5,
  Boolean                               $syssock_use_sys_timestamp                          = true,
  Boolean                               $syssock_annotate                                   = false,
  Boolean                               $syssock_parse_trusted                              = false,
  Boolean                               $syssock_unlink                                     = true,

  # Main message queue global defaults
  Enum['LinkedList','FixedArray']       $main_msg_queue_type                                = 'LinkedList',
  String                                $main_msg_queue_filename                            = 'main_msg_queue',
  Integer[0]                            $main_msg_queue_max_file_size                       = 5,
  Optional[Integer[0]]                  $main_msg_queue_size                                = undef,
  Optional[Integer[0]]                  $main_msg_queue_high_watermark                      = undef,
  Optional[Integer[0]]                  $main_msg_queue_low_watermark                       = undef,
  Optional[Integer[0]]                  $main_msg_queue_discardmark                         = undef,
  Optional[Integer[0]]                  $main_msg_queue_worker_thread_minimum_messages      = undef,
  Optional[Integer[0]]                  $main_msg_queue_worker_threads                      = undef,
  Integer[0]                            $main_msg_queue_worker_timeout_thread_shutdown      = 5000,
  Integer[0]                            $main_msg_queue_timeout_enqueue                     = 100,
  Integer[0]                            $main_msg_queue_dequeue_slowdown                    = 0,
  Enum['on','off']                      $main_msg_queue_save_on_shutdown                    = 'on',
  Optional[Integer[0]]                  $main_msg_queue_max_disk_space                      = undef,

  Enum['on','off']                      $repeated_msg_reduction                             = 'on',
  Stdlib::Absolutepath                  $work_directory                                     = '/var/spool/rsyslog',
  Integer[0]                            $interval                                           = 0,
  Integer[0]                            $tls_tcp_max_sessions                               = 200,
  Array[String]                         $tls_input_tcp_server_stream_driver_permitted_peers = ["*.${facts['domain']}"],

  Enum['gtls','ptcp']                   $default_net_stream_driver                          = 'gtls',
  Stdlib::Absolutepath                  $default_net_stream_driver_ca_file                  = "${rsyslog::app_pki_dir}/cacerts/cacerts.pem",
  Stdlib::Absolutepath                  $default_net_stream_driver_cert_file                = "${rsyslog::app_pki_dir}/public/${::fqdn}.pub",
  Stdlib::Absolutepath                  $default_net_stream_driver_key_file                 = "${rsyslog::app_pki_dir}/private/${::fqdn}.pem",

  Enum['1','0']                         $action_send_stream_driver_mode                     = ($rsyslog::pki or $rsyslog::tls_tcp_server or $rsyslog::enable_tls_logging) ? { true => '1', default => '0' },
  Optional[String]                      $action_send_stream_driver_auth_mode                = undef,
  Optional[Array[String]]               $action_send_stream_driver_permitted_peers          = undef,

  Variant[Enum['unlimited'],Integer[0]] $ulimit_max_open_files                              = 'unlimited',
  Array[String]                         $host_list                                          = [],
  Array[String]                         $domain_list                                        = [],
  Boolean                               $suppress_noauth_warn                               = false,
  Boolean                               $disable_remote_dns                                 = false,
  Boolean                               $enable_default_rules                               = true,
  Boolean                               $read_journald                                      = $rsyslog::read_journald,
  Boolean                               $include_rsyslog_d                                  = false,
  String                                $systemd_override_file                              = 'unit.conf'
) {
  assert_private()

  $_tcp_server = $rsyslog::tcp_server
  $_tls_tcp_server = $rsyslog::tls_tcp_server
  $_tcp_listen_port = $rsyslog::tcp_listen_port
  $_tls_tcp_listen_port = $rsyslog::tls_tcp_listen_port
  $_udp_server = $rsyslog::udp_server
  $_udp_listen_port = $rsyslog::udp_listen_port
  $_enable_tls_logging = $rsyslog::enable_tls_logging

  if $rsyslog::pki {
    simplib::assert_optional_dependency($module_name, 'simp/pki')

    pki::copy { 'rsyslog':
      source => $rsyslog::app_pki_external_source,
      pki    => $rsyslog::pki
    }
  }

  if $read_journald and member($facts['init_systems'], 'systemd') {
    $_read_journald = true
  }
  else {
    $_read_journald = false
  }

  # TODO When we drop Rsyslog 7 support, rename this to be
  #      tls_input_tcp_server_stream_driver_auth_mode
  if $action_send_stream_driver_auth_mode {
    $_action_send_stream_driver_auth_mode = $action_send_stream_driver_auth_mode
  }
  else {
    $_action_send_stream_driver_auth_mode = $action_send_stream_driver_mode ? {
      '0'     => 'anon',
      default => 'x509/name'
    }
  }

  $_default_template = $default_template ? {
    'traditional' => 'RSYSLOG_TraditionalFormat',
    'original'    => 'RSYSLOG_FileFormat',
    'forward'     => 'RSYSLOG_ForwardFormat',
    default       => $default_template
  }

  # This is where the custom rules will go. They will be purged if not managed!
  file { $rsyslog::rule_dir:
    ensure  => 'directory',
    owner   => 'root',
    group   => 'root',
    recurse => true,
    purge   => true,
    force   => true,
    mode    => '0750'
  }

  file { '/etc/rsyslog.d':
    ensure => 'directory',
    owner  => 'root',
    group  => 'root',
    mode   => '0755'
  }

  $_readme = @(README)
    # In Puppet hieradata, set 'rsyslog::config::include_rsyslog_d' to true
    # and place ".conf" files that rsyslog should process independently of
    # SIMP into this directory.
    | README

  file { '/etc/rsyslog.d/README_SIMP.conf':
    ensure  => 'file',
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    content => $_readme
  }

  file { '/var/spool/rsyslog':
    ensure => 'directory',
    owner  => 'root',
    group  => 'root',
    mode   => '0700'
  }

  if $enable_default_rules {
    rsyslog::rule { '99_simp_local/ZZ_default.conf':
      content => file("${module_name}/config/rsyslog.default")
    }
  }

  file { '/etc/rsyslog.conf':
    ensure  => 'present',
    owner   => 'root',
    group   => 'root',
    mode    => '0600',
    content => "\$IncludeConfig ${::rsyslog::rule_dir}/*.conf\n"
  }

  file { '/etc/sysconfig/rsyslog':
    owner   => 'root',
    group   => 'root',
    mode    => '0640',
    content => template("${module_name}/sysconfig.erb")
  }

  rsyslog::rule { '00_simp_pre_logging/global.conf':
    content => template("${module_name}/config/pre_logging.conf.erb")
  }

  rsyslog::rule { '09_failover_hack/failover_hack.conf':
    # lint:ignore:variable_scope
    content => @(EOM)
      # For failover to be defined and parse properly, we must place it somewhere
      # after the first rule is defined. Therefore, we are creating this noop rule.

      if $syslogfacility == 'local0' and $msg startswith 'placeholder_rule' then continue
      |EOM
    # lint:endignore
  }

  if $include_rsyslog_d {
    rsyslog::rule { '15_include_default_rsyslog/include_default_rsyslog.conf':
      content => "\$IncludeConfig /etc/rsyslog.d/*.conf\n"
    }
  }

  rsyslog::template::string { 'defaultTemplate':
    string => $_default_template
  }

  # Set the maximum number of open files in the init script.
  init_ulimit { 'mod_open_files_rsyslog':
    target => 'rsyslog',
    item   => 'max_open_files',
    value  => $ulimit_max_open_files
  }

  if member($facts['init_systems'], 'systemd') {
    # Even though the problem this override file addresses was fixed
    # after CentOS 7.4, its presence causes no problems with the later
    # versions, because the Wants and After lists are de-duped.
    $_override = @(OVERRIDE)
        # This file is managed by Puppet.

        [Unit]

        Wants=network.target network-online.target
        After=network.target network-online.target
        | OVERRIDE

    systemd::dropin_file { $systemd_override_file:
      unit    => 'rsyslog.service',
      content => $_override
    }

    # make sure service gets restarted after systemctl daemon-reload
    Class['systemd::systemctl::daemon_reload'] ~> Class['rsyslog::service']
  }

  # give deprecation warning if rsyslog is 8.6 or later and the -l or -s options
  # are being used.
  if $facts['rsyslogd'] and $facts['rsyslogd']['version'] {
    if versioncmp($facts['rsyslogd']['version'], '8.6.0') > 0  {
      if ! empty($host_list) {
        warning('rsyslog::config::host_list will be ignored: Rsyslog deprecated the -l option in version 8.6.0')
      }

      if ! empty($domain_list) {
        warning('rsyslog::config::domain_list will be ignored: Rsyslog deprecated the -s option in version 8.6.0')
      }
    }
  }
}