From bee3b6fffef812f82a0056003e3b8d2c3e8e3f83 Mon Sep 17 00:00:00 2001
From: Andreas Kempe <kempe@lysator.liu.se>
Date: Sun, 23 May 2021 01:36:13 +0200
Subject: [PATCH] hina: add rsyslog server

Add rsyslog with configuration to allow haproxy on the frontends to log
rsync and FTP access.
---
 files/hina/newsyslog.conf.d/rsyslog.conf |  1 +
 files/hina/rsyslog.conf                  |  6 +++++
 manifests/hina.pp                        | 30 ++++++++++++++++++++++++
 3 files changed, 37 insertions(+)
 create mode 100644 files/hina/newsyslog.conf.d/rsyslog.conf
 create mode 100644 files/hina/rsyslog.conf

diff --git a/files/hina/newsyslog.conf.d/rsyslog.conf b/files/hina/newsyslog.conf.d/rsyslog.conf
new file mode 100644
index 0000000..408bc28
--- /dev/null
+++ b/files/hina/newsyslog.conf.d/rsyslog.conf
@@ -0,0 +1 @@
+/var/log/haproxy.log   rsyslogd:rsyslogd  644 3  *   $W1D0
diff --git a/files/hina/rsyslog.conf b/files/hina/rsyslog.conf
new file mode 100644
index 0000000..9318e07
--- /dev/null
+++ b/files/hina/rsyslog.conf
@@ -0,0 +1,6 @@
+# Provides TCP syslog reception
+$ModLoad imudp.so
+$UDPServerAddress 10.42.254.195
+$UDPServerRun 5514
+
+*.* /var/log/haproxy.log
diff --git a/manifests/hina.pp b/manifests/hina.pp
index bfec666..686ac04 100644
--- a/manifests/hina.pp
+++ b/manifests/hina.pp
@@ -9,6 +9,7 @@ class ftp::hina {
       'node_exporter',
       'py37-certbot-nginx',
       'rsync',
+      'rsyslog',
       'tor',
       'vsftpd-ssl',
     ]:
@@ -95,6 +96,35 @@ class ftp::hina {
     purge   => false,
   }
 
+  file { '/usr/local/etc/rsyslog.conf':
+    ensure => file,
+    source => 'puppet:///modules/ftp/hina/rsyslog.conf',
+    owner  => 'root',
+    group  => 'wheel',
+    mode   => '0644',
+  }
+
+  user { 'rsyslogd-user':
+    ensure => present,
+    name   => 'rsyslogd',
+    home   => '/var/empty',
+    shell  => '/usr/sbin/nologin',
+  }
+
+  file_line { 'start rsyslogd':
+    path => '/etc/rc.local',
+    line => 'daemon -u rsyslogd rsyslogd -iNONE',
+  }
+
+  file { '/var/log/haproxy.log':
+    ensure  => present,
+    content => '',
+    replace => 'no',
+    owner   => 'rsyslogd',
+    group   => 'rsyslogd',
+    mode    => '0644',
+  }
+
   file { 'ftprsync':
     ensure  => file,
     path    => '/usr/local/bin',
-- 
GitLab