├── vars └── main.yml ├── defaults └── main.yml ├── templates ├── log_files.yml.j2 ├── papertrail.service ├── papertrail.conf.j2 └── remote_syslog.init.d.j2 ├── handlers └── main.yml ├── LICENSE ├── tests └── test.yml ├── README.md ├── tasks └── main.yml └── meta └── main.yml /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for ansible-role-papertrail 3 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for ansible-role-papertrail 3 | papertrail_version: "0.19" 4 | papertrail_files: [] 5 | papertrail_host: "" 6 | papertrail_port: "" 7 | -------------------------------------------------------------------------------- /templates/log_files.yml.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | --- 3 | files: 4 | {% for item in papertrail_files %} 5 | - {{ item }} 6 | {% endfor %} 7 | 8 | destination: 9 | host: {{ papertrail_host }} 10 | port: {{ papertrail_port }} 11 | protocol: tls 12 | -------------------------------------------------------------------------------- /templates/papertrail.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=remote_syslog2 3 | Documentation=https://github.com/papertrail/remote_syslog2 4 | After=network-online.target 5 | 6 | [Service] 7 | ExecStartPre=/usr/bin/test -e /etc/log_files.yml 8 | ExecStart=/bin/sh -c '/usr/local/bin/remote_syslog -D --hostname=`hostname -s`' 9 | Restart=always 10 | User=root 11 | Group=root 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | -------------------------------------------------------------------------------- /templates/papertrail.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | # http://help.papertrailapp.com/kb/configuration/encrypting-remote-syslog-with-tls-ssl/#rsyslog 3 | 4 | $DefaultNetstreamDriverCAFile /etc/ssl/certs/papertrail-bundle.pem 5 | $ActionSendStreamDriver gtls 6 | $ActionSendStreamDriverMode 1 7 | $ActionSendStreamDriverAuthMode x509/name 8 | $ActionSendStreamDriverPermittedPeer *.papertrailapp.com 9 | 10 | *.* @@{{ papertrail_host }}:{{ papertrail_port }} 11 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart rsyslog 3 | service: name=rsyslog state=restarted 4 | 5 | - name: daemon-reload 6 | shell: systemctl daemon-reload 7 | 8 | - name: enable remote_syslog 9 | service: 10 | name: remote_syslog.service 11 | enabled: yes 12 | 13 | - name: restart remote_syslog 14 | service: 15 | name: remote_syslog.service 16 | state: restarted 17 | 18 | - name: enable remote_syslog.init.d 19 | service: 20 | name: remote_syslog 21 | enabled: yes 22 | 23 | - name: restart remote_syslog.init.d 24 | service: 25 | name: remote_syslog 26 | state: restarted 27 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2016 Chris Short 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: all 4 | 5 | vars: 6 | papertrail_host: fake_host 7 | papertrail_port: 11111 8 | papertrail_files: 9 | - /var/log/cron 10 | 11 | pre_tasks: 12 | - name: Ensure build dependencies are installed (Fedora). 13 | dnf: 'name="{{ item }}" state=present' 14 | with_items: 15 | - "@Development tools" 16 | - tar 17 | - unzip 18 | when: ansible_pkg_mgr == 'dnf' 19 | 20 | - name: Ensure build dependencies are installed (RedHat). 21 | yum: 'name="{{ item }}" state=present' 22 | with_items: 23 | - "@Development tools" 24 | - tar 25 | - unzip 26 | when: ansible_pkg_mgr == 'yum' 27 | 28 | - name: Update apt cache. 29 | apt: update_cache=yes cache_valid_time=600 30 | when: ansible_pkg_mgr =='apt' 31 | changed_when: false 32 | 33 | - name: Ensure build dependencies are installed (Debian). 34 | apt: 'name="{{ item }}" state=installed' 35 | with_items: 36 | - build-essential 37 | - unzip 38 | - tar 39 | - sudo 40 | when: ansible_pkg_mgr =='apt' 41 | 42 | roles: 43 | - ansible-role-papertrail 44 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | Ansible Role: Papertrail 3 | ========= 4 | 5 | [![Build Status](https://travis-ci.org/chris-short/ansible-role-papertrail.svg?branch=master)](https://travis-ci.org/chris-short/ansible-role-papertrail) 6 | 7 | Papertrail can utilize rsyslog and it's go utility remote_syslog2. This role configures and deploys all the neccessary bits to utilize Papertrail on EL6/7, Debian 8, and Ubuntu 16.04 systems 8 | 9 | Requirements 10 | ------------ 11 | 12 | rsyslog is an obvious requirement that should be installed 13 | 14 | Role Variables 15 | -------------- 16 | 17 | papertrail_version is the version number of the remote_syslog tool you wish to use. 18 | papertrail_files is an array of absolute paths to logs you want remote_syslog to send to the Papertrail service 19 | papertrail_host is the hostname provided by Papertrail for your use 20 | papertrail_port is the port number provided by Papertrail for your use 21 | 22 | Dependencies 23 | ------------ 24 | 25 | N/A 26 | 27 | Example Playbook 28 | ---------------- 29 | 30 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 31 | 32 | - hosts: servers 33 | roles: 34 | - papertrail 35 | 36 | License 37 | ------- 38 | 39 | MIT 40 | 41 | Author Information 42 | ------------------ 43 | 44 | Chris Short 45 | https://chrisshort.net 46 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install necessary packages 3 | package: 4 | name: "{{ item }}" 5 | state: latest 6 | with_items: 7 | - rsyslog 8 | - rsyslog-gnutls 9 | 10 | - name: Obtain Papertrail Cert 11 | get_url: 12 | dest: /etc/ssl/certs/papertrail-bundle.pem 13 | url: https://papertrailapp.com/tools/papertrail-bundle.pem 14 | notify: restart rsyslog 15 | 16 | - name: Deploy rsyslog conf for Papertrail 17 | template: 18 | src: papertrail.conf.j2 19 | dest: /etc/rsyslog.d/papertrail.conf 20 | owner: root 21 | group: root 22 | backup: no 23 | notify: restart rsyslog 24 | 25 | - name: Download remote_syslog 26 | get_url: 27 | url: "https://github.com/papertrail/remote_syslog2/releases/download/v{{ papertrail_version }}/remote_syslog_linux_amd64.tar.gz" 28 | dest: "/usr/local/src/remote_syslog_{{ papertrail_version }}_linux_amd64.tar.gz" 29 | 30 | - name: Extract remote_syslog 31 | unarchive: 32 | src: "/usr/local/src/remote_syslog_{{ papertrail_version }}_linux_amd64.tar.gz" 33 | dest: /usr/local/src/ 34 | copy: no 35 | owner: root 36 | group: root 37 | creates: /usr/local/src/remote_syslog/remote_syslog 38 | 39 | - name: Copy remote_syslog to /usr/local/bin 40 | shell: cp /usr/local/src/remote_syslog/remote_syslog /usr/local/bin/remote_syslog 41 | args: 42 | creates: /usr/local/bin/remote_syslog 43 | 44 | - name: Deploy remote_syslog conf 45 | template: 46 | src: log_files.yml.j2 47 | dest: /etc/log_files.yml 48 | owner: root 49 | group: root 50 | mode: 0640 51 | 52 | - name: Create remote_syslog systemd service 53 | template: 54 | src: papertrail.service 55 | dest: /etc/systemd/system/remote_syslog.service 56 | notify: 57 | - daemon-reload 58 | - enable remote_syslog 59 | - restart remote_syslog 60 | when: ansible_service_mgr == 'systemd' 61 | 62 | - name: Create remote_syslog init.d service 63 | template: 64 | src: remote_syslog.init.d.j2 65 | dest: /etc/init.d/remote_syslog 66 | owner: root 67 | group: root 68 | mode: 0775 69 | notify: 70 | - enable remote_syslog.init.d 71 | - restart remote_syslog.init.d 72 | when: ansible_service_mgr != 'systemd' 73 | -------------------------------------------------------------------------------- /templates/remote_syslog.init.d.j2: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # {{ ansible_managed }} 4 | 5 | ### BEGIN INIT INFO 6 | # Provides: remote_syslog 7 | # Required-Start: $network $remote_fs $syslog 8 | # Required-Stop: $network $remote_fs $syslog 9 | # Default-Start: 2 3 4 5 10 | # Default-Stop: 0 1 6 11 | # Short-Description: Start and Stop 12 | # Description: Runs remote_syslog 13 | ### END INIT INFO 14 | 15 | # /etc/init.d/remote_syslog 16 | # 17 | # Starts the remote_syslog daemon 18 | # 19 | # chkconfig: 345 90 5 20 | # description: Runs remote_syslog 21 | # 22 | # processname: remote_syslog 23 | 24 | prog="remote_syslog" 25 | config="/etc/log_files.yml" 26 | pid_dir="/var/run" 27 | 28 | EXTRAOPTIONS="--hostname=`hostname -s`" 29 | 30 | pid_file="$pid_dir/$prog.pid" 31 | 32 | PATH=/sbin:/bin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:$PATH 33 | 34 | RETVAL=0 35 | 36 | is_running(){ 37 | # Do we have PID-file? 38 | if [ -f "$pid_file" ]; then 39 | # Check if proc is running 40 | pid=`cat "$pid_file" 2> /dev/null` 41 | if [[ $pid != "" ]]; then 42 | exepath=`readlink /proc/"$pid"/exe 2> /dev/null` 43 | exe=`basename "$exepath"` 44 | if [[ $exe == "remote_syslog" ]] || [[ $exe == "remote_syslog (deleted)" ]]; then 45 | # Process is running 46 | return 0 47 | fi 48 | fi 49 | fi 50 | return 1 51 | } 52 | 53 | start(){ 54 | echo "Starting $prog" 55 | 56 | unset HOME MAIL USER USERNAME 57 | $prog -c $config --pid-file=$pid_file $EXTRAOPTIONS 58 | RETVAL=$? 59 | return $RETVAL 60 | } 61 | 62 | stop(){ 63 | echo "Stopping $prog..." 64 | if is_running; then 65 | kill -TERM `cat $pid_file` >/dev/null 2>&1 66 | sleep 1 67 | if is_running && sleep 1 && 68 | is_running && sleep 3 && 69 | is_running ; then 70 | kill -KILL `cat $pid_file` >/dev/null 2>&1 71 | sleep 1 72 | fi 73 | 74 | if is_running; then 75 | echo "Failed to kill process" 76 | RETVAL=1 77 | else 78 | echo "Stopped" 79 | RETVAL=0 80 | rm -f $pid_file 81 | fi 82 | else 83 | echo "Not running" 84 | RETVAL=0 85 | fi 86 | 87 | return $RETVAL 88 | } 89 | 90 | status(){ 91 | if (is_running); then 92 | echo "Running" 93 | RETVAL=0 94 | else 95 | echo "Not running" 96 | RETVAL=3 97 | fi 98 | 99 | return $RETVAL 100 | } 101 | 102 | reload(){ 103 | restart 104 | } 105 | 106 | restart(){ 107 | stop 108 | start 109 | } 110 | 111 | condrestart(){ 112 | is_running && restart 113 | return 0 114 | } 115 | 116 | 117 | # See how we were called. 118 | case "$1" in 119 | start) 120 | start 121 | ;; 122 | stop) 123 | stop 124 | ;; 125 | status) 126 | status 127 | ;; 128 | restart) 129 | restart 130 | ;; 131 | reload) 132 | reload 133 | ;; 134 | condrestart) 135 | condrestart 136 | ;; 137 | *) 138 | echo $"Usage: $0 {start|stop|status|restart|condrestart|reload}" 139 | RETVAL=1 140 | esac 141 | 142 | exit $RETVAL 143 | 144 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Chris Short 3 | description: Role for Deploying Papertrail and remote_syslog 4 | 5 | # If the issue tracker for your role is not on github, uncomment the 6 | # next line and provide a value 7 | # issue_tracker_url: http://example.com/issue/tracker 8 | 9 | # Some suggested licenses: 10 | # - BSD (default) 11 | # - MIT 12 | # - GPLv2 13 | # - GPLv3 14 | # - Apache 15 | # - CC-BY 16 | license: MIT 17 | 18 | min_ansible_version: 2.0 19 | 20 | # Optionally specify the branch Galaxy will use when accessing the GitHub 21 | # repo for this role. During role install, if no tags are available, 22 | # Galaxy will use this branch. During import Galaxy will access files on 23 | # this branch. If travis integration is cofigured, only notification for this 24 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 25 | # (usually master) will be used. 26 | #github_branch: 27 | 28 | # 29 | # Below are all platforms currently available. Just uncomment 30 | # the ones that apply to your role. If you don't see your 31 | # platform on this list, let us know and we'll get it added! 32 | # 33 | platforms: 34 | #- name: OpenBSD 35 | # versions: 36 | # - all 37 | # - 5.6 38 | # - 5.7 39 | # - 5.8 40 | # - 5.9 41 | # - 6.0 42 | #- name: Fedora 43 | # versions: 44 | # - all 45 | # - 16 46 | # - 17 47 | # - 18 48 | # - 19 49 | # - 20 50 | # - 21 51 | # - 22 52 | # - 23 53 | # - 24 54 | #- name: DellOS 55 | # versions: 56 | # - all 57 | # - 10 58 | # - 6 59 | # - 9 60 | #- name: MacOSX 61 | # versions: 62 | # - all 63 | # - 10.10 64 | # - 10.11 65 | # - 10.12 66 | # - 10.7 67 | # - 10.8 68 | # - 10.9 69 | #- name: Synology 70 | # versions: 71 | # - all 72 | # - any 73 | #- name: Junos 74 | # versions: 75 | # - all 76 | # - any 77 | #- name: GenericBSD 78 | # versions: 79 | # - all 80 | # - any 81 | #- name: Void Linux 82 | # versions: 83 | # - all 84 | # - any 85 | #- name: GenericLinux 86 | # versions: 87 | # - all 88 | # - any 89 | #- name: NXOS 90 | # versions: 91 | # - all 92 | # - any 93 | #- name: IOS 94 | # versions: 95 | # - all 96 | # - any 97 | #- name: Amazon 98 | # versions: 99 | # - all 100 | # - 2013.03 101 | # - 2013.09 102 | # - 2016.03 103 | #- name: ArchLinux 104 | # versions: 105 | # - all 106 | # - any 107 | #- name: FreeBSD 108 | # versions: 109 | # - all 110 | # - 10.0 111 | # - 10.1 112 | # - 10.2 113 | # - 10.3 114 | # - 11.0 115 | # - 8.0 116 | # - 8.1 117 | # - 8.2 118 | # - 8.3 119 | # - 8.4 120 | # - 9.0 121 | # - 9.1 122 | # - 9.1 123 | # - 9.2 124 | # - 9.3 125 | - name: Ubuntu 126 | versions: 127 | # - all 128 | # - lucid 129 | # - maverick 130 | # - natty 131 | # - oneiric 132 | # - precise 133 | # - quantal 134 | # - raring 135 | # - saucy 136 | # - trusty 137 | # - utopic 138 | # - vivid 139 | # - wily 140 | - xenial 141 | # - yakkety 142 | - name: Debian 143 | versions: 144 | # - all 145 | # - etch 146 | - jessie 147 | # - lenny 148 | # - sid 149 | # - squeeze 150 | # - stretch 151 | # - wheezy 152 | #- name: Alpine 153 | # versions: 154 | # - all 155 | # - any 156 | - name: EL 157 | versions: 158 | # - all 159 | # - 5 160 | - 6 161 | - 7 162 | #- name: Windows 163 | # versions: 164 | # - all 165 | # - 2012R2 166 | #- name: SmartOS 167 | # versions: 168 | # - all 169 | # - any 170 | #- name: opensuse 171 | # versions: 172 | # - all 173 | # - 12.1 174 | # - 12.2 175 | # - 12.3 176 | # - 13.1 177 | # - 13.2 178 | #- name: SLES 179 | # versions: 180 | # - all 181 | # - 10SP3 182 | # - 10SP4 183 | # - 11 184 | # - 11SP1 185 | # - 11SP2 186 | # - 11SP3 187 | # - 11SP4 188 | # - 12 189 | # - 12SP1 190 | #- name: GenericUNIX 191 | # versions: 192 | # - all 193 | # - any 194 | #- name: Solaris 195 | # versions: 196 | # - all 197 | # - 10 198 | # - 11.0 199 | # - 11.1 200 | # - 11.2 201 | # - 11.3 202 | #- name: eos 203 | # versions: 204 | # - all 205 | # - Any 206 | 207 | galaxy_tags: 208 | - papertrail 209 | - syslog 210 | - rsyslog 211 | - monitoring 212 | - system 213 | - logging 214 | # List tags for your role here, one per line. A tag is 215 | # a keyword that describes and categorizes the role. 216 | # Users find roles by searching for tags. Be sure to 217 | # remove the '[]' above if you add tags to this list. 218 | # 219 | # NOTE: A tag is limited to a single word comprised of 220 | # alphanumeric characters. Maximum 20 tags per role. 221 | 222 | dependencies: [] 223 | # List your role dependencies here, one per line. 224 | # Be sure to remove the '[]' above if you add dependencies 225 | # to this list. 226 | --------------------------------------------------------------------------------