From dbf5ec1ae328d1619ea63faefe2215863b099d15 Mon Sep 17 00:00:00 2001
From: Freezed <2160318-free_zed@users.noreply.gitlab.com>
Date: Sun, 13 Mar 2022 22:52:03 +0100
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Add=20OVH/LDP=20configuration?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- TODO: integration to [system_cfg](https://lab.frogg.it/fcode/ansible/debian/-/tree/stable/tasks/system_cfg)
- Product details: [OVH Log data platform](https://docs.ovh.com/fr/logs-data-platform/)
- Tutorial followed: [How to log your Linux with syslog-ng 3.8+](https://docs.ovh.com/fr/logs-data-platform/how-to-log-your-linux/)
---
 Makefile                    |  1 +
 inventory.sample            |  4 ++++
 tasks/ldp.yml               | 28 ++++++++++++++++++++++++++++
 tasks/templates/ldp.conf.j2 | 32 ++++++++++++++++++++++++++++++++
 4 files changed, 65 insertions(+)
 create mode 100644 tasks/ldp.yml
 create mode 100644 tasks/templates/ldp.conf.j2

diff --git a/Makefile b/Makefile
index 7413eaf..2a7c838 100644
--- a/Makefile
+++ b/Makefile
@@ -9,6 +9,7 @@ open_all:
 	${EDITOR} .gitignore inv* Makefile README.md
 	${EDITOR} tasks/*.yml
 	${EDITOR} tasks/files/sshd_config
+	${EDITOR} tasks/templates/*.j2
 	${EDITOR} tasks/system_cfg/*.yml
 	${EDITOR} tasks/system_cfg/templates/*.j2
 	${EDITOR} tasks/user_cfg/*.yml
diff --git a/inventory.sample b/inventory.sample
index 1190cb6..2828b70 100644
--- a/inventory.sample
+++ b/inventory.sample
@@ -20,3 +20,7 @@ timezone="UTC"
 
 [workstation:vars]
 timezone="Europe/Paris"
+
+[all:vars]
+ldp_token="put-yours-here"
+ldp_zone="put-yours-here"
diff --git a/tasks/ldp.yml b/tasks/ldp.yml
new file mode 100644
index 0000000..c8e06b8
--- /dev/null
+++ b/tasks/ldp.yml
@@ -0,0 +1,28 @@
+---
+- hosts: "{{ host_list }}"
+  remote_user: root
+
+  tasks:
+    - name: LDP | install packages
+      ansible.builtin.apt:
+        cache_valid_time: 3600
+        force_apt_get: yes
+        pkg:
+          - syslog-ng
+          - ca-certificates
+        state: present
+        update_cache: true
+
+    - name: LDP | syslog-ng config
+      ansible.builtin.template:
+        src: templates/ldp.conf.j2
+        dest: "/etc/syslog-ng/conf.d/ldp.conf"
+        mode: 0640
+        owner: root
+        group: root
+
+    - name: LDP | restart syslog-ng deamon
+      ansible.builtin.systemd:
+        state: restarted
+        daemon_reload: yes
+        name: syslog-ng
diff --git a/tasks/templates/ldp.conf.j2 b/tasks/templates/ldp.conf.j2
new file mode 100644
index 0000000..6119353
--- /dev/null
+++ b/tasks/templates/ldp.conf.j2
@@ -0,0 +1,32 @@
+template ovhTemplate {
+    # Source: https://docs.ovh.com/fr/logs-data-platform/how-to-log-your-linux/
+
+    template("<${LEVEL_NUM}>1 ${ISODATE} ${HOST} ${PROGRAM} ${PID} - [sdid@32473 X-OVH-TOKEN=\"{{ ldp_token }}\" pid=\"${PID}\" facility=\"${FACILITY}\" priority=\"${PRIORITY}\"] ${MSG}\n");
+    template_escape(no);
+};
+
+destination ovhPaaSLogs {
+    network("{{ ldp_zone }}.logs.ovh.com"
+        port(6514),
+        template(ovhTemplate),
+        ts_format("iso"),
+        transport("tls"),
+        tls(peer-verify("required-trusted") ca_dir("/etc/ssl/certs/")),
+        keep-alive(yes),
+        so_keepalive(yes),
+    );
+};
+
+destination localfile {
+    file("/var/log/temporaryfiletochecklogs.log");
+};
+
+log {
+     source(s_src);
+     destination(ovhPaaSLogs);
+};
+
+log {
+     source(s_src);
+     destination(localfile);
+};
-- 
GitLab