Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

50 lines
1.6 KiB

---
- name: Install the Journal gateway
yum: name=systemd-journal-gateway
tags: logs
- name: Create journal storage directory
file: path=/var/log/journal/remote state=directory owner=systemd-journal-remote group=systemd-journal-remote mode=700
tags: logs
- name: Override systemd unit
template: src=systemd-journal-remote.service.j2 dest=/etc/systemd/system/systemd-journal-remote.service
notify: restart journal-remote
register: journal_remote_unit
tags: logs
- name: Reload systemd
command: systemctl daemon-reload
when: journal_remote_unit.changed
tags: logs
- name: Deploy journal-remote configuration
template: src=journal-remote.conf.j2 dest=/etc/systemd/journal-remote.conf
notify: restart journal-remote
tags: logs
- name: Create dehydrated hook dir
file: path=/etc/dehydrated/hooks_deploy_cert.d/ state=directory
tags: logs
- name: Deploy dehydrated hooks
template: src=dehydrated_hook.sh.j2 dest=/etc/dehydrated/hooks_deploy_cert.d/20journal-remote.sh mode=755
tags: logs
- name: Handle journal-remote ports
iptables_raw:
name: journal_remote_ports
state: "{{ (journal_remote_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ journal_remote_port }} -s {{ journal_remote_src_ip | join(',') }} -j ACCEPT"
when: iptables_manage | default(True)
tags: [firewall,logs]
- name: Disable journal-remote socket
service: name=systemd-journal-remote.socket state=stopped enabled=False
tags: logs
- name: Start journal-remote
service: name=systemd-journal-remote state=started enabled=True
tags: logs