26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
# File 'modules/base/manifests/remote_syslog.pp', line 26
class base::remote_syslog (
Boolean $enable,
Array[String] $central_hosts = [],
Array[String] $central_hosts_tls = [],
Enum['auth-logs', 'standard'] $send_logs = 'standard',
Integer $queue_size = 10000,
) {
$owner = 'root'
$group = 'root'
if $enable {
ensure_packages('rsyslog-gnutls')
if empty($central_hosts) and empty($central_hosts_tls) {
fail('::base::remote_syslog::central_hosts or central_hosts_tls required')
}
if ! empty($central_hosts_tls) {
file { '/etc/rsyslog':
ensure => 'directory',
owner => $owner,
group => $group,
mode => '0400',
before => Puppet::Expose_agent_certs['/etc/rsyslog'],
}
# TODO: consider using profile::pki::get_cert
puppet::expose_agent_certs { '/etc/rsyslog':
provide_private => true,
user => $owner,
group => $group,
}
}
rsyslog::conf { 'remote_syslog':
content => template('base/remote_syslog.conf.erb'),
priority => 30,
}
}
# No ensure=>absent handling is needed for the $enable == false case
# because ::rsyslog uses recursive purge to manage the files in its config
# directory. Simply not adding the file will cause Puppet to remove it if
# present.
}
|