Puppet Class: role::logging::mediawiki::udp2log

Defined in:
modules/role/manifests/logging/mediawiki/udp2log.pp

Overview

mediawiki udp2log instance. Does not use monitoring.

Parameters:

  • logstash_host (Any)
  • monitor (Any) (defaults to: true)
  • log_directory (Any) (defaults to: '/srv/mw-log')
  • rotate (Any) (defaults to: 1000)
  • forward_messages (Any) (defaults to: false)
  • mirror_destinations (Any) (defaults to: undef) 


3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
 
# File 'modules/role/manifests/logging/mediawiki/udp2log.pp', line 3

class role::logging::mediawiki::udp2log(
    $logstash_host,
    $monitor = true,
    $log_directory = '/srv/mw-log',
    $rotate = 1000,
    $forward_messages = false,
    $mirror_destinations = undef,
) {
    include profile::base::production
    include profile::firewall
    include profile::mediawiki::mwlog
    include profile::mediawiki::system_users
    # Include geoip databases and CLI.
    class { '::geoip': }

    class { '::udp2log':
        monitor          => $monitor,
        default_instance => false,
    }

    class { '::bsection': }

    ferm::rule { 'udp2log_accept_all_wikimedia':
        rule => 'saddr ($DOMAIN_NETWORKS) proto udp ACCEPT;',
    }

    ferm::rule { 'udp2log_notrack':
        table => 'raw',
        chain => 'PREROUTING',
        rule  => 'saddr ($DOMAIN_NETWORKS) proto udp NOTRACK;',
    }

    file { '/usr/local/bin/demux.py':
        mode   => '0555',
        owner  => 'root',
        group  => 'root',
        source => 'puppet:///modules/udp2log/demux.py',
    }

    file { '/usr/local/bin/udpmirror.py':
        mode   => '0555',
        owner  => 'root',
        group  => 'root',
        source => 'puppet:///modules/udp2log/udpmirror.py',
    }

    $logstash_port = 8324

    # udp_tee will by default bind 0.0.0.0:8420 and relay to localhost:8421
    class { '::profile::rsyslog::udp_tee': }

    udp2log::instance { 'mw':
        port                =>   8421,
        log_directory       =>   $log_directory,
        monitor_log_age     =>   false,
        monitor_processes   =>   false,
        rotate              =>   $rotate,
        forward_messages    =>   $forward_messages,
        mirror_destinations =>   $mirror_destinations,
        template_variables  => {
            # forwarding to logstash
            logstash_host => $logstash_host,
            logstash_port => $logstash_port,
        },
    }


    systemd::timer::job { 'mw-log-cleanup':
        ensure      => 'present',
        user        => 'root',
        description => 'cleanup mediawiki logs',
        command     => '/usr/local/bin/mw-log-cleanup',
        interval    => {'start' => 'OnCalendar', 'interval' => '*-*-* 02:00:00'},
        after       => 'logrotate.service',
    }

    file { '/usr/local/bin/mw-log-cleanup':
        owner  => 'root',
        group  => 'root',
        mode   => '0555',
        source => 'puppet:///modules/role/logging/mw-log-cleanup',
    }

    file { '/etc/profile.d/mw-log.sh':
        owner   => 'root',
        group   => 'root',
        mode    => '0555',
        content => "MW_LOG_DIRECTORY=${log_directory}\n",
    }

    file { '/usr/local/bin/fatalmonitor':
        ensure => absent
    }

    file { '/usr/local/bin/logspam-watch':
        owner  => 'root',
        group  => 'root',
        mode   => '0555',
        source => 'puppet:///modules/role/logging/logspam-watch.sh',
    }

    file { '/usr/local/bin/logspam':
        owner  => 'root',
        group  => 'root',
        mode   => '0555',
        source => 'puppet:///modules/role/logging/logspam.pl',
    }

}