From 200a8d3472296a6fd09d77462ae842eeee275083 Mon Sep 17 00:00:00 2001 From: james Date: Tue, 10 Dec 2024 22:23:01 -0500 Subject: [PATCH 01/61] init --- .github/workflows/deploy.yaml | 20 +++++ .github/workflows/deploy_syslog.yaml | 87 +++++++++++++++++++ .gitignore | 1 + ansible/ansible.cfg | 8 ++ ansible/inventory.yaml | 3 + .../log_collector/files/10-mikrotik.conf | 2 + .../roles/log_collector/files/rsyslog.conf | 70 +++++++++++++++ ansible/roles/log_collector/tasks/main.yaml | 57 ++++++++++++ .../log_collector/templates/datadog.conf.j2 | 14 +++ ansible/syslog.yaml | 4 + terraform/ansible.tf | 16 ++++ terraform/lxc.tf | 28 ++++++ terraform/prod3.tfvars | 5 ++ terraform/provider.tf | 24 +++++ terraform/vars.tf | 83 ++++++++++++++++++ 15 files changed, 422 insertions(+) create mode 100644 .github/workflows/deploy.yaml create mode 100644 .github/workflows/deploy_syslog.yaml create mode 100644 .gitignore create mode 100644 ansible/ansible.cfg create mode 100644 ansible/inventory.yaml create mode 100644 ansible/roles/log_collector/files/10-mikrotik.conf create mode 100644 ansible/roles/log_collector/files/rsyslog.conf create mode 100644 ansible/roles/log_collector/tasks/main.yaml create mode 100644 ansible/roles/log_collector/templates/datadog.conf.j2 create mode 100644 ansible/syslog.yaml create mode 100644 terraform/ansible.tf create mode 100644 terraform/lxc.tf create mode 100644 terraform/prod3.tfvars create mode 100644 terraform/provider.tf create mode 100644 terraform/vars.tf diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml new file mode 100644 index 0000000..9669e37 --- /dev/null +++ b/.github/workflows/deploy.yaml @@ -0,0 +1,20 @@ +name: Deploy Environments +permissions: read-all + +on: + push: + branches: + - master + - james/init + workflow_dispatch: + branches: + - master + +jobs: + deploy_prod3: + name: Deploy prod3 + uses: ./.github/workflows/deploy_syslog.yaml + with: + environment: prod3 + secrets: inherit + #if: github.ref == 'refs/heads/master' diff --git a/.github/workflows/deploy_syslog.yaml b/.github/workflows/deploy_syslog.yaml new file mode 100644 index 0000000..539a759 --- /dev/null +++ b/.github/workflows/deploy_syslog.yaml @@ -0,0 +1,87 @@ +name: Deploy Syslog Infra +permissions: read-all + +on: + workflow_call: + inputs: + environment: + required: true + type: string + +env: + # Secrets + TF_VAR_proxmox_host: ${{ secrets.TF_VAR_PROXMOX_HOST }} + TF_VAR_proxmox_token_id: ${{ secrets.TF_VAR_PROXMOX_TOKEN_ID }} + TF_VAR_proxmox_token_secret: ${{ secrets.TF_VAR_PROXMOX_TOKEN_SECRET }} + TF_VAR_local_password: ${{ secrets.TF_VAR_LOCAL_PASSWORD }} + TF_VAR_datadog_api_key: ${{ secrets.DATADOG_API_KEY }} + TF_VAR_datadog_site: ${{ secrets.DATADOG_SITE }} + # Credentials for deployment to AWS + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + # S3 bucket for the Terraform state + BUCKET_TF_STATE: ${{ secrets.BUCKET_TF_STATE}} + +jobs: + deploy: + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + steps: + - name: Checkout + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # @v4 + + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d #@v5 + with: + python-version: '3.11' + + - name: Setup ansible + run: pip install ansible && export PATH="$HOME/.local/bin:$PATH" && ansible-galaxy collection install cloud.terraform && ansible-galaxy collection install datadog.dd + + - name: Setup Terraform with specified version on the runner + uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # @v3 + with: + terraform_version: 1.8.3 + + - name: Setup backend + run: | + echo "bucket = \"${{ secrets.BUCKET_TF_STATE }}\"" > backend.tfvars + echo "key = \"terraform/state/syslog-${{ inputs.environment }}.tfstate\"" >> backend.tfvars + working-directory: ./terraform/ + + - name: Terraform init + id: init + run: terraform init -backend-config=backend.tfvars + working-directory: ./terraform/ + + - name: Terraform format + id: fmt + run: terraform fmt -check + working-directory: ./terraform/ + + - name: Terraform validate + run: | + echo "${{ secrets.SSH_PRIVATE_KEY }}" > logssh + echo "${{ secrets.SSH_PUBLIC_KEY }}" > logssh.pub + chmod 600 logssh + chmod 600 logssh.pub + terraform validate + working-directory: ./terraform/ + + - name: Setup WireGuard + run: | + sudo apt-get update && sudo apt-get install -y wireguard + echo "${{ secrets.WIREGUARD_PRIVATE_KEY }}" > privatekey + sudo ip link add dev wg0 type wireguard + sudo ip address add dev wg0 ${{ secrets.WIREGUARD_OVERLAY_NETWORK_IP }} peer ${{ secrets.WIREGUARD_PEER }} + sudo wg set wg0 listen-port 48123 private-key privatekey peer ${{ secrets.WIREGUARD_PEER_PUBLIC_KEY }} allowed-ips 0.0.0.0/0 endpoint ${{ secrets.WIREGUARD_ENDPOINT }} + sudo ip link set up dev wg0 + rm privatekey + + - name: Terraform Apply + run: | + terraform apply -auto-approve -input=false -var-file=${{ inputs.environment }}.tfvars + working-directory: ./terraform/ + + - name: Run playbook + run: sleep 20 && export PATH="$HOME/.local/bin:$PATH" && ansible-playbook -i inventory.yaml syslog.yaml + working-directory: ./ansible/ diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8fce603 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +data/ diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg new file mode 100644 index 0000000..87d5391 --- /dev/null +++ b/ansible/ansible.cfg @@ -0,0 +1,8 @@ +[defaults] +host_key_checking = False +callbacks_enabled = timer, profile_tasks, profile_roles +gathering = 'explicit' +pipelining = True + +[ssh_connection] +ssh_args = '-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o CheckHostIP=no -o ControlMaster=auto -o ControlPersist=60s' diff --git a/ansible/inventory.yaml b/ansible/inventory.yaml new file mode 100644 index 0000000..4d39cd4 --- /dev/null +++ b/ansible/inventory.yaml @@ -0,0 +1,3 @@ +--- +plugin: cloud.terraform.terraform_provider +project_path: "../terraform" diff --git a/ansible/roles/log_collector/files/10-mikrotik.conf b/ansible/roles/log_collector/files/10-mikrotik.conf new file mode 100644 index 0000000..eda0868 --- /dev/null +++ b/ansible/roles/log_collector/files/10-mikrotik.conf @@ -0,0 +1,2 @@ +# Mikrotik Logs Conf +if ($fromhost-ip != "127.0.0.1" ) then /var/log/mikrotik.log diff --git a/ansible/roles/log_collector/files/rsyslog.conf b/ansible/roles/log_collector/files/rsyslog.conf new file mode 100644 index 0000000..db39752 --- /dev/null +++ b/ansible/roles/log_collector/files/rsyslog.conf @@ -0,0 +1,70 @@ +# /etc/rsyslog.conf configuration file for rsyslog +# +# For more information install rsyslog-doc and see +# /usr/share/doc/rsyslog-doc/html/configuration/index.html + + +################# +#### MODULES #### +################# + +module(load="imuxsock") # provides support for local system logging +module(load="imklog") # provides kernel logging support +module(load="imfile", PollingInterval="10") # for datadog +#module(load="immark") # provides --MARK-- message capability + +# provides UDP syslog reception +module(load="imudp") +input(type="imudp" port="514") + +# provides TCP syslog reception +module(load="imtcp") +input(type="imtcp" port="514") + + +########################### +#### GLOBAL DIRECTIVES #### +########################### + +# +# Set the default permissions for all log files. +# +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + +# +# Where to place spool and state files +# +$WorkDirectory /var/spool/rsyslog + +# +# Include all config files in /etc/rsyslog.d/ +# +$IncludeConfig /etc/rsyslog.d/*.conf + + +############### +#### RULES #### +############### + +# +# Log anything besides private authentication messages to a single log file +# +*.*;auth,authpriv.none -/var/log/syslog + +# +# Log commonly used facilities to their own log file +# +auth,authpriv.* /var/log/auth.log +cron.* -/var/log/cron.log +kern.* -/var/log/kern.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log + +# +# Emergencies are sent to everybody logged in. +# +*.emerg :omusrmsg:* diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml new file mode 100644 index 0000000..d03b097 --- /dev/null +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -0,0 +1,57 @@ +- name: Install deps + ansible.builtin.apt: + lock_timeout: 240 + update_cache: true + pkg: + - ca-certificates + - iptables-persistent + #- bird2 + - rsyslog + - rsyslog-gnutls + +- name: Import the Datadog Agent role from the Datadog collection + ansible.builtin.import_role: + name: datadog.dd.agent + vars: + datadog_api_key: "{{ DATADOG_API_KEY }}" + datadog_site: "{{ DATADOG_SITE }}" + datadog_config: + hostname: "{{ VM_HOSTNAME }}" + logs_enabled: true + datadog_additional_groups: "systemd-journal" + datadog_checks: + logs: + - type: journald + path: /var/log/journal/ + - type: file + path: "/var/log/mikrotik.log" + service: "mesh_devices" + source: "mikrotik" + +- name: Rsyslog main config + ansible.builtin.copy: + src: ../files/rsyslog.conf + dest: /etc/rsyslog.conf + +- name: Rsyslog mikrotik config + ansible.builtin.copy: + src: ../files/10-mikrotik.conf + dest: /etc/rsyslog.d/10-mikrotik.conf + +# - name: Rsyslog datadog config +# ansible.builtin.template: +# src: ../templates/datadog.conf.j2 +# dest: /etc/rsyslog.d/20-datadog.conf + +- name: Reload rsyslog + ansible.builtin.systemd_service: + name: rsyslog + state: restarted + enabled: true + daemon_reload: true + +- name: Reload datadog + ansible.builtin.systemd_service: + name: datadog-agent + state: restarted + enabled: true diff --git a/ansible/roles/log_collector/templates/datadog.conf.j2 b/ansible/roles/log_collector/templates/datadog.conf.j2 new file mode 100644 index 0000000..c0acf10 --- /dev/null +++ b/ansible/roles/log_collector/templates/datadog.conf.j2 @@ -0,0 +1,14 @@ +input(type="imfile" ruleset="infiles" Tag="mikrotik" File="/var/log/mikrotik.log") + +## Set the Datadog Format to send the logs +$template DatadogFormat,"{{ DATADOG_API_KEY }} <%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% - - - %msg%\n" + +#ruleset(name="infiles") { +# action(type="omfwd" protocol="tcp" target="intake.logs.{{ DATADOG_SITE }}" port="10514" template="DatadogFormat") +#} + +## Define the destination for the logs - Use TLS +$DefaultNetstreamDriverCAFile /etc/ssl/certs/ca-certificates.crt +ruleset(name="infiles") { + action(type="omfwd" protocol="tcp" target="intake.logs.datadoghq.com" port="10516" template="DatadogFormat" StreamDriver="gtls" StreamDriverMode="1" StreamDriverAuthMode="x509/name" StreamDriverPermittedPeers="*.logs.datadoghq.com" ) +} diff --git a/ansible/syslog.yaml b/ansible/syslog.yaml new file mode 100644 index 0000000..e87fcb7 --- /dev/null +++ b/ansible/syslog.yaml @@ -0,0 +1,4 @@ +- hosts: syslog_mgt + become: true + roles: + - role: log_collector diff --git a/terraform/ansible.tf b/terraform/ansible.tf new file mode 100644 index 0000000..e7915db --- /dev/null +++ b/terraform/ansible.tf @@ -0,0 +1,16 @@ +resource "ansible_group" "syslog_mgt_group" { + name = "syslog_mgt" + variables = { + ansible_user = var.mesh_local_user + ansible_ssh_private_key_file = "../terraform/logssh" + ansible_ssh_common_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" + DATADOG_API_KEY = var.datadog_api_key + DATADOG_SITE = var.datadog_site + VM_HOSTNAME = var.hostname + } +} + +resource "ansible_host" "syslog_mgt" { + name = var.vm_mgt_ip + groups = [ansible_group.monitor_mgt_group.name] +} diff --git a/terraform/lxc.tf b/terraform/lxc.tf new file mode 100644 index 0000000..7cc7d9d --- /dev/null +++ b/terraform/lxc.tf @@ -0,0 +1,28 @@ +resource "proxmox_lxc" "monitoring_host" { + target_node = var.proxmox_node + hostname = var.hostname + description = "Monitoring host managed IaC via https://github.com/nycmesh/syslog-infra" + ostemplate = var.system_image + password = var.local_password + cores = 2 + memory = 1024 + unprivileged = true + start = true + onboot = true + + ssh_public_keys = file("${path.root}/logssh.pub") + + rootfs { + storage = var.proxmox_storage_location + size = "50G" + } + + network { + name = "eth0" + bridge = var.vm_nic + ip = "${var.vm_mgt_ip}/${var.internal_host_identifier}" + gw = var.vm_mgt_default_gateway + } + + tags = "syslog,managed_by_iac" +} diff --git a/terraform/prod3.tfvars b/terraform/prod3.tfvars new file mode 100644 index 0000000..8ab05aa --- /dev/null +++ b/terraform/prod3.tfvars @@ -0,0 +1,5 @@ +proxmox_node = "jon" +proxmox_storage_location = "local-lvm" +hostname = "nycmesh-713-syslog-1" +vm_mgt_ip = "110.70.90.56" +vm_mgt_default_gateway = "10.70.90.1" diff --git a/terraform/provider.tf b/terraform/provider.tf new file mode 100644 index 0000000..cf9dc01 --- /dev/null +++ b/terraform/provider.tf @@ -0,0 +1,24 @@ +terraform { + backend "s3" { + region = "us-east-1" + } + required_providers { + ansible = { + source = "ansible/ansible" + version = "1.3.0" + } + proxmox = { + source = "telmate/proxmox" + version = "3.0.1-rc1" + } + } +} +provider "proxmox" { + # Configuration options + pm_api_url = "https://${var.proxmox_host}:8006/api2/json" + # TODO: Setup cert + pm_tls_insecure = true + pm_debug = true + pm_api_token_id = var.proxmox_token_id + pm_api_token_secret = var.proxmox_token_secret +} diff --git a/terraform/vars.tf b/terraform/vars.tf new file mode 100644 index 0000000..9fbd4da --- /dev/null +++ b/terraform/vars.tf @@ -0,0 +1,83 @@ +variable "proxmox_host" { + type = string + description = "proxmox host" +} + +variable "proxmox_token_id" { + type = string + description = "proxmox token id" + sensitive = true +} + +variable "proxmox_token_secret" { + type = string + description = "proxmox token secret" + sensitive = true +} + +variable "proxmox_node" { + type = string + description = "name of the proxmox node" +} + +variable "proxmox_storage_location" { + type = string + description = "target resource pool on the proxmox server" +} + +variable "hostname" { + type = string + description = "hostname of the lxc" +} + +variable "system_image" { + type = string + description = "system image for the lxc" + default = "local:vztmpl/debian-12-standard_12.2-1_amd64.tar.zst" +} + +variable "mesh_local_user" { + type = string + description = "local user username" + default = "root" +} + +variable "local_password" { + type = string + description = "password for the local user" + sensitive = true +} + +variable "vm_nic" { + type = string + description = "nic for the vm" + default = "vmbr0" +} + +variable "vm_mgt_ip" { + type = string + description = "IP for the managment interface" +} + +variable "internal_host_identifier" { + type = string + description = "Host identifier for the internal network interface eth0" + default = "24" +} + +variable "vm_mgt_default_gateway" { + type = string + description = "IP of the default gateway of the managment interface" +} + +variable "datadog_api_key" { + type = string + description = "datadog API key" + sensitive = true +} + +variable "datadog_site" { + type = string + description = "datadog site url" + sensitive = true +} From 9740f7113df1cf27b98e01c9173b6d9ed3b247f9 Mon Sep 17 00:00:00 2001 From: james Date: Tue, 10 Dec 2024 22:36:48 -0500 Subject: [PATCH 02/61] init --- terraform/ansible.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/ansible.tf b/terraform/ansible.tf index e7915db..4af5169 100644 --- a/terraform/ansible.tf +++ b/terraform/ansible.tf @@ -12,5 +12,5 @@ resource "ansible_group" "syslog_mgt_group" { resource "ansible_host" "syslog_mgt" { name = var.vm_mgt_ip - groups = [ansible_group.monitor_mgt_group.name] + groups = [ansible_group.syslog_mgt_group.name] } From 83d2158e69da2f3669e6e512d06dec329a83e9f9 Mon Sep 17 00:00:00 2001 From: james Date: Tue, 10 Dec 2024 22:39:55 -0500 Subject: [PATCH 03/61] init --- terraform/prod3.tfvars | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/prod3.tfvars b/terraform/prod3.tfvars index 8ab05aa..b03a77b 100644 --- a/terraform/prod3.tfvars +++ b/terraform/prod3.tfvars @@ -1,5 +1,5 @@ proxmox_node = "jon" proxmox_storage_location = "local-lvm" hostname = "nycmesh-713-syslog-1" -vm_mgt_ip = "110.70.90.56" +vm_mgt_ip = "10.70.90.56" vm_mgt_default_gateway = "10.70.90.1" From 488499ee12271037de14d9c38cfc9ad02c3619ac Mon Sep 17 00:00:00 2001 From: james Date: Tue, 10 Dec 2024 23:03:57 -0500 Subject: [PATCH 04/61] init --- ansible/roles/log_collector/tasks/main.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index d03b097..efafb20 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -20,9 +20,10 @@ logs_enabled: true datadog_additional_groups: "systemd-journal" datadog_checks: - logs: + journald: - type: journald path: /var/log/journal/ + mesh_devices: - type: file path: "/var/log/mikrotik.log" service: "mesh_devices" From a9d0b0fa809cda0faed6cf4cf968ce459d4841fd Mon Sep 17 00:00:00 2001 From: james Date: Tue, 10 Dec 2024 23:12:08 -0500 Subject: [PATCH 05/61] init --- ansible/roles/log_collector/tasks/main.yaml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index efafb20..f96fc70 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -21,13 +21,15 @@ datadog_additional_groups: "systemd-journal" datadog_checks: journald: - - type: journald - path: /var/log/journal/ + logs: + - type: journald + path: /var/log/journal/ mesh_devices: - - type: file - path: "/var/log/mikrotik.log" - service: "mesh_devices" - source: "mikrotik" + logs: + - type: file + path: "/var/log/mikrotik.log" + service: "mesh_devices" + source: "mikrotik" - name: Rsyslog main config ansible.builtin.copy: From 576a8c043ba170585fa8f06f96c0d59e7da75099 Mon Sep 17 00:00:00 2001 From: james Date: Tue, 10 Dec 2024 23:46:34 -0500 Subject: [PATCH 06/61] init --- ansible/roles/log_collector/files/rsyslog.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/log_collector/files/rsyslog.conf b/ansible/roles/log_collector/files/rsyslog.conf index db39752..b62914e 100644 --- a/ansible/roles/log_collector/files/rsyslog.conf +++ b/ansible/roles/log_collector/files/rsyslog.conf @@ -30,7 +30,7 @@ input(type="imtcp" port="514") # Set the default permissions for all log files. # $FileOwner root -$FileGroup adm +$FileGroup dd-agent $FileCreateMode 0640 $DirCreateMode 0755 $Umask 0022 From b1859f85393c1c4f29e790e7ac0832f50a241e9c Mon Sep 17 00:00:00 2001 From: james Date: Tue, 10 Dec 2024 23:54:13 -0500 Subject: [PATCH 07/61] init --- ansible/roles/log_collector/files/rsyslog.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/log_collector/files/rsyslog.conf b/ansible/roles/log_collector/files/rsyslog.conf index b62914e..3aefd0c 100644 --- a/ansible/roles/log_collector/files/rsyslog.conf +++ b/ansible/roles/log_collector/files/rsyslog.conf @@ -10,7 +10,7 @@ module(load="imuxsock") # provides support for local system logging module(load="imklog") # provides kernel logging support -module(load="imfile", PollingInterval="10") # for datadog +#module(load="imfile", PollingInterval="10") # for datadog #module(load="immark") # provides --MARK-- message capability # provides UDP syslog reception From 9d96d5e5703038c8b92db3bc4c9755294680b434 Mon Sep 17 00:00:00 2001 From: james Date: Wed, 11 Dec 2024 00:38:19 -0500 Subject: [PATCH 08/61] init --- ansible/roles/log_collector/files/rsyslog.conf | 1 - ansible/roles/log_collector/tasks/main.yaml | 6 ------ 2 files changed, 7 deletions(-) diff --git a/ansible/roles/log_collector/files/rsyslog.conf b/ansible/roles/log_collector/files/rsyslog.conf index 3aefd0c..92b1526 100644 --- a/ansible/roles/log_collector/files/rsyslog.conf +++ b/ansible/roles/log_collector/files/rsyslog.conf @@ -10,7 +10,6 @@ module(load="imuxsock") # provides support for local system logging module(load="imklog") # provides kernel logging support -#module(load="imfile", PollingInterval="10") # for datadog #module(load="immark") # provides --MARK-- message capability # provides UDP syslog reception diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index f96fc70..1f94a23 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -7,7 +7,6 @@ - iptables-persistent #- bird2 - rsyslog - - rsyslog-gnutls - name: Import the Datadog Agent role from the Datadog collection ansible.builtin.import_role: @@ -41,11 +40,6 @@ src: ../files/10-mikrotik.conf dest: /etc/rsyslog.d/10-mikrotik.conf -# - name: Rsyslog datadog config -# ansible.builtin.template: -# src: ../templates/datadog.conf.j2 -# dest: /etc/rsyslog.d/20-datadog.conf - - name: Reload rsyslog ansible.builtin.systemd_service: name: rsyslog From 3c25601dba4f195091c43d7e3b0ca5505ea5763c Mon Sep 17 00:00:00 2001 From: james Date: Wed, 11 Dec 2024 00:39:05 -0500 Subject: [PATCH 09/61] init --- .../roles/log_collector/templates/datadog.conf.j2 | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 ansible/roles/log_collector/templates/datadog.conf.j2 diff --git a/ansible/roles/log_collector/templates/datadog.conf.j2 b/ansible/roles/log_collector/templates/datadog.conf.j2 deleted file mode 100644 index c0acf10..0000000 --- a/ansible/roles/log_collector/templates/datadog.conf.j2 +++ /dev/null @@ -1,14 +0,0 @@ -input(type="imfile" ruleset="infiles" Tag="mikrotik" File="/var/log/mikrotik.log") - -## Set the Datadog Format to send the logs -$template DatadogFormat,"{{ DATADOG_API_KEY }} <%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% - - - %msg%\n" - -#ruleset(name="infiles") { -# action(type="omfwd" protocol="tcp" target="intake.logs.{{ DATADOG_SITE }}" port="10514" template="DatadogFormat") -#} - -## Define the destination for the logs - Use TLS -$DefaultNetstreamDriverCAFile /etc/ssl/certs/ca-certificates.crt -ruleset(name="infiles") { - action(type="omfwd" protocol="tcp" target="intake.logs.datadoghq.com" port="10516" template="DatadogFormat" StreamDriver="gtls" StreamDriverMode="1" StreamDriverAuthMode="x509/name" StreamDriverPermittedPeers="*.logs.datadoghq.com" ) -} From de11abb26614365211c6c1641d7264d0247af68d Mon Sep 17 00:00:00 2001 From: james-otten Date: Thu, 19 Dec 2024 20:56:31 -0500 Subject: [PATCH 10/61] bird --- .github/workflows/ansible_lint.yaml | 16 ++ .github/workflows/deploy.yaml | 11 +- .gitignore | 1 + .../roles/log_collector/files/bird.service | 17 ++ ansible/roles/log_collector/tasks/main.yaml | 39 ++- .../log_collector/templates/bird.conf.j2 | 231 ++++++++++++++++++ .../templates/netplan_lo.yaml.j2 | 10 + ansible/syslog.yaml | 3 +- terraform/ansible.tf | 4 + terraform/prod2.tfvars | 9 + terraform/prod3.tfvars | 3 + terraform/vars.tf | 21 ++ 12 files changed, 360 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/ansible_lint.yaml create mode 100644 ansible/roles/log_collector/files/bird.service create mode 100644 ansible/roles/log_collector/templates/bird.conf.j2 create mode 100644 ansible/roles/log_collector/templates/netplan_lo.yaml.j2 create mode 100644 terraform/prod2.tfvars diff --git a/.github/workflows/ansible_lint.yaml b/.github/workflows/ansible_lint.yaml new file mode 100644 index 0000000..627c19e --- /dev/null +++ b/.github/workflows/ansible_lint.yaml @@ -0,0 +1,16 @@ +name: ansible-lint +on: + pull_request: +jobs: + build: + name: Ansible Lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Run ansible-lint + uses: ansible/ansible-lint@c629b235398065e24ff44b5f1138028642c74a03 + with: + args: "" + setup_python: "true" + working_directory: "./ansible/" + requirements_file: "" diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 9669e37..93c0793 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -11,10 +11,19 @@ on: - master jobs: + deploy_prod2: + name: Deploy prod2 + uses: ./.github/workflows/deploy_syslog.yaml + with: + environment: prod2 + secrets: inherit + #if: github.ref == 'refs/heads/master' + deploy_prod3: name: Deploy prod3 uses: ./.github/workflows/deploy_syslog.yaml with: environment: prod3 secrets: inherit - #if: github.ref == 'refs/heads/master' + needs: deploy_prod2 + if: github.ref == 'refs/heads/master' diff --git a/.gitignore b/.gitignore index 8fce603..39ef9b0 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ data/ +.vscode/ diff --git a/ansible/roles/log_collector/files/bird.service b/ansible/roles/log_collector/files/bird.service new file mode 100644 index 0000000..bb61884 --- /dev/null +++ b/ansible/roles/log_collector/files/bird.service @@ -0,0 +1,17 @@ +[Unit] +Description=BIRD Internet Routing Daemon +# Bind to and start after rsyslog so that the IP is only announced when rsyslog is running +#After=network.target +After=network.target,rsyslog.service +BindsTo=rsyslog.service + +[Service] +EnvironmentFile=/etc/bird/envvars +ExecStartPre=/usr/lib/bird/prepare-environment +ExecStartPre=/usr/sbin/bird -p +ExecReload=/usr/sbin/birdc configure +ExecStart=/usr/sbin/bird -f -u $BIRD_RUN_USER -g $BIRD_RUN_GROUP $BIRD_ARGS +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index 1f94a23..8759cfc 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -5,9 +5,26 @@ pkg: - ca-certificates - iptables-persistent - #- bird2 + - bird2 - rsyslog +- name: Bird systemd unit + ansible.builtin.copy: + src: bird.service + dest: /lib/systemd/system/bird.service + mode: "0644" + +- name: Netplan lo interface + ansible.builtin.template: + src: netplan_lo.yaml.j2 + dest: /etc/netplan/lo.yaml + mode: "600" + +- name: Netplan apply + ansible.builtin.command: + cmd: "bash -c 'netplan apply && touch /tmp/netplan_applied'" + creates: /tmp/netplan_applied + - name: Import the Datadog Agent role from the Datadog collection ansible.builtin.import_role: name: datadog.dd.agent @@ -32,13 +49,15 @@ - name: Rsyslog main config ansible.builtin.copy: - src: ../files/rsyslog.conf + src: rsyslog.conf dest: /etc/rsyslog.conf + mode: "600" - name: Rsyslog mikrotik config ansible.builtin.copy: - src: ../files/10-mikrotik.conf + src: 10-mikrotik.conf dest: /etc/rsyslog.d/10-mikrotik.conf + mode: "644" - name: Reload rsyslog ansible.builtin.systemd_service: @@ -52,3 +71,17 @@ name: datadog-agent state: restarted enabled: true + +- name: Bird config + ansible.builtin.template: + src: bird.conf.j2 + dest: /etc/bird/bird.conf + mode: "640" + owner: "bird" + group: "bird" + +- name: Reload bird + ansible.builtin.systemd_service: + name: bird + state: reloaded + enabled: true diff --git a/ansible/roles/log_collector/templates/bird.conf.j2 b/ansible/roles/log_collector/templates/bird.conf.j2 new file mode 100644 index 0000000..e20c676 --- /dev/null +++ b/ansible/roles/log_collector/templates/bird.conf.j2 @@ -0,0 +1,231 @@ +# Managed by ansible + +# This is a basic configuration file, which contains boilerplate options and +# some basic examples. It allows the BIRD daemon to start but will not cause +# anything else to happen. +# +# Please refer to the BIRD User's Guide documentation, which is also available +# online at http://bird.network.cz/ in HTML format, for more information on +# configuring BIRD and adding routing protocols. + +# Configure logging +log syslog all; +# log "/var/log/bird.log" { debug, trace, info, remote, warning, error, auth, fatal, bug }; + +# Set router ID. It is a unique identification of your router, usually one of +# IPv4 addresses of the router. It is recommended to configure it explicitly. +router id {{ ROUTER_ID }}; + +# Turn on global debugging of all protocols (all messages or just selected classes) +# debug protocols all; +# debug protocols { events, states }; + +# Turn on internal watchdog +# watchdog warning 5 s; +# watchdog timeout 30 s; + +# You can define your own constants +# define my_asn = 65000; +# define my_addr = 198.51.100.1; + +# Tables master4 and master6 are defined by default +# ipv4 table master4; +# ipv6 table master6; + +# Define more tables, e.g. for policy routing or as MRIB +# ipv4 table mrib4; +# ipv6 table mrib6; + +# The Device protocol is not a real routing protocol. It does not generate any +# routes and it only serves as a module for getting information about network +# interfaces from the kernel. It is necessary in almost any configuration. +protocol device { + scan time 10; +} + +# The direct protocol is not a real routing protocol. It automatically generates +# direct routes to all network interfaces. Can exist in as many instances as you +# wish if you want to populate multiple routing tables with direct routes. +protocol direct { + #disabled; # Disable by default + ipv4; # Connect to default IPv4 table + ipv6; # ... and to default IPv6 table +} + +# The Kernel protocol is not a real routing protocol. Instead of communicating +# with other routers in the network, it performs synchronization of BIRD +# routing tables with the OS kernel. One instance per table. +protocol kernel { + persist; + scan time 10; + ipv4 { # Connect protocol to IPv4 table by channel +# table master4; # Default IPv4 table is master4 + import all; # Import to table, default is import all + export all; # Export to protocol. default is export none + }; + learn; # Learn alien routes from the kernel +# kernel table 10; # Kernel table to synchronize with (default: main) +} + +# Another instance for IPv6, skipping default options +#protocol kernel { +# ipv6 { export all; }; +#} + +# Static routes (Again, there can be multiple instances, for different address +# families and to disable/enable various groups of static routes on the fly). +protocol static { + ipv4; # Again, IPv4 channel with default options + +# route 0.0.0.0/0 via 198.51.100.10; +# route 192.0.2.0/24 blackhole; +# route 10.0.0.0/8 unreachable; +# route 10.2.0.0/24 via "eth0"; +# # Static routes can be defined with optional attributes +# route 10.1.1.0/24 via 198.51.100.3 { rip_metric = 3; }; +# route 10.1.2.0/24 via 198.51.100.3 { ospf_metric1 = 100; }; +# route 10.1.3.0/24 via 198.51.100.4 { ospf_metric2 = 100; }; +} + +# Pipe protocol connects two routing tables. Beware of loops. +# protocol pipe { +# table master4; # No ipv4/ipv6 channel definition like in other protocols +# peer table mrib4; +# import all; # Direction peer table -> table +# export all; # Direction table -> peer table +# } + +# RIP example, both RIP and RIPng are supported +# protocol rip { +# ipv4 { +# # Export direct, static routes and ones from RIP itself +# import all; +# export where source ~ [ RTS_DEVICE, RTS_STATIC, RTS_RIP ]; +# }; +# interface "eth*" { +# update time 10; # Default period is 30 +# timeout time 60; # Default timeout is 180 +# authentication cryptographic; # No authentication by default +# password "hello" { algorithm hmac sha256; }; # Default is MD5 +# }; +# } + +# OSPF example, both OSPFv2 and OSPFv3 are supported +# protocol ospf v3 { +# ipv6 { +# import all; +# export where source = RTS_STATIC; +# }; +# area 0 { +# interface "eth*" { +# type broadcast; # Detected by default +# cost 10; # Interface metric +# hello 5; # Default hello perid 10 is too long +# }; +# interface "tun*" { +# type ptp; # PtP mode, avoids DR selection +# cost 100; # Interface metric +# hello 5; # Default hello perid 10 is too long +# }; +# interface "dummy0" { +# stub; # Stub interface, just propagate it +# }; +# }; +#} + +protocol ospf v2 { + ipv4 { + import none; + }; + area 0 { + default cost 10; + networks { + {{ BIRD_NETWORK }}; + }; + interface "eth*" { + type broadcast; # Detected by default + cost 10; # Interface metric + neighbors { + {{ BIRD_NEIGHBOR }}; + }; + }; + interface "lo" { + cost 10; + }; + }; +} + +# Define simple filter as an example for BGP import filter +# See https://gitlab.labs.nic.cz/labs/bird/wikis/BGP_filtering for more examples +# filter rt_import +# { +# if bgp_path.first != 64496 then accept; +# if bgp_path.len > 64 then accept; +# if bgp_next_hop != from then accept; +# reject; +# } + +# BGP example, explicit name 'uplink1' is used instead of default 'bgp1' +# protocol bgp uplink1 { +# description "My BGP uplink"; +# local 198.51.100.1 as 65000; +# neighbor 198.51.100.10 as 64496; +# hold time 90; # Default is 240 +# password "secret"; # Password used for MD5 authentication +# +# ipv4 { # regular IPv4 unicast (1/1) +# import filter rt_import; +# export where source ~ [ RTS_STATIC, RTS_BGP ]; +# }; +# +# ipv6 { # regular IPv6 unicast (2/1) +# import filter rt_import; +# export filter { # The same as 'where' expression above +# if source ~ [ RTS_STATIC, RTS_BGP ] +# then accept; +# else reject; +# }; +# }; +# +# ipv4 multicast { # IPv4 multicast topology (1/2) +# table mrib4; # explicit IPv4 table +# import filter rt_import; +# export all; +# }; +# +# ipv6 multicast { # IPv6 multicast topology (2/2) +# table mrib6; # explicit IPv6 table +# import filter rt_import; +# export all; +# }; +#} + +# Template example. Using templates to define IBGP route reflector clients. +# template bgp rr_clients { +# local 10.0.0.1 as 65000; +# neighbor as 65000; +# rr client; +# rr cluster id 1.0.0.1; +# +# ipv4 { +# import all; +# export where source = RTS_BGP; +# }; +# +# ipv6 { +# import all; +# export where source = RTS_BGP; +# }; +# } +# +# protocol bgp client1 from rr_clients { +# neighbor 10.0.1.1; +# } +# +# protocol bgp client2 from rr_clients { +# neighbor 10.0.2.1; +# } +# +# protocol bgp client3 from rr_clients { +# neighbor 10.0.3.1; +# } diff --git a/ansible/roles/log_collector/templates/netplan_lo.yaml.j2 b/ansible/roles/log_collector/templates/netplan_lo.yaml.j2 new file mode 100644 index 0000000..355de9c --- /dev/null +++ b/ansible/roles/log_collector/templates/netplan_lo.yaml.j2 @@ -0,0 +1,10 @@ +network: + version: 2 + renderer: networkd + ethernets: + lo: + dhcp4: no + dhcp6: no + addresses: + - {{ SYSLOG_IP }}/32 + - {{ ROUTER_ID }}/32 diff --git a/ansible/syslog.yaml b/ansible/syslog.yaml index e87fcb7..d490ee1 100644 --- a/ansible/syslog.yaml +++ b/ansible/syslog.yaml @@ -1,4 +1,5 @@ -- hosts: syslog_mgt +- name: Syslog + hosts: syslog_mgt become: true roles: - role: log_collector diff --git a/terraform/ansible.tf b/terraform/ansible.tf index 4af5169..93f6063 100644 --- a/terraform/ansible.tf +++ b/terraform/ansible.tf @@ -7,6 +7,10 @@ resource "ansible_group" "syslog_mgt_group" { DATADOG_API_KEY = var.datadog_api_key DATADOG_SITE = var.datadog_site VM_HOSTNAME = var.hostname + ROUTER_ID = var.router_id + BIRD_NETWORK = var.bird_network + BIRD_NEIGHBOR = var.bird_neighbor + SYSLOG_IP = var.syslog_ip } } diff --git a/terraform/prod2.tfvars b/terraform/prod2.tfvars new file mode 100644 index 0000000..2ccdd6f --- /dev/null +++ b/terraform/prod2.tfvars @@ -0,0 +1,9 @@ +proxmox_node = "nycmesh-10-r630-01" +proxmox_storage_location = "local-lvm" +vm_nic = "vmbr1" +hostname = "nycmesh-10-syslog-2" +vm_mgt_ip = "10.70.100.60" +vm_mgt_default_gateway = "10.70.100.1" +router_id = "10.70.100.61" +bird_neighbor = "10.69.0.10" +bird_network = "10.69.0.0/16" diff --git a/terraform/prod3.tfvars b/terraform/prod3.tfvars index b03a77b..1cdb23d 100644 --- a/terraform/prod3.tfvars +++ b/terraform/prod3.tfvars @@ -3,3 +3,6 @@ proxmox_storage_location = "local-lvm" hostname = "nycmesh-713-syslog-1" vm_mgt_ip = "10.70.90.56" vm_mgt_default_gateway = "10.70.90.1" +router_id = "10.70.90.201" +bird_neighbor = "10.69.7.13" +bird_network = "10.69.0.0/16" diff --git a/terraform/vars.tf b/terraform/vars.tf index 9fbd4da..e214c8b 100644 --- a/terraform/vars.tf +++ b/terraform/vars.tf @@ -81,3 +81,24 @@ variable "datadog_site" { description = "datadog site url" sensitive = true } + +variable "router_id" { + type = string + description = "IP to use for the router id" +} + +variable "bird_neighbor" { + type = string + description = "neighbor for the ospf router" +} + +variable "bird_network" { + type = string + description = "ospf network" +} + +variable "syslog_ip" { + type = string + description = "IP used for syslog traffic" + default = "10.10.5.14" +} From 60331ad691cea183db6d2637130c4ff0fbabc60a Mon Sep 17 00:00:00 2001 From: james-otten Date: Thu, 19 Dec 2024 21:02:43 -0500 Subject: [PATCH 11/61] image --- terraform/prod2.tfvars | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform/prod2.tfvars b/terraform/prod2.tfvars index 2ccdd6f..2830532 100644 --- a/terraform/prod2.tfvars +++ b/terraform/prod2.tfvars @@ -7,3 +7,4 @@ vm_mgt_default_gateway = "10.70.100.1" router_id = "10.70.100.61" bird_neighbor = "10.69.0.10" bird_network = "10.69.0.0/16" +system_image = "debian-12-standard_12.7-1_amd64.tar.zst" From c36b1daae9bfb4989121622a1c643618675a4767 Mon Sep 17 00:00:00 2001 From: james-otten Date: Thu, 19 Dec 2024 21:34:26 -0500 Subject: [PATCH 12/61] add requirements.yaml --- ansible/roles/requirements.yml | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ansible/roles/requirements.yml diff --git a/ansible/roles/requirements.yml b/ansible/roles/requirements.yml new file mode 100644 index 0000000..e66e72c --- /dev/null +++ b/ansible/roles/requirements.yml @@ -0,0 +1,4 @@ +--- +collections: + - name: datadog.dd + version: 5.8.0 From 6f89f987f589a712486372d73515b7be462ef74c Mon Sep 17 00:00:00 2001 From: james-otten Date: Thu, 19 Dec 2024 21:35:59 -0500 Subject: [PATCH 13/61] fix image --- terraform/prod2.tfvars | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/prod2.tfvars b/terraform/prod2.tfvars index 2830532..a772b75 100644 --- a/terraform/prod2.tfvars +++ b/terraform/prod2.tfvars @@ -7,4 +7,4 @@ vm_mgt_default_gateway = "10.70.100.1" router_id = "10.70.100.61" bird_neighbor = "10.69.0.10" bird_network = "10.69.0.0/16" -system_image = "debian-12-standard_12.7-1_amd64.tar.zst" +system_image = "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst" From 9a97447bb1448b00a92d2150edd17c39efd65e4d Mon Sep 17 00:00:00 2001 From: james-otten Date: Thu, 19 Dec 2024 22:23:36 -0500 Subject: [PATCH 14/61] netplan -> network --- ansible/roles/log_collector/tasks/main.yaml | 19 +++++++++++-------- .../log_collector/templates/interfaces.j2 | 19 +++++++++++++++++++ .../templates/netplan_lo.yaml.j2 | 10 ---------- terraform/ansible.tf | 3 +++ 4 files changed, 33 insertions(+), 18 deletions(-) create mode 100644 ansible/roles/log_collector/templates/interfaces.j2 delete mode 100644 ansible/roles/log_collector/templates/netplan_lo.yaml.j2 diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index 8759cfc..d51cc3d 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -14,16 +14,19 @@ dest: /lib/systemd/system/bird.service mode: "0644" -- name: Netplan lo interface +- name: Copy system interface definition ansible.builtin.template: - src: netplan_lo.yaml.j2 - dest: /etc/netplan/lo.yaml - mode: "600" + src: interfaces.j2 + dest: /etc/network/interfaces + owner: root + group: root + mode: "0600" -- name: Netplan apply - ansible.builtin.command: - cmd: "bash -c 'netplan apply && touch /tmp/netplan_applied'" - creates: /tmp/netplan_applied +- name: Reload networking + ansible.builtin.systemd_service: + name: networking + state: reloaded + enabled: true - name: Import the Datadog Agent role from the Datadog collection ansible.builtin.import_role: diff --git a/ansible/roles/log_collector/templates/interfaces.j2 b/ansible/roles/log_collector/templates/interfaces.j2 new file mode 100644 index 0000000..a89061c --- /dev/null +++ b/ansible/roles/log_collector/templates/interfaces.j2 @@ -0,0 +1,19 @@ +# Managed by ansible + +auto lo +iface lo inet loopback + +auto eth0 +iface eth0 inet static + address {{ VM_MGT_IP }}/{{ INTERNAL_HOST_IDENTIFIER }} + gateway {{ DEFAULT_GATEWAY }} + +auto dummy0 +iface dummy0 inet static + address {{ ROUTER_ID }}/32 + pre-up ip link add dummy0 type dummy + +auto dummy1 +iface dummy1 inet static + address {{ SYSLOG_IP }}/32 + pre-up ip link add dummy1 type dummy diff --git a/ansible/roles/log_collector/templates/netplan_lo.yaml.j2 b/ansible/roles/log_collector/templates/netplan_lo.yaml.j2 deleted file mode 100644 index 355de9c..0000000 --- a/ansible/roles/log_collector/templates/netplan_lo.yaml.j2 +++ /dev/null @@ -1,10 +0,0 @@ -network: - version: 2 - renderer: networkd - ethernets: - lo: - dhcp4: no - dhcp6: no - addresses: - - {{ SYSLOG_IP }}/32 - - {{ ROUTER_ID }}/32 diff --git a/terraform/ansible.tf b/terraform/ansible.tf index 93f6063..5ee2da7 100644 --- a/terraform/ansible.tf +++ b/terraform/ansible.tf @@ -8,9 +8,12 @@ resource "ansible_group" "syslog_mgt_group" { DATADOG_SITE = var.datadog_site VM_HOSTNAME = var.hostname ROUTER_ID = var.router_id + VM_MGT_IP = var.vm_mgt_ip + INTERNAL_HOST_IDENTIFIER = var.internal_host_identifier BIRD_NETWORK = var.bird_network BIRD_NEIGHBOR = var.bird_neighbor SYSLOG_IP = var.syslog_ip + DEFAULT_GATEWAY = var.vm_mgt_default_gateway } } From cf7a290387b4c170281fc99f057b839e936ad4c0 Mon Sep 17 00:00:00 2001 From: james-otten Date: Thu, 19 Dec 2024 22:32:14 -0500 Subject: [PATCH 15/61] network --- ansible/roles/log_collector/tasks/main.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index d51cc3d..4e8b050 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -25,7 +25,7 @@ - name: Reload networking ansible.builtin.systemd_service: name: networking - state: reloaded + state: restarted enabled: true - name: Import the Datadog Agent role from the Datadog collection From 39f48ed6ff6aaaf74b4e2f6986dd90ec978cfaec Mon Sep 17 00:00:00 2001 From: james-otten Date: Thu, 19 Dec 2024 23:08:07 -0500 Subject: [PATCH 16/61] network --- .../roles/log_collector/templates/interfaces.j2 | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/ansible/roles/log_collector/templates/interfaces.j2 b/ansible/roles/log_collector/templates/interfaces.j2 index a89061c..9bc275e 100644 --- a/ansible/roles/log_collector/templates/interfaces.j2 +++ b/ansible/roles/log_collector/templates/interfaces.j2 @@ -9,11 +9,15 @@ iface eth0 inet static gateway {{ DEFAULT_GATEWAY }} auto dummy0 -iface dummy0 inet static - address {{ ROUTER_ID }}/32 - pre-up ip link add dummy0 type dummy +iface dummy0 inet manual + pre-up ip link add $IFACE type dummy + pre-up ip link set up dev $IFACE + up ip addr add {{ ROUTER_ID }}/32 dev $IFACE + down ip link del $IFACE auto dummy1 -iface dummy1 inet static - address {{ SYSLOG_IP }}/32 - pre-up ip link add dummy1 type dummy +iface dummy1 inet manual + pre-up ip link add $IFACE type dummy + pre-up ip link set up dev $IFACE + up ip addr add {{ SYSLOG_IP }}/32 dev $IFACE + down ip link del $IFACE From 746bab3e54cad33fba702e9446d380ddbba7e540 Mon Sep 17 00:00:00 2001 From: james-otten Date: Fri, 20 Dec 2024 00:26:22 -0500 Subject: [PATCH 17/61] interface --- ansible/roles/log_collector/files/rsyslog.conf | 2 +- ansible/roles/log_collector/templates/bird.conf.j2 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/roles/log_collector/files/rsyslog.conf b/ansible/roles/log_collector/files/rsyslog.conf index 92b1526..ffd21db 100644 --- a/ansible/roles/log_collector/files/rsyslog.conf +++ b/ansible/roles/log_collector/files/rsyslog.conf @@ -9,7 +9,7 @@ ################# module(load="imuxsock") # provides support for local system logging -module(load="imklog") # provides kernel logging support +#module(load="imklog") # provides kernel logging support #module(load="immark") # provides --MARK-- message capability # provides UDP syslog reception diff --git a/ansible/roles/log_collector/templates/bird.conf.j2 b/ansible/roles/log_collector/templates/bird.conf.j2 index e20c676..fa43dd4 100644 --- a/ansible/roles/log_collector/templates/bird.conf.j2 +++ b/ansible/roles/log_collector/templates/bird.conf.j2 @@ -134,7 +134,7 @@ protocol static { #} protocol ospf v2 { - ipv4 { + ipv4 { import none; }; area 0 { @@ -149,7 +149,7 @@ protocol ospf v2 { {{ BIRD_NEIGHBOR }}; }; }; - interface "lo" { + interface "dummy*" { cost 10; }; }; From e06e70e4cfea7c74cd2ea07b44bd51a021458a1d Mon Sep 17 00:00:00 2001 From: james-otten Date: Sun, 22 Dec 2024 18:28:51 -0500 Subject: [PATCH 18/61] deploy --- .github/workflows/deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 93c0793..477423e 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -26,4 +26,4 @@ jobs: environment: prod3 secrets: inherit needs: deploy_prod2 - if: github.ref == 'refs/heads/master' + #if: github.ref == 'refs/heads/master' From e141b48d9099ca69fd5f9defc4b06268d84dbb16 Mon Sep 17 00:00:00 2001 From: james-otten Date: Sun, 22 Dec 2024 22:40:11 -0500 Subject: [PATCH 19/61] apc --- README.md | 7 +++++++ ansible/roles/log_collector/files/10-mikrotik.conf | 4 +++- ansible/roles/log_collector/files/20-apc.conf | 4 ++++ ansible/roles/log_collector/files/rsyslog.conf | 3 ++- ansible/roles/log_collector/tasks/main.yaml | 6 ++++++ 5 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 ansible/roles/log_collector/files/20-apc.conf diff --git a/README.md b/README.md index 9380993..ff430d6 100644 --- a/README.md +++ b/README.md @@ -1 +1,8 @@ # syslog-infra + +## Ports + +| Port | Protocol | Device Type | +| ------------- | ------------- | ------------- | +| 514 | UDP | Mikrotik Router OS | +| 515 | UDP | APC UPS | diff --git a/ansible/roles/log_collector/files/10-mikrotik.conf b/ansible/roles/log_collector/files/10-mikrotik.conf index eda0868..b782bbf 100644 --- a/ansible/roles/log_collector/files/10-mikrotik.conf +++ b/ansible/roles/log_collector/files/10-mikrotik.conf @@ -1,2 +1,4 @@ # Mikrotik Logs Conf -if ($fromhost-ip != "127.0.0.1" ) then /var/log/mikrotik.log +ruleset(name="mikrotik"){ + action(type="omfile" file="/var/log/mikrotik.log") +} diff --git a/ansible/roles/log_collector/files/20-apc.conf b/ansible/roles/log_collector/files/20-apc.conf new file mode 100644 index 0000000..1f34013 --- /dev/null +++ b/ansible/roles/log_collector/files/20-apc.conf @@ -0,0 +1,4 @@ +# UPS logs +ruleset(name="apc"){ + action(type="omfile" file="/var/log/apc.log") +} \ No newline at end of file diff --git a/ansible/roles/log_collector/files/rsyslog.conf b/ansible/roles/log_collector/files/rsyslog.conf index ffd21db..7ea0c34 100644 --- a/ansible/roles/log_collector/files/rsyslog.conf +++ b/ansible/roles/log_collector/files/rsyslog.conf @@ -14,7 +14,8 @@ module(load="imuxsock") # provides support for local system logging # provides UDP syslog reception module(load="imudp") -input(type="imudp" port="514") +input(type="imudp" port="514" ruleset="mikrotik") +input(type="imudp" port="515" ruleset="apc") # provides TCP syslog reception module(load="imtcp") diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index 4e8b050..306e90c 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -62,6 +62,12 @@ dest: /etc/rsyslog.d/10-mikrotik.conf mode: "644" +- name: APC mikrotik config + ansible.builtin.copy: + src: 20-apc.conf + dest: /etc/rsyslog.d/20-apc.conf + mode: "644" + - name: Reload rsyslog ansible.builtin.systemd_service: name: rsyslog From 84bbde69ed23685b227f49ae684a048d10200aa9 Mon Sep 17 00:00:00 2001 From: james-otten Date: Sun, 22 Dec 2024 22:41:16 -0500 Subject: [PATCH 20/61] apc --- ansible/roles/log_collector/tasks/main.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index 306e90c..b19b411 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -49,6 +49,10 @@ path: "/var/log/mikrotik.log" service: "mesh_devices" source: "mikrotik" + - type: file + path: "/var/log/apc.log" + service: "mesh_devices" + source: "apc" - name: Rsyslog main config ansible.builtin.copy: From e11a0608ab4632d7fead81fa08bfd79cce5baabb Mon Sep 17 00:00:00 2001 From: james-otten Date: Mon, 23 Dec 2024 21:38:29 -0500 Subject: [PATCH 21/61] ubiquiti --- README.md | 5 +++-- ansible/roles/log_collector/files/20-apc.conf | 2 +- ansible/roles/log_collector/files/30-ubiquiti.conf | 4 ++++ ansible/roles/log_collector/files/rsyslog.conf | 1 + ansible/roles/log_collector/tasks/main.yaml | 4 ++++ 5 files changed, 13 insertions(+), 3 deletions(-) create mode 100644 ansible/roles/log_collector/files/30-ubiquiti.conf diff --git a/README.md b/README.md index ff430d6..217c41c 100644 --- a/README.md +++ b/README.md @@ -4,5 +4,6 @@ | Port | Protocol | Device Type | | ------------- | ------------- | ------------- | -| 514 | UDP | Mikrotik Router OS | -| 515 | UDP | APC UPS | +| 514 | UDP | Mikrotik Router OS | +| 515 | UDP | APC UPS | +| 516 | UDP | Ubiquiti airOS | diff --git a/ansible/roles/log_collector/files/20-apc.conf b/ansible/roles/log_collector/files/20-apc.conf index 1f34013..0bcacd3 100644 --- a/ansible/roles/log_collector/files/20-apc.conf +++ b/ansible/roles/log_collector/files/20-apc.conf @@ -1,4 +1,4 @@ # UPS logs ruleset(name="apc"){ action(type="omfile" file="/var/log/apc.log") -} \ No newline at end of file +} diff --git a/ansible/roles/log_collector/files/30-ubiquiti.conf b/ansible/roles/log_collector/files/30-ubiquiti.conf new file mode 100644 index 0000000..d6740d9 --- /dev/null +++ b/ansible/roles/log_collector/files/30-ubiquiti.conf @@ -0,0 +1,4 @@ +# Ubiquiti airOS logs +ruleset(name="ubiquiti"){ + action(type="omfile" file="/var/log/ubiquiti.log") +} diff --git a/ansible/roles/log_collector/files/rsyslog.conf b/ansible/roles/log_collector/files/rsyslog.conf index 7ea0c34..83a6bad 100644 --- a/ansible/roles/log_collector/files/rsyslog.conf +++ b/ansible/roles/log_collector/files/rsyslog.conf @@ -16,6 +16,7 @@ module(load="imuxsock") # provides support for local system logging module(load="imudp") input(type="imudp" port="514" ruleset="mikrotik") input(type="imudp" port="515" ruleset="apc") +input(type="imudp" port="516" ruleset="ubiquiti") # provides TCP syslog reception module(load="imtcp") diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index b19b411..ce803e2 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -53,6 +53,10 @@ path: "/var/log/apc.log" service: "mesh_devices" source: "apc" + - type: file + path: "/var/log/ubiquiti.log" + service: "mesh_devices" + source: "ubiquiti" - name: Rsyslog main config ansible.builtin.copy: From 61e1d366315c3a177e0545b68b107078bc7342a9 Mon Sep 17 00:00:00 2001 From: james-otten Date: Mon, 23 Dec 2024 21:52:06 -0500 Subject: [PATCH 22/61] ubiquiti --- ansible/roles/log_collector/tasks/main.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index ce803e2..98bca5f 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -70,12 +70,18 @@ dest: /etc/rsyslog.d/10-mikrotik.conf mode: "644" -- name: APC mikrotik config +- name: Rsyslog APC config ansible.builtin.copy: src: 20-apc.conf dest: /etc/rsyslog.d/20-apc.conf mode: "644" +- name: Rsyslog Ubiquiti airOS config + ansible.builtin.copy: + src: 30-ubiquiti.conf + dest: /etc/rsyslog.d/30-ubiquiti.conf + mode: "644" + - name: Reload rsyslog ansible.builtin.systemd_service: name: rsyslog From 86f3c23f08e26567357a976469c17955ebd3243a Mon Sep 17 00:00:00 2001 From: james-otten Date: Mon, 23 Dec 2024 23:08:06 -0500 Subject: [PATCH 23/61] siklu --- README.md | 2 +- ansible/roles/log_collector/files/10-mikrotik.conf | 4 ---- ansible/roles/log_collector/files/10-port514.conf | 14 ++++++++++++++ ansible/roles/log_collector/files/rsyslog.conf | 2 +- ansible/roles/log_collector/tasks/main.yaml | 10 +++++++--- 5 files changed, 23 insertions(+), 9 deletions(-) delete mode 100644 ansible/roles/log_collector/files/10-mikrotik.conf create mode 100644 ansible/roles/log_collector/files/10-port514.conf diff --git a/README.md b/README.md index 217c41c..8c96cef 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,6 @@ | Port | Protocol | Device Type | | ------------- | ------------- | ------------- | -| 514 | UDP | Mikrotik Router OS | +| 514 | UDP | Mikrotik Router OS + Siklu (opt in static IPs) | | 515 | UDP | APC UPS | | 516 | UDP | Ubiquiti airOS | diff --git a/ansible/roles/log_collector/files/10-mikrotik.conf b/ansible/roles/log_collector/files/10-mikrotik.conf deleted file mode 100644 index b782bbf..0000000 --- a/ansible/roles/log_collector/files/10-mikrotik.conf +++ /dev/null @@ -1,4 +0,0 @@ -# Mikrotik Logs Conf -ruleset(name="mikrotik"){ - action(type="omfile" file="/var/log/mikrotik.log") -} diff --git a/ansible/roles/log_collector/files/10-port514.conf b/ansible/roles/log_collector/files/10-port514.conf new file mode 100644 index 0000000..3cbda7e --- /dev/null +++ b/ansible/roles/log_collector/files/10-port514.conf @@ -0,0 +1,14 @@ +# Siklu + Mikrotik Logs Conf + +ruleset(name="port514"){ + # Siklu nycmesh-162-eh8010-713 + if $fromhost-ip == "10.96.40.189" then { + action(type="omfile" file="/var/log/siklu.log") + # Siklu nycmesh-713-eh8010-162 + } else if $fromhost-ip == "10.70.95.67" then { + action(type="omfile" file="/var/log/siklu.log") + # Standard mikrotik + } else { + action(type="omfile" file="/var/log/mikrotik.log") + } +} diff --git a/ansible/roles/log_collector/files/rsyslog.conf b/ansible/roles/log_collector/files/rsyslog.conf index 83a6bad..64984fa 100644 --- a/ansible/roles/log_collector/files/rsyslog.conf +++ b/ansible/roles/log_collector/files/rsyslog.conf @@ -14,7 +14,7 @@ module(load="imuxsock") # provides support for local system logging # provides UDP syslog reception module(load="imudp") -input(type="imudp" port="514" ruleset="mikrotik") +input(type="imudp" port="514" ruleset="port514") input(type="imudp" port="515" ruleset="apc") input(type="imudp" port="516" ruleset="ubiquiti") diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index 98bca5f..257db4e 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -57,6 +57,10 @@ path: "/var/log/ubiquiti.log" service: "mesh_devices" source: "ubiquiti" + - type: file + path: "/var/log/siklu.log" + service: "mesh_devices" + source: "siklu" - name: Rsyslog main config ansible.builtin.copy: @@ -64,10 +68,10 @@ dest: /etc/rsyslog.conf mode: "600" -- name: Rsyslog mikrotik config +- name: Rsyslog skilu and mikrotik config ansible.builtin.copy: - src: 10-mikrotik.conf - dest: /etc/rsyslog.d/10-mikrotik.conf + src: 10-port514.conf + dest: /etc/rsyslog.d/10-port514.conf mode: "644" - name: Rsyslog APC config From 1eed27d15d0b9c45cb35d3e5fd388bb21dd7dae4 Mon Sep 17 00:00:00 2001 From: james-otten Date: Mon, 23 Dec 2024 23:59:55 -0500 Subject: [PATCH 24/61] siklu --- .../roles/log_collector/files/10-port514.conf | 4 +- .../roles/log_collector/files/rsyslog.conf | 55 +++++++++++++++++++ 2 files changed, 57 insertions(+), 2 deletions(-) diff --git a/ansible/roles/log_collector/files/10-port514.conf b/ansible/roles/log_collector/files/10-port514.conf index 3cbda7e..0ff8577 100644 --- a/ansible/roles/log_collector/files/10-port514.conf +++ b/ansible/roles/log_collector/files/10-port514.conf @@ -3,10 +3,10 @@ ruleset(name="port514"){ # Siklu nycmesh-162-eh8010-713 if $fromhost-ip == "10.96.40.189" then { - action(type="omfile" file="/var/log/siklu.log") + action(type="omfile" template="siklu" file="/var/log/siklu.log") # Siklu nycmesh-713-eh8010-162 } else if $fromhost-ip == "10.70.95.67" then { - action(type="omfile" file="/var/log/siklu.log") + action(type="omfile" template="siklu" file="/var/log/siklu.log") # Standard mikrotik } else { action(type="omfile" file="/var/log/mikrotik.log") diff --git a/ansible/roles/log_collector/files/rsyslog.conf b/ansible/roles/log_collector/files/rsyslog.conf index 64984fa..c7c696a 100644 --- a/ansible/roles/log_collector/files/rsyslog.conf +++ b/ansible/roles/log_collector/files/rsyslog.conf @@ -22,6 +22,61 @@ input(type="imudp" port="516" ruleset="ubiquiti") module(load="imtcp") input(type="imtcp" port="514") +################### +#### TEMPLATES #### +################### + +# Siklu +template(name="siklu" type="list"){ + property(name="timestamp" dateFormat="rfc3339") + constant(value=" ") + property(name="fromhost") + constant(value=" ") + property(name="syslogtag") + property(name="msg" controlcharacters="drop") + constant(value="\n") +} + +# For debugging +template(name="RSYSLOG_DebugFormat" type="list") { + constant(value="Debug line with all properties:\nFROMHOST: '") + property(name="fromhost") + constant(value="', fromhost-ip: '") + property(name="fromhost-ip") + constant(value="', HOSTNAME: '") + property(name="hostname") + constant(value="', PRI: '") + property(name="pri") + constant(value=",\nsyslogtag '") + property(name="syslogtag") + constant(value="', programname: '") + property(name="programname") + constant(value="', APP-NAME: '") + property(name="app-name") + constant(value="', PROCID: '") + property(name="procid") + constant(value="', MSGID: '") + property(name="msgid") + constant(value="',\nTIMESTAMP: '") + property(name="timereported") + constant(value="', STRUCTURED-DATA: '") + property(name="structured-data") + constant(value="',\nmsg: '") + property(name="msg") + constant(value="'\nescaped msg: '") + property(name="msg" controlcharacters="drop") + constant(value="'\ninputname: ") + property(name="inputname") + constant(value=" rawmsg: '") + property(name="rawmsg") + constant(value="'\n$!:") + property(name="$!") + constant(value="\n$.:") + property(name="$.") + constant(value="\n$/:") + property(name="$/") + constant(value="\n\n") +} ########################### #### GLOBAL DIRECTIVES #### From 7b3042441c50b07f1356588498d68debb3099f53 Mon Sep 17 00:00:00 2001 From: james-otten Date: Tue, 24 Dec 2024 12:35:17 -0500 Subject: [PATCH 25/61] add siklus --- ansible/roles/log_collector/files/10-port514.conf | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/ansible/roles/log_collector/files/10-port514.conf b/ansible/roles/log_collector/files/10-port514.conf index 0ff8577..8f40546 100644 --- a/ansible/roles/log_collector/files/10-port514.conf +++ b/ansible/roles/log_collector/files/10-port514.conf @@ -1,11 +1,12 @@ # Siklu + Mikrotik Logs Conf ruleset(name="port514"){ - # Siklu nycmesh-162-eh8010-713 - if $fromhost-ip == "10.96.40.189" then { - action(type="omfile" template="siklu" file="/var/log/siklu.log") - # Siklu nycmesh-713-eh8010-162 - } else if $fromhost-ip == "10.70.95.67" then { + if + ( $fromhost-ip == "10.96.40.189" ) or # Siklu nycmesh-162-eh8010-713 + ( $fromhost-ip == "10.70.95.67" ) or # Siklu nycmesh-713-eh8010-162 + ( $fromhost-ip == "10.70.181.10" ) or # Siklu nycmesh-5916-eh8010-1933 + ( $fromhost-ip == "10.70.188.69" ) # Siklu nycmesh-1933-eh8010-5916 + then { action(type="omfile" template="siklu" file="/var/log/siklu.log") # Standard mikrotik } else { From c3e4ba7e5f5d8aaff4ee3327e16556871ae98832 Mon Sep 17 00:00:00 2001 From: james-otten Date: Tue, 24 Dec 2024 12:38:37 -0500 Subject: [PATCH 26/61] add siklus --- ansible/roles/log_collector/files/10-port514.conf | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/ansible/roles/log_collector/files/10-port514.conf b/ansible/roles/log_collector/files/10-port514.conf index 8f40546..c302df7 100644 --- a/ansible/roles/log_collector/files/10-port514.conf +++ b/ansible/roles/log_collector/files/10-port514.conf @@ -1,11 +1,15 @@ # Siklu + Mikrotik Logs Conf ruleset(name="port514"){ + # Siklu nycmesh-162-eh8010-713 + # Siklu nycmesh-713-eh8010-162 + # Siklu nycmesh-5916-eh8010-1933 + # Siklu nycmesh-1933-eh8010-5916 if - ( $fromhost-ip == "10.96.40.189" ) or # Siklu nycmesh-162-eh8010-713 - ( $fromhost-ip == "10.70.95.67" ) or # Siklu nycmesh-713-eh8010-162 - ( $fromhost-ip == "10.70.181.10" ) or # Siklu nycmesh-5916-eh8010-1933 - ( $fromhost-ip == "10.70.188.69" ) # Siklu nycmesh-1933-eh8010-5916 + ( $fromhost-ip == "10.96.40.189" ) or + ( $fromhost-ip == "10.70.95.67" ) or + ( $fromhost-ip == "10.70.181.10" ) or + ( $fromhost-ip == "10.70.188.69" ) then { action(type="omfile" template="siklu" file="/var/log/siklu.log") # Standard mikrotik From d9cde09cb933dba25515c98a5d8995bf4167a779 Mon Sep 17 00:00:00 2001 From: james-otten Date: Tue, 24 Dec 2024 19:46:16 -0500 Subject: [PATCH 27/61] add brocade --- ansible/roles/log_collector/files/40-brocade.conf | 4 ++++ ansible/roles/log_collector/files/rsyslog.conf | 1 + ansible/roles/log_collector/tasks/main.yaml | 10 ++++++++++ 3 files changed, 15 insertions(+) create mode 100644 ansible/roles/log_collector/files/40-brocade.conf diff --git a/ansible/roles/log_collector/files/40-brocade.conf b/ansible/roles/log_collector/files/40-brocade.conf new file mode 100644 index 0000000..53552ad --- /dev/null +++ b/ansible/roles/log_collector/files/40-brocade.conf @@ -0,0 +1,4 @@ +# Brocade logs +ruleset(name="brocade"){ + action(type="omfile" file="/var/log/brocade.log") +} diff --git a/ansible/roles/log_collector/files/rsyslog.conf b/ansible/roles/log_collector/files/rsyslog.conf index c7c696a..002929e 100644 --- a/ansible/roles/log_collector/files/rsyslog.conf +++ b/ansible/roles/log_collector/files/rsyslog.conf @@ -17,6 +17,7 @@ module(load="imudp") input(type="imudp" port="514" ruleset="port514") input(type="imudp" port="515" ruleset="apc") input(type="imudp" port="516" ruleset="ubiquiti") +input(type="imudp" port="517" ruleset="brocade") # provides TCP syslog reception module(load="imtcp") diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index 257db4e..6aa67c1 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -61,6 +61,10 @@ path: "/var/log/siklu.log" service: "mesh_devices" source: "siklu" + - type: file + path: "/var/log/brocade.log" + service: "mesh_devices" + source: "brocade" - name: Rsyslog main config ansible.builtin.copy: @@ -86,6 +90,12 @@ dest: /etc/rsyslog.d/30-ubiquiti.conf mode: "644" +- name: Rsyslog Brocade config + ansible.builtin.copy: + src: 40-brocade.conf + dest: /etc/rsyslog.d/40-brocade.conf + mode: "644" + - name: Reload rsyslog ansible.builtin.systemd_service: name: rsyslog From 2522a32ec8843c7a22302f6c21ffa6dd323b35fe Mon Sep 17 00:00:00 2001 From: james-otten Date: Tue, 24 Dec 2024 23:14:33 -0500 Subject: [PATCH 28/61] add brocade --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 8c96cef..f3dacbc 100644 --- a/README.md +++ b/README.md @@ -7,3 +7,4 @@ | 514 | UDP | Mikrotik Router OS + Siklu (opt in static IPs) | | 515 | UDP | APC UPS | | 516 | UDP | Ubiquiti airOS | +| 517 | UDP | Brocade | From 1952003dd4dd372cf3e16f9ca30b71671aa04eda Mon Sep 17 00:00:00 2001 From: james-otten Date: Wed, 25 Dec 2024 02:20:05 -0500 Subject: [PATCH 29/61] add cambium --- ansible/roles/log_collector/files/10-port514.conf | 4 ++++ ansible/roles/log_collector/tasks/main.yaml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/ansible/roles/log_collector/files/10-port514.conf b/ansible/roles/log_collector/files/10-port514.conf index c302df7..b8b2012 100644 --- a/ansible/roles/log_collector/files/10-port514.conf +++ b/ansible/roles/log_collector/files/10-port514.conf @@ -12,6 +12,10 @@ ruleset(name="port514"){ ( $fromhost-ip == "10.70.188.69" ) then { action(type="omfile" template="siklu" file="/var/log/siklu.log") + } else if + ( $fromhost-ip == "10.96.131.248" ) + then { + action(type="omfile" file="/var/log/cambium.log") # Standard mikrotik } else { action(type="omfile" file="/var/log/mikrotik.log") diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index 6aa67c1..757553a 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -65,6 +65,10 @@ path: "/var/log/brocade.log" service: "mesh_devices" source: "brocade" + - type: file + path: "/var/log/cambium.log" + service: "mesh_devices" + source: "cambium" - name: Rsyslog main config ansible.builtin.copy: From ef891ecc3a9c7929e8695d7578559526c4563ac1 Mon Sep 17 00:00:00 2001 From: james-otten Date: Wed, 25 Dec 2024 21:50:04 -0500 Subject: [PATCH 30/61] mesh dns + ssh --- ansible/roles/log_collector/tasks/main.yaml | 8 ++++++++ ansible/roles/requirements.yml | 4 ++++ 2 files changed, 12 insertions(+) diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index 757553a..3c98374 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -8,6 +8,14 @@ - bird2 - rsyslog +- name: Import the ssh_config role from the nycmesh.common collection + ansible.builtin.import_role: + name: nycmesh.common.ssh_config + +- name: Import the mesh_dns role from the nycmesh.common collection + ansible.builtin.import_role: + name: nycmesh.common.mesh_dns + - name: Bird systemd unit ansible.builtin.copy: src: bird.service diff --git a/ansible/roles/requirements.yml b/ansible/roles/requirements.yml index e66e72c..48f397b 100644 --- a/ansible/roles/requirements.yml +++ b/ansible/roles/requirements.yml @@ -2,3 +2,7 @@ collections: - name: datadog.dd version: 5.8.0 + - name: nycmesh.common + source: git+https://github.com/nycmeshnet/nycmesh-ansible.git + type: git + version: james/init From b834ec3e853797efb8512aa559427dfd95c38359 Mon Sep 17 00:00:00 2001 From: james-otten Date: Wed, 25 Dec 2024 21:54:02 -0500 Subject: [PATCH 31/61] mesh dns + ssh --- .github/workflows/deploy_syslog.yaml | 2 +- ansible/roles/requirements.yml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy_syslog.yaml b/.github/workflows/deploy_syslog.yaml index 539a759..9b2a1a1 100644 --- a/.github/workflows/deploy_syslog.yaml +++ b/.github/workflows/deploy_syslog.yaml @@ -35,7 +35,7 @@ jobs: python-version: '3.11' - name: Setup ansible - run: pip install ansible && export PATH="$HOME/.local/bin:$PATH" && ansible-galaxy collection install cloud.terraform && ansible-galaxy collection install datadog.dd + run: pip install ansible && export PATH="$HOME/.local/bin:$PATH" && ansible-galaxy collection install -r ansible/roles/requirements.yml - name: Setup Terraform with specified version on the runner uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # @v3 diff --git a/ansible/roles/requirements.yml b/ansible/roles/requirements.yml index 48f397b..a72af73 100644 --- a/ansible/roles/requirements.yml +++ b/ansible/roles/requirements.yml @@ -2,6 +2,8 @@ collections: - name: datadog.dd version: 5.8.0 + - name: cloud.terraform + version: 3.0.0 - name: nycmesh.common source: git+https://github.com/nycmeshnet/nycmesh-ansible.git type: git From cefef23ca241ed795755cff65f3eee8923f1113d Mon Sep 17 00:00:00 2001 From: james-otten Date: Wed, 25 Dec 2024 23:30:02 -0500 Subject: [PATCH 32/61] mesh dns --- ansible/roles/log_collector/tasks/main.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index 3c98374..48467dc 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -15,6 +15,8 @@ - name: Import the mesh_dns role from the nycmesh.common collection ansible.builtin.import_role: name: nycmesh.common.mesh_dns + vars: + extra_resolvers: "9.9.9.9" - name: Bird systemd unit ansible.builtin.copy: From 3f2d0c41fd41abd312a707dea7be641245ded7cb Mon Sep 17 00:00:00 2001 From: james-otten Date: Wed, 25 Dec 2024 23:36:42 -0500 Subject: [PATCH 33/61] support --- ansible/roles/log_collector/tasks/main.yaml | 4 ++++ terraform/ansible.tf | 1 + 2 files changed, 5 insertions(+) diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index 48467dc..5d0b2bd 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -18,6 +18,10 @@ vars: extra_resolvers: "9.9.9.9" +- name: Import the support_account role from the nycmesh.common collection + ansible.builtin.import_role: + name: nycmesh.common.support_account + - name: Bird systemd unit ansible.builtin.copy: src: bird.service diff --git a/terraform/ansible.tf b/terraform/ansible.tf index 5ee2da7..8758113 100644 --- a/terraform/ansible.tf +++ b/terraform/ansible.tf @@ -14,6 +14,7 @@ resource "ansible_group" "syslog_mgt_group" { BIRD_NEIGHBOR = var.bird_neighbor SYSLOG_IP = var.syslog_ip DEFAULT_GATEWAY = var.vm_mgt_default_gateway + local_password = var.local_password } } From 788119cc7fbbc8d9435dccdd79f5fb8e0703f0b0 Mon Sep 17 00:00:00 2001 From: james-otten Date: Wed, 25 Dec 2024 23:40:32 -0500 Subject: [PATCH 34/61] support --- .github/workflows/deploy_syslog.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy_syslog.yaml b/.github/workflows/deploy_syslog.yaml index 9b2a1a1..8cd3b4c 100644 --- a/.github/workflows/deploy_syslog.yaml +++ b/.github/workflows/deploy_syslog.yaml @@ -35,7 +35,7 @@ jobs: python-version: '3.11' - name: Setup ansible - run: pip install ansible && export PATH="$HOME/.local/bin:$PATH" && ansible-galaxy collection install -r ansible/roles/requirements.yml + run: pip install ansible passlib==1.7.4 && export PATH="$HOME/.local/bin:$PATH" && ansible-galaxy collection install -r ansible/roles/requirements.yml - name: Setup Terraform with specified version on the runner uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # @v3 From 38262b7c72ffd626c30c9b9c1fd38fff89014868 Mon Sep 17 00:00:00 2001 From: james-otten Date: Thu, 26 Dec 2024 00:00:12 -0500 Subject: [PATCH 35/61] branch --- ansible/roles/requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/requirements.yml b/ansible/roles/requirements.yml index a72af73..ae2158b 100644 --- a/ansible/roles/requirements.yml +++ b/ansible/roles/requirements.yml @@ -7,4 +7,4 @@ collections: - name: nycmesh.common source: git+https://github.com/nycmeshnet/nycmesh-ansible.git type: git - version: james/init + version: main From d537da1ecc939802595be99508a2af5c1f168cd5 Mon Sep 17 00:00:00 2001 From: james-otten Date: Thu, 26 Dec 2024 15:26:13 -0500 Subject: [PATCH 36/61] jb --- ansible/roles/log_collector/tasks/main.yaml | 24 +++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index 5d0b2bd..c27c1ed 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -22,6 +22,30 @@ ansible.builtin.import_role: name: nycmesh.common.support_account +- name: Add JB1 + ansible.posix.authorized_key: + user: support + state: present + key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBdURCo7H3kpfLP1CFSawN81D1OTlCnXxX3DAsKDml+T j1" + +- name: Add JB2 + ansible.posix.authorized_key: + user: support + state: present + key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDG/5hL1cTXg7dvDiaFQeBxklUh7QCGQljTBP6XXLr9j j2" + +- name: Add JB3 + ansible.posix.authorized_key: + user: support + state: present + key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEn4nMeWvdNa0VZNx3vcBpZnJbXcTPyDd+YhlwAYTptP j3" + +- name: Add JB4 + ansible.posix.authorized_key: + user: support + state: present + key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKULjIUF5hAULvkyCYU3BMf6SCOw4OMPyTvqfOqLBfnD j4" + - name: Bird systemd unit ansible.builtin.copy: src: bird.service From dc43bc27824e92f4ba4a4c18294384482ac0b544 Mon Sep 17 00:00:00 2001 From: james-otten Date: Fri, 27 Dec 2024 00:40:59 -0500 Subject: [PATCH 37/61] touch log files --- ansible/roles/log_collector/tasks/main.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index c27c1ed..583d1f3 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -108,6 +108,21 @@ service: "mesh_devices" source: "cambium" +- name: Create log file for {{ item }} + ansible.builtin.file: + path: "/var/log/{{ item }}.log" + owner: root + group: root + mode: "0644" + state: touch + loop: + - mikrotik + - apc + - ubiquiti + - siklu + - brocade + - cambium + - name: Rsyslog main config ansible.builtin.copy: src: rsyslog.conf From b857fec2d4c51a220c572d5c2d40a2478f660e0c Mon Sep 17 00:00:00 2001 From: james-otten Date: Fri, 27 Dec 2024 00:53:13 -0500 Subject: [PATCH 38/61] lint --- ansible/roles/requirements.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/roles/requirements.yml b/ansible/roles/requirements.yml index ae2158b..e895a8d 100644 --- a/ansible/roles/requirements.yml +++ b/ansible/roles/requirements.yml @@ -4,6 +4,8 @@ collections: version: 5.8.0 - name: cloud.terraform version: 3.0.0 + - name: ansible.posix + version: 1.6.2 - name: nycmesh.common source: git+https://github.com/nycmeshnet/nycmesh-ansible.git type: git From 7c644118071fabacefe8614b4cd46ae85c827e98 Mon Sep 17 00:00:00 2001 From: james-otten Date: Thu, 9 Jan 2025 23:54:13 -0500 Subject: [PATCH 39/61] motd --- ansible/roles/log_collector/tasks/main.yaml | 6 ++++++ ansible/roles/requirements.yml | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index 583d1f3..b009fbb 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -22,6 +22,12 @@ ansible.builtin.import_role: name: nycmesh.common.support_account +- name: Import the motd role from the nycmesh.common collection + ansible.builtin.import_role: + name: nycmesh.common.motd + vars: + github_repo: https://github.com/nycmeshnet/syslog-infra + - name: Add JB1 ansible.posix.authorized_key: user: support diff --git a/ansible/roles/requirements.yml b/ansible/roles/requirements.yml index e895a8d..56cba6c 100644 --- a/ansible/roles/requirements.yml +++ b/ansible/roles/requirements.yml @@ -9,4 +9,4 @@ collections: - name: nycmesh.common source: git+https://github.com/nycmeshnet/nycmesh-ansible.git type: git - version: main + version: james/motd From a681b8092a053f28dd7b41d4e8819b9385ba2f6b Mon Sep 17 00:00:00 2001 From: james-otten Date: Thu, 9 Jan 2025 23:59:48 -0500 Subject: [PATCH 40/61] motd --- terraform/lxc.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/lxc.tf b/terraform/lxc.tf index 7cc7d9d..a4c81e2 100644 --- a/terraform/lxc.tf +++ b/terraform/lxc.tf @@ -5,7 +5,7 @@ resource "proxmox_lxc" "monitoring_host" { ostemplate = var.system_image password = var.local_password cores = 2 - memory = 1024 + memory = 2048 unprivileged = true start = true onboot = true From a04656773a1e0798479867efccdc0fb31d742125 Mon Sep 17 00:00:00 2001 From: james-otten Date: Fri, 10 Jan 2025 00:18:33 -0500 Subject: [PATCH 41/61] motd --- ansible/roles/requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/requirements.yml b/ansible/roles/requirements.yml index 56cba6c..e895a8d 100644 --- a/ansible/roles/requirements.yml +++ b/ansible/roles/requirements.yml @@ -9,4 +9,4 @@ collections: - name: nycmesh.common source: git+https://github.com/nycmeshnet/nycmesh-ansible.git type: git - version: james/motd + version: main From d7876de6051ba9446c31b803e342e5b3fafe4c11 Mon Sep 17 00:00:00 2001 From: james-otten Date: Tue, 14 Jan 2025 21:25:49 -0500 Subject: [PATCH 42/61] server stuff --- ansible/roles/log_collector/files/50-ilo.conf | 4 ++++ .../roles/log_collector/files/60-idrac.conf | 4 ++++ .../roles/log_collector/files/rsyslog.conf | 2 ++ ansible/roles/log_collector/tasks/main.yaml | 19 +++++++++++++++++++ 4 files changed, 29 insertions(+) create mode 100644 ansible/roles/log_collector/files/50-ilo.conf create mode 100644 ansible/roles/log_collector/files/60-idrac.conf diff --git a/ansible/roles/log_collector/files/50-ilo.conf b/ansible/roles/log_collector/files/50-ilo.conf new file mode 100644 index 0000000..42a47aa --- /dev/null +++ b/ansible/roles/log_collector/files/50-ilo.conf @@ -0,0 +1,4 @@ +# iLo logs +ruleset(name="ilo"){ + action(type="omfile" file="/var/log/ilo.log") +} diff --git a/ansible/roles/log_collector/files/60-idrac.conf b/ansible/roles/log_collector/files/60-idrac.conf new file mode 100644 index 0000000..94aec5b --- /dev/null +++ b/ansible/roles/log_collector/files/60-idrac.conf @@ -0,0 +1,4 @@ +# iDRAC logs +ruleset(name="idrac"){ + action(type="omfile" file="/var/log/idrac.log") +} diff --git a/ansible/roles/log_collector/files/rsyslog.conf b/ansible/roles/log_collector/files/rsyslog.conf index 002929e..90a7bab 100644 --- a/ansible/roles/log_collector/files/rsyslog.conf +++ b/ansible/roles/log_collector/files/rsyslog.conf @@ -18,6 +18,8 @@ input(type="imudp" port="514" ruleset="port514") input(type="imudp" port="515" ruleset="apc") input(type="imudp" port="516" ruleset="ubiquiti") input(type="imudp" port="517" ruleset="brocade") +input(type="imudp" port="518" ruleset="ilo") +input(type="imudp" port="519" ruleset="idrac") # provides TCP syslog reception module(load="imtcp") diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index b009fbb..2d00975 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -113,6 +113,11 @@ path: "/var/log/cambium.log" service: "mesh_devices" source: "cambium" + - type: file + path: "/var/log/ilo.log" +ilog/idrac.log" + service: "mesh_devices" + source: "idrac" - name: Create log file for {{ item }} ansible.builtin.file: @@ -128,6 +133,8 @@ - siklu - brocade - cambium + - ilo + - idrac - name: Rsyslog main config ansible.builtin.copy: @@ -159,6 +166,18 @@ dest: /etc/rsyslog.d/40-brocade.conf mode: "644" +- name: Rsyslog ilo config + ansible.builtin.copy: + src: 50-ilo.conf + dest: /etc/rsyslog.d/50-ilo.conf + mode: "644" + +- name: Rsyslog idrac config + ansible.builtin.copy: + src: 60-idrac.conf + dest: /etc/rsyslog.d/60-idrac.conf + mode: "644" + - name: Reload rsyslog ansible.builtin.systemd_service: name: rsyslog From 409c637e20491a007bb381b93ce4a8a92d595507 Mon Sep 17 00:00:00 2001 From: james-otten Date: Tue, 14 Jan 2025 21:30:58 -0500 Subject: [PATCH 43/61] server stuff --- ansible/roles/log_collector/tasks/main.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index 2d00975..46517de 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -115,7 +115,10 @@ source: "cambium" - type: file path: "/var/log/ilo.log" -ilog/idrac.log" + service: "mesh_devices" + source: "ilo" + - type: file + path: "/var/log/idrac.log" service: "mesh_devices" source: "idrac" From 0a0f07a4f92cb691b3728eb8717f37d066c50da2 Mon Sep 17 00:00:00 2001 From: james-otten Date: Wed, 15 Jan 2025 20:02:05 -0500 Subject: [PATCH 44/61] lint --- .github/workflows/ansible_lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ansible_lint.yaml b/.github/workflows/ansible_lint.yaml index 627c19e..2fe1671 100644 --- a/.github/workflows/ansible_lint.yaml +++ b/.github/workflows/ansible_lint.yaml @@ -10,7 +10,7 @@ jobs: - name: Run ansible-lint uses: ansible/ansible-lint@c629b235398065e24ff44b5f1138028642c74a03 with: - args: "" + args: "--exclude .ansible/" setup_python: "true" working_directory: "./ansible/" requirements_file: "" From 5506067783a9b1ffd1d36ad2a213ab77a08fba73 Mon Sep 17 00:00:00 2001 From: james-otten Date: Wed, 15 Jan 2025 20:05:22 -0500 Subject: [PATCH 45/61] lint --- .github/workflows/ansible_lint.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ansible_lint.yaml b/.github/workflows/ansible_lint.yaml index 2fe1671..308983b 100644 --- a/.github/workflows/ansible_lint.yaml +++ b/.github/workflows/ansible_lint.yaml @@ -10,7 +10,7 @@ jobs: - name: Run ansible-lint uses: ansible/ansible-lint@c629b235398065e24ff44b5f1138028642c74a03 with: - args: "--exclude .ansible/" + args: "" setup_python: "true" - working_directory: "./ansible/" + working_directory: "ansible" requirements_file: "" From dd6d52a77d0ccf304c0e9637ba1b724052691f8e Mon Sep 17 00:00:00 2001 From: james-otten Date: Wed, 15 Jan 2025 20:13:32 -0500 Subject: [PATCH 46/61] lint --- .github/workflows/ansible_lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ansible_lint.yaml b/.github/workflows/ansible_lint.yaml index 308983b..9326c34 100644 --- a/.github/workflows/ansible_lint.yaml +++ b/.github/workflows/ansible_lint.yaml @@ -12,5 +12,5 @@ jobs: with: args: "" setup_python: "true" - working_directory: "ansible" + working_directory: "/home/runner/work/syslog-infra/syslog-infra/ansible/" requirements_file: "" From 664c80107b2104e59a0f530ddfce49538d6d686f Mon Sep 17 00:00:00 2001 From: james-otten Date: Wed, 15 Jan 2025 20:15:07 -0500 Subject: [PATCH 47/61] lint --- .github/workflows/ansible_lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ansible_lint.yaml b/.github/workflows/ansible_lint.yaml index 9326c34..ba74269 100644 --- a/.github/workflows/ansible_lint.yaml +++ b/.github/workflows/ansible_lint.yaml @@ -10,7 +10,7 @@ jobs: - name: Run ansible-lint uses: ansible/ansible-lint@c629b235398065e24ff44b5f1138028642c74a03 with: - args: "" + args: "--exclude collections/ansible_collections" setup_python: "true" working_directory: "/home/runner/work/syslog-infra/syslog-infra/ansible/" requirements_file: "" From d425bf8233abd60ef2e235c5d42db47f1ac563ef Mon Sep 17 00:00:00 2001 From: james-otten Date: Wed, 15 Jan 2025 20:20:57 -0500 Subject: [PATCH 48/61] lint --- .github/workflows/ansible_lint.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ansible_lint.yaml b/.github/workflows/ansible_lint.yaml index ba74269..627c19e 100644 --- a/.github/workflows/ansible_lint.yaml +++ b/.github/workflows/ansible_lint.yaml @@ -10,7 +10,7 @@ jobs: - name: Run ansible-lint uses: ansible/ansible-lint@c629b235398065e24ff44b5f1138028642c74a03 with: - args: "--exclude collections/ansible_collections" + args: "" setup_python: "true" - working_directory: "/home/runner/work/syslog-infra/syslog-infra/ansible/" + working_directory: "./ansible/" requirements_file: "" From 10b13234c7019954710b3e2e7310b468a7279213 Mon Sep 17 00:00:00 2001 From: james-otten Date: Wed, 15 Jan 2025 20:24:39 -0500 Subject: [PATCH 49/61] lint --- .github/workflows/ansible_lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ansible_lint.yaml b/.github/workflows/ansible_lint.yaml index 627c19e..6148a42 100644 --- a/.github/workflows/ansible_lint.yaml +++ b/.github/workflows/ansible_lint.yaml @@ -8,7 +8,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Run ansible-lint - uses: ansible/ansible-lint@c629b235398065e24ff44b5f1138028642c74a03 + uses: ansible/ansible-lint@6178262c7e0d5e9792b5990d40029047760b8f09 with: args: "" setup_python: "true" From 9ac9bc1ba5daf3e857638564e14a5cad1c258020 Mon Sep 17 00:00:00 2001 From: james-otten Date: Wed, 15 Jan 2025 20:26:42 -0500 Subject: [PATCH 50/61] lint --- .github/workflows/ansible_lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ansible_lint.yaml b/.github/workflows/ansible_lint.yaml index 6148a42..086783c 100644 --- a/.github/workflows/ansible_lint.yaml +++ b/.github/workflows/ansible_lint.yaml @@ -10,7 +10,7 @@ jobs: - name: Run ansible-lint uses: ansible/ansible-lint@6178262c7e0d5e9792b5990d40029047760b8f09 with: - args: "" + args: "--exclude /home/runner/work/syslog-infra/syslog-infra/.ansible/collections/" setup_python: "true" working_directory: "./ansible/" requirements_file: "" From fb20c12ce13f1f0d198ce74f3d8bb4d71299f721 Mon Sep 17 00:00:00 2001 From: james-otten Date: Wed, 15 Jan 2025 20:29:37 -0500 Subject: [PATCH 51/61] lint --- .github/workflows/ansible_lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ansible_lint.yaml b/.github/workflows/ansible_lint.yaml index 086783c..e701420 100644 --- a/.github/workflows/ansible_lint.yaml +++ b/.github/workflows/ansible_lint.yaml @@ -10,7 +10,7 @@ jobs: - name: Run ansible-lint uses: ansible/ansible-lint@6178262c7e0d5e9792b5990d40029047760b8f09 with: - args: "--exclude /home/runner/work/syslog-infra/syslog-infra/.ansible/collections/" + args: "--exclude .ansible/collections/" setup_python: "true" working_directory: "./ansible/" requirements_file: "" From 9ed0625de19b8c0996e6b8b3a34c518f7460f2be Mon Sep 17 00:00:00 2001 From: james-otten Date: Wed, 15 Jan 2025 20:30:47 -0500 Subject: [PATCH 52/61] lint --- ansible/syslog.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ansible/syslog.yaml b/ansible/syslog.yaml index d490ee1..9dfdc59 100644 --- a/ansible/syslog.yaml +++ b/ansible/syslog.yaml @@ -1,5 +1,4 @@ -- name: Syslog - hosts: syslog_mgt +- hosts: syslog_mgt become: true roles: - role: log_collector From cd5cb239a881862a85380ee948dda48e6f344f2c Mon Sep 17 00:00:00 2001 From: james-otten Date: Wed, 15 Jan 2025 20:31:54 -0500 Subject: [PATCH 53/61] lint --- ansible/syslog.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ansible/syslog.yaml b/ansible/syslog.yaml index 9dfdc59..d490ee1 100644 --- a/ansible/syslog.yaml +++ b/ansible/syslog.yaml @@ -1,4 +1,5 @@ -- hosts: syslog_mgt +- name: Syslog + hosts: syslog_mgt become: true roles: - role: log_collector From e8fbcd96afd5cf3b54ba1348f35e5003811d7373 Mon Sep 17 00:00:00 2001 From: james-otten Date: Thu, 23 Jan 2025 20:52:58 -0500 Subject: [PATCH 54/61] use common bird role --- README.md | 2 + .../roles/log_collector/files/bird.service | 17 -- ansible/roles/log_collector/tasks/main.yaml | 25 +- .../log_collector/templates/bird.conf.j2 | 231 ------------------ .../log_collector/templates/interfaces.j2 | 2 +- terraform/ansible.tf | 5 +- terraform/prod2.tfvars | 1 - terraform/prod3.tfvars | 1 - terraform/vars.tf | 5 - 9 files changed, 10 insertions(+), 279 deletions(-) delete mode 100644 ansible/roles/log_collector/files/bird.service delete mode 100644 ansible/roles/log_collector/templates/bird.conf.j2 diff --git a/README.md b/README.md index f3dacbc..bb2edd7 100644 --- a/README.md +++ b/README.md @@ -8,3 +8,5 @@ | 515 | UDP | APC UPS | | 516 | UDP | Ubiquiti airOS | | 517 | UDP | Brocade | +| 518 | UDP | iLO | +| 519 | UDP | iDRAC | diff --git a/ansible/roles/log_collector/files/bird.service b/ansible/roles/log_collector/files/bird.service deleted file mode 100644 index bb61884..0000000 --- a/ansible/roles/log_collector/files/bird.service +++ /dev/null @@ -1,17 +0,0 @@ -[Unit] -Description=BIRD Internet Routing Daemon -# Bind to and start after rsyslog so that the IP is only announced when rsyslog is running -#After=network.target -After=network.target,rsyslog.service -BindsTo=rsyslog.service - -[Service] -EnvironmentFile=/etc/bird/envvars -ExecStartPre=/usr/lib/bird/prepare-environment -ExecStartPre=/usr/sbin/bird -p -ExecReload=/usr/sbin/birdc configure -ExecStart=/usr/sbin/bird -f -u $BIRD_RUN_USER -g $BIRD_RUN_GROUP $BIRD_ARGS -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index 46517de..6d4d0d7 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -5,7 +5,6 @@ pkg: - ca-certificates - iptables-persistent - - bird2 - rsyslog - name: Import the ssh_config role from the nycmesh.common collection @@ -52,12 +51,6 @@ state: present key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKULjIUF5hAULvkyCYU3BMf6SCOw4OMPyTvqfOqLBfnD j4" -- name: Bird systemd unit - ansible.builtin.copy: - src: bird.service - dest: /lib/systemd/system/bird.service - mode: "0644" - - name: Copy system interface definition ansible.builtin.template: src: interfaces.j2 @@ -194,16 +187,8 @@ state: restarted enabled: true -- name: Bird config - ansible.builtin.template: - src: bird.conf.j2 - dest: /etc/bird/bird.conf - mode: "640" - owner: "bird" - group: "bird" - -- name: Reload bird - ansible.builtin.systemd_service: - name: bird - state: reloaded - enabled: true +- name: Import the bird_basic role from the nycmesh.common collection + ansible.builtin.import_role: + name: nycmesh.common.bird2_basic + vars: + bird_binds_to_service: "rsyslog.service" diff --git a/ansible/roles/log_collector/templates/bird.conf.j2 b/ansible/roles/log_collector/templates/bird.conf.j2 deleted file mode 100644 index fa43dd4..0000000 --- a/ansible/roles/log_collector/templates/bird.conf.j2 +++ /dev/null @@ -1,231 +0,0 @@ -# Managed by ansible - -# This is a basic configuration file, which contains boilerplate options and -# some basic examples. It allows the BIRD daemon to start but will not cause -# anything else to happen. -# -# Please refer to the BIRD User's Guide documentation, which is also available -# online at http://bird.network.cz/ in HTML format, for more information on -# configuring BIRD and adding routing protocols. - -# Configure logging -log syslog all; -# log "/var/log/bird.log" { debug, trace, info, remote, warning, error, auth, fatal, bug }; - -# Set router ID. It is a unique identification of your router, usually one of -# IPv4 addresses of the router. It is recommended to configure it explicitly. -router id {{ ROUTER_ID }}; - -# Turn on global debugging of all protocols (all messages or just selected classes) -# debug protocols all; -# debug protocols { events, states }; - -# Turn on internal watchdog -# watchdog warning 5 s; -# watchdog timeout 30 s; - -# You can define your own constants -# define my_asn = 65000; -# define my_addr = 198.51.100.1; - -# Tables master4 and master6 are defined by default -# ipv4 table master4; -# ipv6 table master6; - -# Define more tables, e.g. for policy routing or as MRIB -# ipv4 table mrib4; -# ipv6 table mrib6; - -# The Device protocol is not a real routing protocol. It does not generate any -# routes and it only serves as a module for getting information about network -# interfaces from the kernel. It is necessary in almost any configuration. -protocol device { - scan time 10; -} - -# The direct protocol is not a real routing protocol. It automatically generates -# direct routes to all network interfaces. Can exist in as many instances as you -# wish if you want to populate multiple routing tables with direct routes. -protocol direct { - #disabled; # Disable by default - ipv4; # Connect to default IPv4 table - ipv6; # ... and to default IPv6 table -} - -# The Kernel protocol is not a real routing protocol. Instead of communicating -# with other routers in the network, it performs synchronization of BIRD -# routing tables with the OS kernel. One instance per table. -protocol kernel { - persist; - scan time 10; - ipv4 { # Connect protocol to IPv4 table by channel -# table master4; # Default IPv4 table is master4 - import all; # Import to table, default is import all - export all; # Export to protocol. default is export none - }; - learn; # Learn alien routes from the kernel -# kernel table 10; # Kernel table to synchronize with (default: main) -} - -# Another instance for IPv6, skipping default options -#protocol kernel { -# ipv6 { export all; }; -#} - -# Static routes (Again, there can be multiple instances, for different address -# families and to disable/enable various groups of static routes on the fly). -protocol static { - ipv4; # Again, IPv4 channel with default options - -# route 0.0.0.0/0 via 198.51.100.10; -# route 192.0.2.0/24 blackhole; -# route 10.0.0.0/8 unreachable; -# route 10.2.0.0/24 via "eth0"; -# # Static routes can be defined with optional attributes -# route 10.1.1.0/24 via 198.51.100.3 { rip_metric = 3; }; -# route 10.1.2.0/24 via 198.51.100.3 { ospf_metric1 = 100; }; -# route 10.1.3.0/24 via 198.51.100.4 { ospf_metric2 = 100; }; -} - -# Pipe protocol connects two routing tables. Beware of loops. -# protocol pipe { -# table master4; # No ipv4/ipv6 channel definition like in other protocols -# peer table mrib4; -# import all; # Direction peer table -> table -# export all; # Direction table -> peer table -# } - -# RIP example, both RIP and RIPng are supported -# protocol rip { -# ipv4 { -# # Export direct, static routes and ones from RIP itself -# import all; -# export where source ~ [ RTS_DEVICE, RTS_STATIC, RTS_RIP ]; -# }; -# interface "eth*" { -# update time 10; # Default period is 30 -# timeout time 60; # Default timeout is 180 -# authentication cryptographic; # No authentication by default -# password "hello" { algorithm hmac sha256; }; # Default is MD5 -# }; -# } - -# OSPF example, both OSPFv2 and OSPFv3 are supported -# protocol ospf v3 { -# ipv6 { -# import all; -# export where source = RTS_STATIC; -# }; -# area 0 { -# interface "eth*" { -# type broadcast; # Detected by default -# cost 10; # Interface metric -# hello 5; # Default hello perid 10 is too long -# }; -# interface "tun*" { -# type ptp; # PtP mode, avoids DR selection -# cost 100; # Interface metric -# hello 5; # Default hello perid 10 is too long -# }; -# interface "dummy0" { -# stub; # Stub interface, just propagate it -# }; -# }; -#} - -protocol ospf v2 { - ipv4 { - import none; - }; - area 0 { - default cost 10; - networks { - {{ BIRD_NETWORK }}; - }; - interface "eth*" { - type broadcast; # Detected by default - cost 10; # Interface metric - neighbors { - {{ BIRD_NEIGHBOR }}; - }; - }; - interface "dummy*" { - cost 10; - }; - }; -} - -# Define simple filter as an example for BGP import filter -# See https://gitlab.labs.nic.cz/labs/bird/wikis/BGP_filtering for more examples -# filter rt_import -# { -# if bgp_path.first != 64496 then accept; -# if bgp_path.len > 64 then accept; -# if bgp_next_hop != from then accept; -# reject; -# } - -# BGP example, explicit name 'uplink1' is used instead of default 'bgp1' -# protocol bgp uplink1 { -# description "My BGP uplink"; -# local 198.51.100.1 as 65000; -# neighbor 198.51.100.10 as 64496; -# hold time 90; # Default is 240 -# password "secret"; # Password used for MD5 authentication -# -# ipv4 { # regular IPv4 unicast (1/1) -# import filter rt_import; -# export where source ~ [ RTS_STATIC, RTS_BGP ]; -# }; -# -# ipv6 { # regular IPv6 unicast (2/1) -# import filter rt_import; -# export filter { # The same as 'where' expression above -# if source ~ [ RTS_STATIC, RTS_BGP ] -# then accept; -# else reject; -# }; -# }; -# -# ipv4 multicast { # IPv4 multicast topology (1/2) -# table mrib4; # explicit IPv4 table -# import filter rt_import; -# export all; -# }; -# -# ipv6 multicast { # IPv6 multicast topology (2/2) -# table mrib6; # explicit IPv6 table -# import filter rt_import; -# export all; -# }; -#} - -# Template example. Using templates to define IBGP route reflector clients. -# template bgp rr_clients { -# local 10.0.0.1 as 65000; -# neighbor as 65000; -# rr client; -# rr cluster id 1.0.0.1; -# -# ipv4 { -# import all; -# export where source = RTS_BGP; -# }; -# -# ipv6 { -# import all; -# export where source = RTS_BGP; -# }; -# } -# -# protocol bgp client1 from rr_clients { -# neighbor 10.0.1.1; -# } -# -# protocol bgp client2 from rr_clients { -# neighbor 10.0.2.1; -# } -# -# protocol bgp client3 from rr_clients { -# neighbor 10.0.3.1; -# } diff --git a/ansible/roles/log_collector/templates/interfaces.j2 b/ansible/roles/log_collector/templates/interfaces.j2 index 9bc275e..9a8d219 100644 --- a/ansible/roles/log_collector/templates/interfaces.j2 +++ b/ansible/roles/log_collector/templates/interfaces.j2 @@ -12,7 +12,7 @@ auto dummy0 iface dummy0 inet manual pre-up ip link add $IFACE type dummy pre-up ip link set up dev $IFACE - up ip addr add {{ ROUTER_ID }}/32 dev $IFACE + up ip addr add {{ bird_router_id }}/32 dev $IFACE down ip link del $IFACE auto dummy1 diff --git a/terraform/ansible.tf b/terraform/ansible.tf index 8758113..9f97cbc 100644 --- a/terraform/ansible.tf +++ b/terraform/ansible.tf @@ -7,11 +7,10 @@ resource "ansible_group" "syslog_mgt_group" { DATADOG_API_KEY = var.datadog_api_key DATADOG_SITE = var.datadog_site VM_HOSTNAME = var.hostname - ROUTER_ID = var.router_id + bird_router_id = var.router_id VM_MGT_IP = var.vm_mgt_ip INTERNAL_HOST_IDENTIFIER = var.internal_host_identifier - BIRD_NETWORK = var.bird_network - BIRD_NEIGHBOR = var.bird_neighbor + bird_network = var.bird_network SYSLOG_IP = var.syslog_ip DEFAULT_GATEWAY = var.vm_mgt_default_gateway local_password = var.local_password diff --git a/terraform/prod2.tfvars b/terraform/prod2.tfvars index a772b75..4849929 100644 --- a/terraform/prod2.tfvars +++ b/terraform/prod2.tfvars @@ -5,6 +5,5 @@ hostname = "nycmesh-10-syslog-2" vm_mgt_ip = "10.70.100.60" vm_mgt_default_gateway = "10.70.100.1" router_id = "10.70.100.61" -bird_neighbor = "10.69.0.10" bird_network = "10.69.0.0/16" system_image = "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst" diff --git a/terraform/prod3.tfvars b/terraform/prod3.tfvars index 1cdb23d..b6682a5 100644 --- a/terraform/prod3.tfvars +++ b/terraform/prod3.tfvars @@ -4,5 +4,4 @@ hostname = "nycmesh-713-syslog-1" vm_mgt_ip = "10.70.90.56" vm_mgt_default_gateway = "10.70.90.1" router_id = "10.70.90.201" -bird_neighbor = "10.69.7.13" bird_network = "10.69.0.0/16" diff --git a/terraform/vars.tf b/terraform/vars.tf index e214c8b..adc4212 100644 --- a/terraform/vars.tf +++ b/terraform/vars.tf @@ -87,11 +87,6 @@ variable "router_id" { description = "IP to use for the router id" } -variable "bird_neighbor" { - type = string - description = "neighbor for the ospf router" -} - variable "bird_network" { type = string description = "ospf network" From 286be119d273cd086f637135b38b23d767dd0f9f Mon Sep 17 00:00:00 2001 From: james-otten Date: Thu, 23 Jan 2025 21:15:43 -0500 Subject: [PATCH 55/61] dummy --- ansible/roles/log_collector/tasks/main.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index 6d4d0d7..911ecca 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -192,3 +192,4 @@ name: nycmesh.common.bird2_basic vars: bird_binds_to_service: "rsyslog.service" + bird_dummy_interface: "dummy*" From 211fb433232f9c597f8accb2889906b41f2aafdc Mon Sep 17 00:00:00 2001 From: james-otten Date: Wed, 26 Feb 2025 23:01:09 -0500 Subject: [PATCH 56/61] netgear --- README.md | 8 ++++++++ ansible/roles/log_collector/files/70-netgear.conf | 4 ++++ ansible/roles/log_collector/files/rsyslog.conf | 1 + ansible/roles/log_collector/tasks/main.yaml | 11 +++++++++++ 4 files changed, 24 insertions(+) create mode 100644 ansible/roles/log_collector/files/70-netgear.conf diff --git a/README.md b/README.md index bb2edd7..83a3a7f 100644 --- a/README.md +++ b/README.md @@ -10,3 +10,11 @@ | 517 | UDP | Brocade | | 518 | UDP | iLO | | 519 | UDP | iDRAC | +| 520 | UDP | Netgear | + +## Add a new port + +1. Add a new file under [ansible/roles/log_collector/files/](./ansible/roles/log_collector/files/) +2. Add the port + ruleset mapping to [ansible/roles/log_collector/files/rsyslog.conf](./ansible/roles/log_collector/files/rsyslog.conf) +3. Add the 3 mappings in [ansible/roles/log_collector/tasks/main.yaml](./ansible/roles/log_collector/tasks/main.yaml) for DD ingestion, file creation, and config file transfer. +4. Update the table in this file. diff --git a/ansible/roles/log_collector/files/70-netgear.conf b/ansible/roles/log_collector/files/70-netgear.conf new file mode 100644 index 0000000..b36290b --- /dev/null +++ b/ansible/roles/log_collector/files/70-netgear.conf @@ -0,0 +1,4 @@ +# netgear logs +ruleset(name="netgear"){ + action(type="omfile" file="/var/log/netgear.log") +} diff --git a/ansible/roles/log_collector/files/rsyslog.conf b/ansible/roles/log_collector/files/rsyslog.conf index 90a7bab..c9e497f 100644 --- a/ansible/roles/log_collector/files/rsyslog.conf +++ b/ansible/roles/log_collector/files/rsyslog.conf @@ -20,6 +20,7 @@ input(type="imudp" port="516" ruleset="ubiquiti") input(type="imudp" port="517" ruleset="brocade") input(type="imudp" port="518" ruleset="ilo") input(type="imudp" port="519" ruleset="idrac") +input(type="imudp" port="520" ruleset="netgear") # provides TCP syslog reception module(load="imtcp") diff --git a/ansible/roles/log_collector/tasks/main.yaml b/ansible/roles/log_collector/tasks/main.yaml index 911ecca..38cc1a0 100644 --- a/ansible/roles/log_collector/tasks/main.yaml +++ b/ansible/roles/log_collector/tasks/main.yaml @@ -114,6 +114,10 @@ path: "/var/log/idrac.log" service: "mesh_devices" source: "idrac" + - type: file + path: "/var/log/netgear.log" + service: "mesh_devices" + source: "netgear" - name: Create log file for {{ item }} ansible.builtin.file: @@ -131,6 +135,7 @@ - cambium - ilo - idrac + - netgear - name: Rsyslog main config ansible.builtin.copy: @@ -174,6 +179,12 @@ dest: /etc/rsyslog.d/60-idrac.conf mode: "644" +- name: Rsyslog netgear config + ansible.builtin.copy: + src: 70-netgear.conf + dest: /etc/rsyslog.d/70-netgear.conf + mode: "644" + - name: Reload rsyslog ansible.builtin.systemd_service: name: rsyslog From fe7cfe9f5071b43eb2ee0e4081ef3c1b1c594550 Mon Sep 17 00:00:00 2001 From: james-otten Date: Sun, 9 Mar 2025 22:31:57 -0400 Subject: [PATCH 57/61] deploy --- .github/workflows/deploy.yaml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 477423e..1377a6d 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -11,19 +11,28 @@ on: - master jobs: + deploy_prod3: + name: Deploy prod3 + uses: ./.github/workflows/deploy_syslog.yaml + with: + environment: prod3 + secrets: inherit + #if: github.ref == 'refs/heads/master' + deploy_prod2: name: Deploy prod2 uses: ./.github/workflows/deploy_syslog.yaml with: environment: prod2 secrets: inherit + needs: deploy_prod3 #if: github.ref == 'refs/heads/master' - deploy_prod3: - name: Deploy prod3 +deploy_prod1: + name: Deploy prod1 uses: ./.github/workflows/deploy_syslog.yaml with: - environment: prod3 + environment: prod1 secrets: inherit needs: deploy_prod2 #if: github.ref == 'refs/heads/master' From 6e1bab7218fa6ce6ee89ea17e4dc4fcbc0ea1f3e Mon Sep 17 00:00:00 2001 From: james-otten Date: Sun, 9 Mar 2025 22:34:07 -0400 Subject: [PATCH 58/61] deploy --- .github/workflows/deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 1377a6d..7b41329 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -28,7 +28,7 @@ jobs: needs: deploy_prod3 #if: github.ref == 'refs/heads/master' -deploy_prod1: + deploy_prod1: name: Deploy prod1 uses: ./.github/workflows/deploy_syslog.yaml with: From a8b27c86c2c29861ad4317729d885345b104e604 Mon Sep 17 00:00:00 2001 From: james-otten Date: Sun, 9 Mar 2025 22:57:17 -0400 Subject: [PATCH 59/61] vars --- terraform/prod1.tfvars | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 terraform/prod1.tfvars diff --git a/terraform/prod1.tfvars b/terraform/prod1.tfvars new file mode 100644 index 0000000..efa9ed5 --- /dev/null +++ b/terraform/prod1.tfvars @@ -0,0 +1,8 @@ +proxmox_node = "nycmesh-713-r640-02" +proxmox_storage_location = "local-lvm" +hostname = "nycmesh-713-syslog-3" +vm_mgt_ip = "10.70.90.207" +vm_nic = "vmbr0v32" +vm_mgt_default_gateway = "10.70.90.1" +router_id = "10.70.90.208" +bird_network = "10.69.0.0/16" From 22d056db92345a2648e443bf6706c87a39824820 Mon Sep 17 00:00:00 2001 From: james-otten Date: Sun, 9 Mar 2025 23:05:50 -0400 Subject: [PATCH 60/61] no3 --- .github/workflows/deploy.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 7b41329..d89f1bf 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -11,13 +11,13 @@ on: - master jobs: - deploy_prod3: - name: Deploy prod3 - uses: ./.github/workflows/deploy_syslog.yaml - with: - environment: prod3 - secrets: inherit - #if: github.ref == 'refs/heads/master' + # deploy_prod3: + # name: Deploy prod3 + # uses: ./.github/workflows/deploy_syslog.yaml + # with: + # environment: prod3 + # secrets: inherit + # #if: github.ref == 'refs/heads/master' deploy_prod2: name: Deploy prod2 @@ -25,7 +25,7 @@ jobs: with: environment: prod2 secrets: inherit - needs: deploy_prod3 + # needs: deploy_prod3 #if: github.ref == 'refs/heads/master' deploy_prod1: From d89e058c015ca888b65d78fa581c67982b614a68 Mon Sep 17 00:00:00 2001 From: james-otten Date: Mon, 10 Mar 2025 22:33:46 -0400 Subject: [PATCH 61/61] clean --- .github/workflows/deploy.yaml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index d89f1bf..dca6b90 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -4,11 +4,10 @@ permissions: read-all on: push: branches: - - master - - james/init + - main workflow_dispatch: branches: - - master + - main jobs: # deploy_prod3: @@ -17,7 +16,7 @@ jobs: # with: # environment: prod3 # secrets: inherit - # #if: github.ref == 'refs/heads/master' + # #if: github.ref == 'refs/heads/main' deploy_prod2: name: Deploy prod2 @@ -26,7 +25,7 @@ jobs: environment: prod2 secrets: inherit # needs: deploy_prod3 - #if: github.ref == 'refs/heads/master' + if: github.ref == 'refs/heads/main' deploy_prod1: name: Deploy prod1 @@ -35,4 +34,4 @@ jobs: environment: prod1 secrets: inherit needs: deploy_prod2 - #if: github.ref == 'refs/heads/master' + if: github.ref == 'refs/heads/main'