Use RELP as syslog transport

e2fe9d96 · ale · 65fad9e6 · e2fe9d96 · e2fe9d96 · e2fe9d96
Commit e2fe9d96 authored 3 years ago by ale
--- a/roles/float-base/tasks/apt.yml
+++ b/roles/float-base/tasks/apt.yml
@@ -106,7 +106,6 @@
      - curl
      - lsof
      - cgroups-exporter
-      - rsyslog-exporter
      - logcat
      - tabacco
      - restic
@@ -118,7 +117,8 @@
      - gpg
      - firewall
      - rsyslog
-      - rsyslog-gnutls
+      - rsyslog-relp
+      - rsyslog-exporter
      - mtail
      - auditd
      - audisp-json

--- a/roles/float-base/templates/rsyslog.conf.j2
+++ b/roles/float-base/templates/rsyslog.conf.j2
 global(
  maxMessageSize="64k"
-  defaultNetstreamDriver="gtls"
-  defaultNetstreamDriverCAFile="/etc/credentials/x509/log-client/ca.pem"
-  defaultNetstreamDriverCertFile="/etc/credentials/x509/log-client/client/cert.pem"
-  defaultNetstreamDriverKeyFile="/etc/credentials/x509/log-client/client/private_key.pem"
 )

 module(load="imuxsock"
@@ -25,6 +21,11 @@ module(
  load="omprog"
 )

+module(
+  load="omrelp"
+  tls.tlslib="openssl"
+)
+
 ruleset(name="process_stats") {
  action(
    type="omprog"
@@ -55,15 +56,16 @@ ruleset(name="incoming") {
         action.resumeIntervalMax="30")

  # Send everything to remote peer, do not write anything locally.
-  action(type="omfwd"
-         protocol="tcp"
+  action(type="omrelp"
         target="log-collector.{{ domain }}"
         port="6514"
-         StreamDriver="gtls"
-         StreamDriverMode="1"
-         StreamDriverAuthMode="x509/name"
-         StreamDriverPermittedPeers="log-collector.{{ domain }}"
-         Keepalive="on"
+         tls="on"
+         tls.compression="on"
+         tls.authmode="certvalid"
+         tls.permittedpeer="log-collector.{{ domain }}"
+         tls.cacert="/etc/credentials/x509/log-client/ca.pem"
+         tls.mycert="/etc/credentials/x509/log-client/client/cert.pem"
+         tls.myprivkey="/etc/credentials/x509/log-client/client/private_key.pem"
         action.resumeRetryCount="-1"
         action.resumeInterval="2"
         action.reportSuspension="on"

--- a/roles/float-infra-log-collector/templates/rsyslog-collector.conf.j2
+++ b/roles/float-infra-log-collector/templates/rsyslog-collector.conf.j2

 global(
  maxMessageSize="64k"
-  defaultNetstreamDriver="gtls"
-  defaultNetstreamDriverCAFile="/etc/credentials/x509/log-collector/ca.pem"
-  defaultNetstreamDriverCertFile="/etc/credentials/x509/log-collector/server/cert.pem"
-  defaultNetstreamDriverKeyFile="/etc/credentials/x509/log-collector/server/private_key.pem"
 )

 main_queue(
@@ -293,13 +289,20 @@ ruleset(name="incoming"){
 }

 module(
-  load="imtcp"
-  MaxSessions="500"
-  StreamDriver.Name="gtls"
-  StreamDriver.Mode="1"
-  StreamDriver.AuthMode="x509/name"
-  PermittedPeer="*.{{ domain }}"
+  load="imrelp"
+  tls.tlslib="openssl"
 )

-input(type="imtcp" port="6514" ruleset="incoming")
-
+input(
+  type="imrelp"
+  port="6514"
+  maxDataSize="16k"
+  ruleset="incoming"
+  tls="on"
+  tls.compression="on"
+  tls.cacert="/etc/credentials/x509/log-collector/ca.pem"
+  tls.mycert="/etc/credentials/x509/log-collector/server/cert.pem"
+  tls.myprivkey="/etc/credentials/x509/log-collector/server/private_key.pem"
+  tls.permittedpeer="*.{{ domain }}" 
+  tls.authmode="certvalid"
+)