Skip to content

Commit

Permalink
Adds a queue for rsyslog relp messages (#115)
Browse files Browse the repository at this point in the history
  • Loading branch information
@plkokanov
plkokanov authored Jun 19, 2024
1 parent c1ed96f commit 4c129ce
Show file tree
Hide file tree
Showing 8 changed files with 38 additions and 0 deletions.
4 changes: 4 additions & 0 deletions pkg/component/rsyslogrelpconfigcleaner/rsyslog_relp_config_cleaner.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,10 @@ func computeCommand() []string {
chroot /host /bin/bash -c 'systemctl disable rsyslog-configurator; systemctl stop rsyslog-configurator; rm -f /etc/systemd/system/rsyslog-configurator.service'
fi
if [[ -d /host/var/log/rsyslog ]]; then
rm -rf /host/var/log/rsyslog
fi
if [[ -f /host/etc/audit/plugins.d/syslog.conf ]]; then
sed -i "s/^active\\>.*/active = no/i" /host/etc/audit/plugins.d/syslog.conf
fi
Expand Down
6 changes: 6 additions & 0 deletions pkg/webhook/operatingsystemconfig/resources/templates/60-audit.conf.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,12 @@ ruleset(name="relp_action_ruleset") {
type="omrelp"
target="{{ .target }}"
port="{{ .port }}"
queue.type="linkedlist"
queue.size="100000"
queue.filename="rsyslog-relp-queue"
queue.saveOnShutdown="on"
queue.spoolDirectory="{{ .rsyslogRelpQueueSpoolDir }}"
queue.maxDiskSpace="48m"
Template="SyslogForwarderTemplate"
{{- if .rebindInterval }}
rebindInterval="{{ .rebindInterval }}"
Expand Down
4 changes: 4 additions & 0 deletions pkg/webhook/operatingsystemconfig/resources/templates/scripts/configure-rsyslog.tpl.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,10 @@ function configure_rsyslog() {
systemctl enable rsyslog.service
fi

if [[ ! -d {{ .rsyslogRelpQueueSpoolDir }} ]]; then
mkdir -p {{ .rsyslogRelpQueueSpoolDir }}
fi

restart_rsyslog=false

if [[ ! -f {{ .pathRsyslogAuditConf }} ]] || ! diff -rq {{ .pathRsyslogAuditConfFromOSC }} {{ .pathRsyslogAuditConf }} ; then
Expand Down
4 changes: 4 additions & 0 deletions pkg/webhook/operatingsystemconfig/rsyslog.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ const (
configureRsyslogScriptPath = rsyslogOSCDir + "/configure-rsyslog.sh"
processRsyslogPstatsScriptPath = rsyslogOSCDir + "/process-rsyslog-pstats.sh"

rsyslogRelpQueueSpoolDir = "/var/log/rsyslog"

auditRulesDir = "/etc/audit/rules.d"
auditRulesBackupDir = "/etc/audit/rules.d.original"
auditSyslogPluginPath = "/etc/audit/plugins.d/syslog.conf"
Expand Down Expand Up @@ -77,6 +79,7 @@ func init() {
}

if err := configureRsyslogScriptTemplate.Execute(&configureRsyslogScript, map[string]interface{}{
"rsyslogRelpQueueSpoolDir": rsyslogRelpQueueSpoolDir,
"pathRsyslogTLSDir": rsyslogTLSDir,
"pathRsyslogTLSFromOSCDir": rsyslogTLSFromOSCDir,
"pathAuditRulesDir": auditRulesDir,
Expand Down Expand Up @@ -176,6 +179,7 @@ func getRsyslogValues(rsyslogRelpConfig *rsyslog.RsyslogRelpConfig, cluster *ext
return map[string]interface{}{
"target": rsyslogRelpConfig.Target,
"port": rsyslogRelpConfig.Port,
"rsyslogRelpQueueSpoolDir": rsyslogRelpQueueSpoolDir,
"projectName": projectName,
"shootName": cluster.Shoot.Name,
"shootUID": cluster.Shoot.UID,
Expand Down
6 changes: 6 additions & 0 deletions pkg/webhook/operatingsystemconfig/testdata/60-audit-with-tls.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,12 @@ ruleset(name="relp_action_ruleset") {
type="omrelp"
target="localhost"
port="10250"
queue.type="linkedlist"
queue.size="100000"
queue.filename="rsyslog-relp-queue"
queue.saveOnShutdown="on"
queue.spoolDirectory="/var/log/rsyslog"
queue.maxDiskSpace="48m"
Template="SyslogForwarderTemplate"
tls="on"
tls.caCert="/etc/ssl/rsyslog/ca.crt"
Expand Down
6 changes: 6 additions & 0 deletions pkg/webhook/operatingsystemconfig/testdata/60-audit.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,12 @@ ruleset(name="relp_action_ruleset") {
type="omrelp"
target="localhost"
port="10250"
queue.type="linkedlist"
queue.size="100000"
queue.filename="rsyslog-relp-queue"
queue.saveOnShutdown="on"
queue.spoolDirectory="/var/log/rsyslog"
queue.maxDiskSpace="48m"
Template="SyslogForwarderTemplate"
)
}
Expand Down
4 changes: 4 additions & 0 deletions pkg/webhook/operatingsystemconfig/testdata/configure-rsyslog.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,10 @@ function configure_rsyslog() {
systemctl enable rsyslog.service
fi

if [[ ! -d /var/log/rsyslog ]]; then
mkdir -p /var/log/rsyslog
fi

restart_rsyslog=false

if [[ ! -f /etc/rsyslog.d/60-audit.conf ]] || ! diff -rq /var/lib/rsyslog-relp-configurator/rsyslog.d/60-audit.conf /etc/rsyslog.d/60-audit.conf ; then
Expand Down
4 changes: 4 additions & 0 deletions test/integration/controller/lifecycle/lifecycle_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,10 @@ spec:
chroot /host /bin/bash -c 'systemctl disable rsyslog-configurator; systemctl stop rsyslog-configurator; rm -f /etc/systemd/system/rsyslog-configurator.service'
fi
if [[ -d /host/var/log/rsyslog ]]; then
rm -rf /host/var/log/rsyslog
fi
if [[ -f /host/etc/audit/plugins.d/syslog.conf ]]; then
sed -i "s/^active\\>.*/active = no/i" /host/etc/audit/plugins.d/syslog.conf
fi
Expand Down

0 comments on commit 4c129ce

Please sign in to comment.