diff --git a/pkg/component/rsyslogrelpconfigcleaner/rsyslog_relp_config_cleaner.go b/pkg/component/rsyslogrelpconfigcleaner/rsyslog_relp_config_cleaner.go index 98ce8ca0..460ef2c7 100644 --- a/pkg/component/rsyslogrelpconfigcleaner/rsyslog_relp_config_cleaner.go +++ b/pkg/component/rsyslogrelpconfigcleaner/rsyslog_relp_config_cleaner.go @@ -177,6 +177,10 @@ func computeCommand() []string { chroot /host /bin/bash -c 'systemctl disable rsyslog-configurator; systemctl stop rsyslog-configurator; rm -f /etc/systemd/system/rsyslog-configurator.service' fi +if [[ -d /host/var/log/rsyslog ]]; then + rm -rf /host/var/log/rsyslog +fi + if [[ -f /host/etc/audit/plugins.d/syslog.conf ]]; then sed -i "s/^active\\>.*/active = no/i" /host/etc/audit/plugins.d/syslog.conf fi diff --git a/pkg/webhook/operatingsystemconfig/resources/templates/60-audit.conf.tpl b/pkg/webhook/operatingsystemconfig/resources/templates/60-audit.conf.tpl index b39397d1..2a721a5e 100644 --- a/pkg/webhook/operatingsystemconfig/resources/templates/60-audit.conf.tpl +++ b/pkg/webhook/operatingsystemconfig/resources/templates/60-audit.conf.tpl @@ -59,6 +59,12 @@ ruleset(name="relp_action_ruleset") { type="omrelp" target="{{ .target }}" port="{{ .port }}" + queue.type="linkedlist" + queue.size="100000" + queue.filename="rsyslog-relp-queue" + queue.saveOnShutdown="on" + queue.spoolDirectory="{{ .rsyslogRelpQueueSpoolDir }}" + queue.maxDiskSpace="48m" Template="SyslogForwarderTemplate" {{- if .rebindInterval }} rebindInterval="{{ .rebindInterval }}" diff --git a/pkg/webhook/operatingsystemconfig/resources/templates/scripts/configure-rsyslog.tpl.sh b/pkg/webhook/operatingsystemconfig/resources/templates/scripts/configure-rsyslog.tpl.sh index e174b37a..a2caeaf9 100644 --- a/pkg/webhook/operatingsystemconfig/resources/templates/scripts/configure-rsyslog.tpl.sh +++ b/pkg/webhook/operatingsystemconfig/resources/templates/scripts/configure-rsyslog.tpl.sh @@ -58,6 +58,10 @@ function configure_rsyslog() { systemctl enable rsyslog.service fi + if [[ ! -d {{ .rsyslogRelpQueueSpoolDir }} ]]; then + mkdir -p {{ .rsyslogRelpQueueSpoolDir }} + fi + restart_rsyslog=false if [[ ! -f {{ .pathRsyslogAuditConf }} ]] || ! diff -rq {{ .pathRsyslogAuditConfFromOSC }} {{ .pathRsyslogAuditConf }} ; then diff --git a/pkg/webhook/operatingsystemconfig/rsyslog.go b/pkg/webhook/operatingsystemconfig/rsyslog.go index 0ecfe5d7..b9440314 100644 --- a/pkg/webhook/operatingsystemconfig/rsyslog.go +++ b/pkg/webhook/operatingsystemconfig/rsyslog.go @@ -36,6 +36,8 @@ const ( configureRsyslogScriptPath = rsyslogOSCDir + "/configure-rsyslog.sh" processRsyslogPstatsScriptPath = rsyslogOSCDir + "/process-rsyslog-pstats.sh" + rsyslogRelpQueueSpoolDir = "/var/log/rsyslog" + auditRulesDir = "/etc/audit/rules.d" auditRulesBackupDir = "/etc/audit/rules.d.original" auditSyslogPluginPath = "/etc/audit/plugins.d/syslog.conf" @@ -77,6 +79,7 @@ func init() { } if err := configureRsyslogScriptTemplate.Execute(&configureRsyslogScript, map[string]interface{}{ + "rsyslogRelpQueueSpoolDir": rsyslogRelpQueueSpoolDir, "pathRsyslogTLSDir": rsyslogTLSDir, "pathRsyslogTLSFromOSCDir": rsyslogTLSFromOSCDir, "pathAuditRulesDir": auditRulesDir, @@ -176,6 +179,7 @@ func getRsyslogValues(rsyslogRelpConfig *rsyslog.RsyslogRelpConfig, cluster *ext return map[string]interface{}{ "target": rsyslogRelpConfig.Target, "port": rsyslogRelpConfig.Port, + "rsyslogRelpQueueSpoolDir": rsyslogRelpQueueSpoolDir, "projectName": projectName, "shootName": cluster.Shoot.Name, "shootUID": cluster.Shoot.UID, diff --git a/pkg/webhook/operatingsystemconfig/testdata/60-audit-with-tls.conf b/pkg/webhook/operatingsystemconfig/testdata/60-audit-with-tls.conf index c88a25d4..2c3a9599 100644 --- a/pkg/webhook/operatingsystemconfig/testdata/60-audit-with-tls.conf +++ b/pkg/webhook/operatingsystemconfig/testdata/60-audit-with-tls.conf @@ -57,6 +57,12 @@ ruleset(name="relp_action_ruleset") { type="omrelp" target="localhost" port="10250" + queue.type="linkedlist" + queue.size="100000" + queue.filename="rsyslog-relp-queue" + queue.saveOnShutdown="on" + queue.spoolDirectory="/var/log/rsyslog" + queue.maxDiskSpace="48m" Template="SyslogForwarderTemplate" tls="on" tls.caCert="/etc/ssl/rsyslog/ca.crt" diff --git a/pkg/webhook/operatingsystemconfig/testdata/60-audit.conf b/pkg/webhook/operatingsystemconfig/testdata/60-audit.conf index 25244e29..82114f60 100644 --- a/pkg/webhook/operatingsystemconfig/testdata/60-audit.conf +++ b/pkg/webhook/operatingsystemconfig/testdata/60-audit.conf @@ -56,6 +56,12 @@ ruleset(name="relp_action_ruleset") { type="omrelp" target="localhost" port="10250" + queue.type="linkedlist" + queue.size="100000" + queue.filename="rsyslog-relp-queue" + queue.saveOnShutdown="on" + queue.spoolDirectory="/var/log/rsyslog" + queue.maxDiskSpace="48m" Template="SyslogForwarderTemplate" ) } diff --git a/pkg/webhook/operatingsystemconfig/testdata/configure-rsyslog.sh b/pkg/webhook/operatingsystemconfig/testdata/configure-rsyslog.sh index 85eba21b..784f7c28 100644 --- a/pkg/webhook/operatingsystemconfig/testdata/configure-rsyslog.sh +++ b/pkg/webhook/operatingsystemconfig/testdata/configure-rsyslog.sh @@ -58,6 +58,10 @@ function configure_rsyslog() { systemctl enable rsyslog.service fi + if [[ ! -d /var/log/rsyslog ]]; then + mkdir -p /var/log/rsyslog + fi + restart_rsyslog=false if [[ ! -f /etc/rsyslog.d/60-audit.conf ]] || ! diff -rq /var/lib/rsyslog-relp-configurator/rsyslog.d/60-audit.conf /etc/rsyslog.d/60-audit.conf ; then diff --git a/test/integration/controller/lifecycle/lifecycle_test.go b/test/integration/controller/lifecycle/lifecycle_test.go index 2736974f..57275073 100644 --- a/test/integration/controller/lifecycle/lifecycle_test.go +++ b/test/integration/controller/lifecycle/lifecycle_test.go @@ -67,6 +67,10 @@ spec: chroot /host /bin/bash -c 'systemctl disable rsyslog-configurator; systemctl stop rsyslog-configurator; rm -f /etc/systemd/system/rsyslog-configurator.service' fi + if [[ -d /host/var/log/rsyslog ]]; then + rm -rf /host/var/log/rsyslog + fi + if [[ -f /host/etc/audit/plugins.d/syslog.conf ]]; then sed -i "s/^active\\>.*/active = no/i" /host/etc/audit/plugins.d/syslog.conf fi