set nginx logging to use journald

Add base_config and deploy_systemd_journal_config
2025-01-19 20:30:53 +01:00 · 2025-01-19 20:30:05 +01:00
10 changed files with 75 additions and 18 deletions
--- a/inventories/chaosknoten/hosts.yaml
+++ b/inventories/chaosknoten/hosts.yaml
@ -51,6 +51,21 @@ all:
          ansible_host: zammad-intern.hamburg.ccc.de
          ansible_user: chaos
          ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
+    base_config_hosts:
+      hosts:
+        ccchoir:
+        cloud:
+        grafana:
+        keycloak:
+        lists:
+        mumble:
+        onlyoffice:
+        pad:
+        pretalx:
+        public-reverse-proxy:
+        tickets:
+        wiki:
+        zammad:
    docker_compose_hosts:
      hosts:
        ccchoir:
@ -82,21 +97,6 @@ all:
    public_reverse_proxy_hosts:
      hosts:
        public-reverse-proxy:
-    ssh_server_config_hosts:
-      hosts:
-        ccchoir:
-        cloud:
-        grafana:
-        keycloak:
-        lists:
-        mumble:
-        onlyoffice:
-        pad:
-        pretalx:
-        public-reverse-proxy:
-        tickets:
-        wiki:
-        zammad:
    certbot_hosts:
      hosts:
        ccchoir:
--- a/playbooks/deploy.yaml
+++ b/playbooks/deploy.yaml
@ -1,8 +1,8 @@
 ---
- name: Ensure SSH server config deployment on ssh_server_config_hosts
-  hosts: ssh_server_config_hosts
+- name: Ensure base config is deployment on base_config_hosts
+  hosts: base_config_hosts
  roles:
-    - deploy_ssh_server_config
+    - base_config

 - name: Ensure deployment of infrastructure authorized keys
  hosts: infrastructure_authorized_keys_hosts
--- a/roles/base_config/meta/main.yaml
+++ b/roles/base_config/meta/main.yaml
@ -0,0 +1,4 @@
+---
+dependencies:
+  - role: deploy_ssh_server_config
+  - role: deploy_systemd_journal_config
--- a/roles/deploy_systemd_journal_config/files/10-ccchh.conf
+++ b/roles/deploy_systemd_journal_config/files/10-ccchh.conf
@ -0,0 +1,3 @@
+[Journal]
+MaxFileSec=2day
+MaxRetentionSec=2week
--- a/roles/deploy_systemd_journal_config/handlers/main.yaml
+++ b/roles/deploy_systemd_journal_config/handlers/main.yaml
@ -0,0 +1,5 @@
+- name: Restart `systemd-journald.service`
+  ansible.builtin.systemd:
+    name: systemd-journald.service
+    state: restarted
+  become: true
--- a/roles/deploy_systemd_journal_config/tasks/main.yaml
+++ b/roles/deploy_systemd_journal_config/tasks/main.yaml
@ -0,0 +1,18 @@
+- name: Create 'journald.conf.d' directory if it does not exist
+  ansible.builtin.file:
+    path: "/etc/systemd/journald.conf.d"
+    state: directory
+    mode: '0644'
+    owner: root
+    group: root
+  become: true
+
+- name: make sure the custom configuration file is deployed
+  ansible.builtin.copy:
+    src: "10-ccchh.conf"
+    dest: "/etc/systemd/journald.conf.d/10-ccchh.conf"
+    mode: "0644"
+    owner: root
+    group: root
+  become: true
+  notify: Restart `systemd-journald.service`
--- a/roles/nginx/defaults/main.yaml
+++ b/roles/nginx/defaults/main.yaml
@ -1,5 +1,6 @@
 nginx__deploy_redirect_conf: true
 nginx__deploy_tls_conf: true
+nginx__deploy_logging_conf: true
 nginx__configurations: [ ]
 nginx__use_custom_nginx_conf: false
 nginx__custom_nginx_conf: ""
--- a/roles/nginx/files/logging.conf
+++ b/roles/nginx/files/logging.conf
@ -0,0 +1,2 @@
+error_log  syslog:server=unix:/run/systemd/journal/dev-log,nohostname,severity=warn debug;
+access_log  syslog:server=unix:/run/systemd/journal/dev-log,nohostname,severity=info main;
--- a/roles/nginx/meta/argument_specs.yaml
+++ b/roles/nginx/meta/argument_specs.yaml
@ -23,6 +23,12 @@ argument_specs:
        type: bool
        required: false
        default: true
+      nginx__deploy_logging_conf:
+        description: >-
+          Whether or not to deploy a `logging.conf` to `/etc/nginx/conf.d/logging.conf`.
+        type: bool
+        required: false
+        default: true
      nginx__configurations:
        description: A list of nginx configurations.
        type: list
--- a/roles/nginx/tasks/main/config_deploy.yaml
+++ b/roles/nginx/tasks/main/config_deploy.yaml
@ -100,6 +100,24 @@
      ansible.builtin.set_fact:
        nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'redirect.conf' ] }}"  # noqa: jinja[spacing]

+- name: handle the case, where logging.conf should be deployed
+  when: nginx__deploy_logging_conf
+  block:
+    - name: make sure logging.conf is deployed
+      ansible.builtin.copy:
+        force: true
+        dest: /etc/nginx/conf.d/logging.conf
+        mode: "0644"
+        owner: root
+        group: root
+        src: logging.conf
+      become: true
+      notify: Restart `nginx.service`
+
+    - name: add logging.conf to nginx__config_files_to_exist
+      ansible.builtin.set_fact:
+        nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'logging.conf' ] }}"  # noqa: jinja[spacing]
+
 - name: make sure all given configuration files are deployed
  ansible.builtin.copy:
    content: "{{ item.content }}"
Author	SHA1	Message	Date
c6ristian	a86b34cf34	set nginx logging to use journald All checks were successful / Ansible Lint (push) Successful in 1m53s Details	2025-01-19 20:30:53 +01:00
c6ristian	328ec744cc	Add base_config and deploy_systemd_journal_config	2025-01-19 20:30:05 +01:00