dvirlabs/rsyslog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details

Browse Source
This commit is contained in:
dvirlabs 2026-04-17 18:16:46 +03:00
parent 8947b72863
commit 2f580459d4
2 changed files with 101 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.woodpecker.yml
View File

@ -8,6 +8,7 @@ steps:
validate: validate:
image: alpine/ansible:latest image: alpine/ansible:latest
depends_on: [syntax-check]
environment: environment:
ANSIBLE_CONFIG: ansible.cfg ANSIBLE_CONFIG: ansible.cfg
SSH_PRIVATE_KEY: SSH_PRIVATE_KEY:
@ -20,6 +21,7 @@ steps:
drift-check: drift-check:
image: alpine/ansible:latest image: alpine/ansible:latest
depends_on: [syntax-check]
environment: environment:
ANSIBLE_CONFIG: ansible.cfg ANSIBLE_CONFIG: ansible.cfg
SSH_PRIVATE_KEY: SSH_PRIVATE_KEY:
@ -34,6 +36,7 @@ steps:
deploy: deploy:
image: alpine/ansible:latest image: alpine/ansible:latest
depends_on: [syntax-check, validate]
environment: environment:
ANSIBLE_CONFIG: ansible.cfg ANSIBLE_CONFIG: ansible.cfg
SSH_PRIVATE_KEY: SSH_PRIVATE_KEY:

112
ansible/playbooks/apply.yml
View File

@ -1,39 +1,123 @@
--- ---
- name: Apply rsyslog configuration - name: Apply rsyslog configuration (safe staged deployment)
hosts: rsyslog_servers hosts: rsyslog_servers
become: true become: true
vars:
backup_dir: /var/backups/rsyslog-ansible
backup_conf: "{{ backup_dir }}/rsyslog.conf.bak"
backup_confd: "{{ backup_dir }}/rsyslog.d.bak"
tasks: tasks:
- name: Copy rsyslog main configuration
# -------------------------------------------------------------------------
# STAGE 1 — Backup current working configuration
# -------------------------------------------------------------------------
- name: Ensure backup directory exists
file:
path: "{{ backup_dir }}"
state: directory
mode: "0700"
- name: Backup current rsyslog.conf
copy:
src: "{{ rsyslog_main_config }}"
dest: "{{ backup_conf }}"
remote_src: true
mode: "0600"
- name: Remove stale rsyslog.d backup
file:
path: "{{ backup_confd }}"
state: absent
- name: Backup current rsyslog.d directory
copy:
src: "{{ rsyslog_config_dir }}/"
dest: "{{ backup_confd }}/"
remote_src: true
# -------------------------------------------------------------------------
# STAGE 2 — Deploy new configuration files from repo
# -------------------------------------------------------------------------
- name: Copy new rsyslog.conf from repo
copy: copy:
src: ../../files/rsyslog.conf src: ../../files/rsyslog.conf
dest: "{{ rsyslog_main_config }}" dest: "{{ rsyslog_main_config }}"
owner: root owner: root
group: root group: root
mode: '0644' mode: "0644"
backup: true
register: main_config_copied
- name: Copy rsyslog.d configurations - name: Copy new rsyslog.d configs from repo
copy: copy:
src: ../../files/rsyslog.d/ src: ../../files/rsyslog.d/
dest: "{{ rsyslog_config_dir }}/" dest: "{{ rsyslog_config_dir }}/"
owner: root owner: root
group: root group: root
mode: '0644' mode: "0644"
register: config_dir_copied
- name: Validate rsyslog configuration # -------------------------------------------------------------------------
command: rsyslogd -N1 # STAGE 3 — Validate against the full real config tree on the remote host
# Runs rsyslogd -N1 against the actual /etc/rsyslog.conf so all includes,
# modules, and templates are resolved in the real environment.
# -------------------------------------------------------------------------
- name: Validate new configuration on remote host
command: rsyslogd -N1 -f "{{ rsyslog_main_config }}"
register: validation_result
changed_when: false changed_when: false
when: main_config_copied.changed or config_dir_copied.changed failed_when: false # We handle failure manually below
# -------------------------------------------------------------------------
# STAGE 4a — Validation FAILED: restore backup and abort
# -------------------------------------------------------------------------
- name: Print validation error output
debug:
msg: |
✗ Validation failed!
stdout: {{ validation_result.stdout | default('(empty)') }}
stderr: {{ validation_result.stderr | default('(empty)') }}
when: validation_result.rc != 0
- name: Restore rsyslog.conf from backup
copy:
src: "{{ backup_conf }}"
dest: "{{ rsyslog_main_config }}"
remote_src: true
mode: "0644"
when: validation_result.rc != 0
- name: Restore rsyslog.d from backup
copy:
src: "{{ backup_confd }}/"
dest: "{{ rsyslog_config_dir }}/"
remote_src: true
when: validation_result.rc != 0
- name: Fail pipeline — config restored to previous working state
fail:
msg: >
rsyslog configuration validation failed (rc={{ validation_result.rc }}).
The previous working config has been restored. No service restart was performed.
stderr: {{ validation_result.stderr | default('(empty)') }}
when: validation_result.rc != 0
# -------------------------------------------------------------------------
# STAGE 4b — Validation PASSED: restart rsyslog and report success
# -------------------------------------------------------------------------
- name: Restart rsyslog service - name: Restart rsyslog service
service: service:
name: "{{ rsyslog_service }}" name: "{{ rsyslog_service }}"
state: restarted state: restarted
when: main_config_copied.changed or config_dir_copied.changed when: validation_result.rc == 0
- name: Display apply result - name: Print success status
debug: debug:
msg: "✓ rsyslog configuration applied successfully" msg: |
✓ rsyslog configuration deployed successfully.
Validation passed. Service restarted.
when: validation_result.rc == 0