Set generic project

2026-04-19 16:58:34 +03:00 · 2026-04-19 16:58:34 +03:00 · bd120cc643
commit bd120cc643
parent 197647fb15
7 changed files with 623 additions and 9 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,24 @@
 # Local configuration (server-specific, may contain secrets)
 config.local.env
 *.local.env
 # SSH keys and credentials
 .ssh/
 *.pem
 *.key
 # Editor/IDE
 .vscode/
 .idea/
 *.swp
 *.swo
 *~
 .DS_Store
 # Logs
 *.log
 logs/
 # Dependencies
 __pycache__/
 *.pyc
--- a/CONFIGURATION.md
+++ b/CONFIGURATION.md
@ -0,0 +1,170 @@
 # Configuration Guide
 This repository can be adapted for different servers through the configuration system.
 ## Quick Start
 ### 1. Create your environment-specific configuration
 Copy the default configuration template to a local version:
 ```bash
 cp config.env config.local.env
 ```
 ### 2. Edit config.local.env for your server
 Update the values to match your environment:
 ```bash
 nano config.local.env
 ```
 Key variables to adjust:
 - **`SERVER_HOSTNAME`**: Your target server hostname/IP
 - **`RSYSLOG_MAIN_CONFIG`**: Path to main rsyslog config on server (usually `/etc/rsyslog.conf`)
 - **`RSYSLOG_CONFIG_DIR`**: Directory for modular configs on server (usually `/etc/rsyslog.d`)
 - **`GIT_RSYSLOG_MAIN_CONFIG`**: Path in Git (usually `rsyslog.conf`)
 - **`GIT_RSYSLOG_CONFIG_DIR`**: Path in Git (usually `rsyslog.d`)
 ### 3. Validate your configuration
 Check that everything is syntactically correct:
 ```bash
 ./validate-syntax.sh
 ```
 This will verify:
 - ✓ Shell script syntax
 - ✓ Configuration file format
 - ✓ Ansible playbook syntax
 - ✓ rsyslog config syntax
 ## Configuration File
 ### config.env (Template)
 This is the default configuration template checked into Git. Contains all possible options with comments.
 Use this as a reference for what variables are available.
 ### config.local.env (Local Override)
 Create this file locally for your specific server. It's **gitignored** to prevent accidental commits of sensitive data.
 The scripts load configuration in this order:
 1. Look for `config.local.env` (local overrides)
 2. Fall back to `config.env` (defaults)
 This allows you to:
 - Keep `config.env` in Git with generic/default values
 - Override locally with `config.local.env` for your specific server
 - Keep secrets and server-specific settings out of Git
 ## How It Works
 ### Running apply.sh
 Applies the Git configuration to your server:
 ```bash
 ./apply.sh
 ```
 The script will:
 1. Load `config.local.env` (or `config.env` as fallback)
 2. Copy files from Git to the server using paths from config
 3. Validate rsyslog syntax
 4. Restart rsyslog service
 ### Running drift-check.sh
 Checks if the server's configuration matches Git:
 ```bash
 ./drift-check.sh
 ```
 The script will:
 1. Load configuration
 2. Compare each file on the server with the Git version
 3. Report any differences (drift)
 4. Exit code: 0 if synced, 1 if drift detected
 ## Environment Variables
 You can also override config file values using environment variables:
 ```bash
 # Use this specific config file
 CONFIG_FILE=/path/to/custom.env ./apply.sh
 # Or override individual vars
 RSYSLOG_CONFIG_DIR=/custom/rsyslog.d ./apply.sh
 ```
 ## Adapting for Different Services
 To adapt this for a different service (not just rsyslog):
 1. Create a new config.env with your service paths:
   ```bash
   # Example: nginx
   MAIN_CONFIG="/etc/nginx/nginx.conf"
   CONFIG_DIR="/etc/nginx/conf.d"
   GIT_MAIN_CONFIG="nginx.conf"
   GIT_CONFIG_DIR="nginx.d"
   VALIDATION_CMD="nginx -t"
   ```
 2. Update `apply.sh` to use your validation command:
   ```bash
   $VALIDATION_CMD
   ```
 3. Update `drift-check.sh` if needed (usually no changes needed)
 ## Validation Checklist
 Before deploying to a new server:
 - [ ] `config.local.env` created and customized
 - [ ] `./validate-syntax.sh` passes all checks
 - [ ] SSH connectivity to server verified
 - [ ] Ansible inventory updated with server hostname
 - [ ] SSH keys configured in CI/CD secrets
 - [ ] Test on a non-production server first
 ## Troubleshooting
 ### "Configuration file not found"
 Make sure you have at least one of these:
 - `config.local.env` (recommended for local use)
 - `config.env` (used as fallback)
 ### Syntax check fails
 Run the validation script to identify issues:
 ```bash
 ./validate-syntax.sh
 ```
 ### Drift detected but server looks correct
 Check that paths in `config.local.env` match your actual server:
 ```bash
 # On the server:
 ls -la /etc/rsyslog.conf
 ls -la /etc/rsyslog.d/
 ```
 Then compare with your config:
 ```bash
 grep RSYSLOG_MAIN_CONFIG config.local.env
 grep RSYSLOG_CONFIG_DIR config.local.env
 ```
--- a/GENERICIZATION.md
+++ b/GENERICIZATION.md
@ -0,0 +1,165 @@
 # Repository Genericization - Summary
 ## What Was Changed
 Your rsyslog repository has been made generic with environment-based configuration. All hardcoded paths and server-specific settings can now be configured via a configuration file.
 ## Files Created/Modified
 ### New Files
 1. **config.env** - Template configuration file
   - Contains all configurable variables with defaults
   - Checked into Git (safe to share)
   - Use as reference for what can be configured
 2. **config.local.env** - Environment-specific overrides (create this locally)
   - Copy from config.env and customize for your server
   - Gitignored - won't be committed
   - Use for sensitive/server-specific settings
 3. **validate-syntax.sh** - Comprehensive validation script
   - Validates shell script syntax
   - Checks configuration file format
   - Validates Ansible playbooks
   - Validates rsyslog config syntax
   - Exit code 0 = all pass, exit code 1 = failures
 4. **CONFIGURATION.md** - Setup and usage documentation
   - Quick start guide
   - Configuration options explained
   - Troubleshooting tips
 5. **.gitignore** - Prevents accidental commits
   - Ignores config.local.env and *.local.env
   - Ignores SSH keys and credentials
   - Standard patterns for Python, editors, logs
 ### Modified Files
 1. **apply.sh** - Now loads configuration
   - Reads config.env or config.local.env
   - Uses variables for paths instead of hardcoded values
   - More verbose output showing what paths it's using
 2. **drift-check.sh** - Now loads configuration
   - Reads config.env or config.local.env
   - Uses variables for server and Git paths
   - More transparent about what it's comparing
 ## How to Use
 ### Step 1: Create local configuration
 ```bash
 cp config.env config.local.env
 ```
 ### Step 2: Edit for your server
 ```bash
 nano config.local.env
 ```
 Update these key variables:
 - `SERVER_HOSTNAME` - Your server IP/hostname
 - `RSYSLOG_MAIN_CONFIG` - Server path to main config (e.g., `/etc/rsyslog.conf`)
 - `RSYSLOG_CONFIG_DIR` - Server path to config dir (e.g., `/etc/rsyslog.d`)
 - `PUSHGATEWAY_URL` - Your Prometheus pushgateway (if using metrics)
 ### Step 3: Validate everything
 ```bash
 ./validate-syntax.sh
 ```
 All checks should pass ✓
 ### Step 4: Use your scripts
 ```bash
 ./apply.sh        # Apply config to server
 ./drift-check.sh  # Check if server matches Git
 ```
 ## Configuration Options
 ### Server Paths (Customize per environment)
 - `RSYSLOG_MAIN_CONFIG` - Where rsyslog.conf lives on server
 - `RSYSLOG_CONFIG_DIR` - Where modular configs live on server
 ### Git Paths (Usually same for all)
 - `GIT_RSYSLOG_MAIN_CONFIG` - Path to config in Git (default: files/rsyslog.conf)
 - `GIT_RSYSLOG_CONFIG_DIR` - Path to configs in Git (default: files/rsyslog.d)
 ### Ansible
 - `ANSIBLE_INVENTORY` - Path to hosts.yml
 - `ANSIBLE_PLAYBOOK_DIR` - Path to playbooks dir
 - `ANSIBLE_CONFIG` - Path to ansible.cfg
 ### Other
 - `REPO_NAME` - Label for your repo
 - `PUSHGATEWAY_URL` - For Prometheus metrics
 - `LOG_LEVEL` - debug/info/warn/error
 ## Adapting for Other Services
 To use this for a different service (nginx, apache, etc.):
 1. Update file paths in config.env:
   ```env
   GIT_MAIN_CONFIG="nginx.conf"
   GIT_CONFIG_DIR="nginx.d"
   MAIN_CONFIG="/etc/nginx/nginx.conf"
   CONFIG_DIR="/etc/nginx/conf.d"
   ```
 2. Update the validation/restart command in apply.sh
 3. That's it! The scripts work with any service.
 ## Configuration Loading Order
 Scripts load config in this order:
 1. Check for `config.local.env` (local overrides)
 2. Fall back to `config.env` (defaults)
 3. Use environment variables if set
 This allows you to:
 - Keep generic defaults in Git (config.env)
 - Override locally for each server (config.local.env)
 - Keep secrets out of version control
 ## Validation
 Run this anytime you make changes:
 ```bash
 ./validate-syntax.sh
 ```
 Checks for:
 ✓ Bash script syntax errors
 ✓ Required config variables
 ✓ Configuration file format
 ✓ Ansible playbook syntax
 ✓ rsyslog config syntax
 ## Next Steps
 1. ✓ Repository is now generic
 2. → Create config.local.env for each server
 3. → Run validate-syntax.sh before deploying
 4. → Check Ansible playbooks work for your server list
 5. → Update .woodpecker.yml if needed for CI/CD secrets
 ## Files Not Changed
 These remain as-is for now (as requested):
 - ansible/playbooks/* - You'll review per server
 - ansible/inventory/hosts.yml - You'll update with your servers
 - .woodpecker.yml - Kept as-is, already parameterized
 ## Key Improvements
 ✓ **Generic** - Works on any server with configuration
 ✓ **Validated** - Built-in syntax checking
 ✓ **Safe** - Local overrides never committed to Git
 ✓ **Portable** - Easy to adapt for different services
 ✓ **Documented** - Clear configuration options
 ✓ **Maintainable** - Centralized config, no hardcoding
--- a/apply.sh
+++ b/apply.sh
@ -1,11 +1,32 @@
 #!/bin/bash
 set -e
-echo "Applying rsyslog config from git repo..."
+# Load configuration
 CONFIG_FILE="${CONFIG_FILE:-config.local.env}"
 if [ ! -f "$CONFIG_FILE" ]; then
    CONFIG_FILE="config.env"
 fi
-cp rsyslog.conf /etc/rsyslog.conf
+if [ ! -f "$CONFIG_FILE" ]; then
-mkdir -p /etc/rsyslog.d
+    echo "ERROR: Configuration file not found. Please create config.local.env or config.env"
-cp rsyslog.d/*.conf /etc/rsyslog.d/
+    exit 1
 fi
 # shellcheck disable=SC1090
 source "$CONFIG_FILE"
 echo "Applying rsyslog config from git repo..."
 echo "  Main config: $GIT_RSYSLOG_MAIN_CONFIG → $RSYSLOG_MAIN_CONFIG"
 echo "  Config dir: $GIT_RSYSLOG_CONFIG_DIR → $RSYSLOG_CONFIG_DIR"
 if [ ! -f "$GIT_RSYSLOG_MAIN_CONFIG" ]; then
    echo "ERROR: Source file not found: $GIT_RSYSLOG_MAIN_CONFIG"
    exit 1
 fi
 cp "$GIT_RSYSLOG_MAIN_CONFIG" "$RSYSLOG_MAIN_CONFIG"
 mkdir -p "$RSYSLOG_CONFIG_DIR"
 cp "$GIT_RSYSLOG_CONFIG_DIR"/*.conf "$RSYSLOG_CONFIG_DIR/"
 echo "Validating config..."
 rsyslogd -N1
--- a/config.env
+++ b/config.env
@ -0,0 +1,39 @@
 # =============================================================================
 # Configuration file for rsyslog GitOps
 # =============================================================================
 # Copy this file to config.local.env and update the values for your environment.
 # The .local.env variant is gitignored for sensitive data.
 # =============================================================================
 # Repository metadata
 REPO_NAME="rsyslog"
 REPO_DESCRIPTION="Manage rsyslog configuration on Linux servers using Git as the single source of truth"
 # Server configuration
 SERVER_USER="${SERVER_USER:-root}"
 SERVER_HOSTNAME="${SERVER_HOSTNAME:-localhost}"
 # File locations on the server
 RSYSLOG_MAIN_CONFIG="/etc/rsyslog.conf"
 RSYSLOG_CONFIG_DIR="/etc/rsyslog.d"
 # File locations in the Git repository (relative to repo root)
 GIT_RSYSLOG_MAIN_CONFIG="files/rsyslog.conf"
 GIT_RSYSLOG_CONFIG_DIR="files/rsyslog.d"
 # Ansible configuration
 ANSIBLE_INVENTORY="ansible/inventory/hosts.yml"
 ANSIBLE_PLAYBOOK_DIR="ansible/playbooks"
 ANSIBLE_CONFIG="ansible.cfg"
 # Validation settings
 VALIDATE_SYNTAX=true
 VALIDATE_SSH_CONNECTIVITY=true
 VALIDATE_RSYSLOG_STATUS=true
 # Prometheus/Pushgateway (optional)
 PUSHGATEWAY_URL="${PUSHGATEWAY_URL:-http://pushgateway.observability-stack.svc.cluster.local:9091}"
 ENABLE_METRICS=true
 # Logging
 LOG_LEVEL="info"  # debug, info, warn, error
--- a/drift-check.sh
+++ b/drift-check.sh
@ -1,21 +1,37 @@
 #!/bin/bash
 set -e
 # Load configuration
 CONFIG_FILE="${CONFIG_FILE:-config.local.env}"
 if [ ! -f "$CONFIG_FILE" ]; then
    CONFIG_FILE="config.env"
 fi
 if [ ! -f "$CONFIG_FILE" ]; then
    echo "ERROR: Configuration file not found. Please create config.local.env or config.env"
    exit 1
 fi
 # shellcheck disable=SC1090
 source "$CONFIG_FILE"
 echo "Checking drift between git repo and live server..."
 echo "  Comparing: $GIT_RSYSLOG_MAIN_CONFIG ↔ $RSYSLOG_MAIN_CONFIG"
 echo "  Comparing: $GIT_RSYSLOG_CONFIG_DIR ↔ $RSYSLOG_CONFIG_DIR"
 DIFF_FOUND=0
 echo
-echo "Comparing /etc/rsyslog.conf"
+echo "Comparing $RSYSLOG_MAIN_CONFIG"
-if ! diff -u rsyslog.conf /etc/rsyslog.conf; then
+if ! diff -u "$GIT_RSYSLOG_MAIN_CONFIG" "$RSYSLOG_MAIN_CONFIG"; then
  DIFF_FOUND=1
 fi
 echo
-echo "Comparing rsyslog.d configs"
+echo "Comparing $RSYSLOG_CONFIG_DIR configs"
-for file in rsyslog.d/*.conf; do
+for file in "$GIT_RSYSLOG_CONFIG_DIR"/*.conf; do
  base=$(basename "$file")
-  target="/etc/rsyslog.d/$base"
+  target="$RSYSLOG_CONFIG_DIR/$base"
  if [ ! -f "$target" ]; then
    echo "Missing on server: $target"
--- a/validate-syntax.sh
+++ b/validate-syntax.sh
@ -0,0 +1,179 @@
 #!/bin/bash
 # =============================================================================
 # Syntax validation script for rsyslog GitOps
 # =============================================================================
 # This script validates:
 #   1. Bash script syntax
 #   2. Configuration file format
 #   3. Ansible playbook syntax
 #   4. rsyslog config syntax (if rsyslogd available)
 #
 # Exit codes:
 #   0 = all checks passed
 #   1 = one or more checks failed
 # =============================================================================
 set -o pipefail
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 EXIT_CODE=0
 # Color codes
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 NC='\033[0m' # No Color
 log_pass() {
    echo -e "${GREEN}✓${NC} $1"
 }
 log_fail() {
    echo -e "${RED}✗${NC} $1"
    EXIT_CODE=1
 }
 log_warn() {
    echo -e "${YELLOW}⚠${NC} $1"
 }
 log_info() {
    echo "  $1"
 }
 # =============================================================================
 # 1. Check shell script syntax
 # =============================================================================
 echo "Checking shell script syntax..."
 for script in apply.sh drift-check.sh validate-syntax.sh; do
    if [ -f "$SCRIPT_DIR/$script" ]; then
        if bash -n "$SCRIPT_DIR/$script" 2>/dev/null; then
            log_pass "$script"
        else
            log_fail "$script (bash -n failed)"
        fi
    fi
 done
 # =============================================================================
 # 2. Check configuration file
 # =============================================================================
 echo
 echo "Checking configuration file..."
 if [ ! -f "$SCRIPT_DIR/config.env" ]; then
    log_fail "config.env not found"
 else
    # Check for required variables
    required_vars=(
        "REPO_NAME"
        "RSYSLOG_MAIN_CONFIG"
        "RSYSLOG_CONFIG_DIR"
        "GIT_RSYSLOG_MAIN_CONFIG"
        "GIT_RSYSLOG_CONFIG_DIR"
    )
    config_valid=true
    for var in "${required_vars[@]}"; do
        if grep -q "^$var=" "$SCRIPT_DIR/config.env"; then
            log_info "Found: $var"
        else
            log_fail "Missing required variable in config.env: $var"
            config_valid=false
        fi
    done
    if [ "$config_valid" = true ]; then
        log_pass "config.env has all required variables"
    fi
 fi
 # =============================================================================
 # 3. Check Ansible syntax
 # =============================================================================
 echo
 echo "Checking Ansible syntax..."
 if command -v ansible-playbook &>/dev/null; then
    if [ -f "$SCRIPT_DIR/ansible.cfg" ] && [ -f "$SCRIPT_DIR/ansible/inventory/hosts.yml" ]; then
        if ansible-playbook -i "$SCRIPT_DIR/ansible/inventory/hosts.yml" \
            --syntax-check "$SCRIPT_DIR/ansible/playbooks/"*.yml 2>/dev/null; then
            log_pass "Ansible playbook syntax is valid"
        else
            log_fail "Ansible playbook syntax check failed"
        fi
    else
        log_warn "Ansible configuration not found (ansible.cfg or hosts.yml) - skipping Ansible syntax check"
    fi
 else
    log_warn "ansible-playbook not installed - skipping Ansible syntax check"
 fi
 # =============================================================================
 # 4. Check rsyslog configuration files exist
 # =============================================================================
 echo
 echo "Checking rsyslog configuration files..."
 # Load config to get the paths
 if [ -f "$SCRIPT_DIR/config.local.env" ]; then
    # shellcheck disable=SC1090
    source "$SCRIPT_DIR/config.local.env"
 elif [ -f "$SCRIPT_DIR/config.env" ]; then
    # shellcheck disable=SC1090
    source "$SCRIPT_DIR/config.env"
 fi
 if [ -f "$SCRIPT_DIR/$GIT_RSYSLOG_MAIN_CONFIG" ]; then
    log_pass "$GIT_RSYSLOG_MAIN_CONFIG exists"
    # Try to validate rsyslog syntax if rsyslogd is available
    if command -v rsyslogd &>/dev/null; then
        if rsyslogd -N1 -f "$SCRIPT_DIR/$GIT_RSYSLOG_MAIN_CONFIG" 2>/dev/null; then
            log_pass "$GIT_RSYSLOG_MAIN_CONFIG syntax is valid"
        else
            log_fail "$GIT_RSYSLOG_MAIN_CONFIG syntax check failed"
        fi
    else
        log_warn "rsyslogd not installed - skipping rsyslog syntax validation"
    fi
 else
    log_fail "$GIT_RSYSLOG_MAIN_CONFIG not found"
 fi
 if [ -d "$SCRIPT_DIR/$GIT_RSYSLOG_CONFIG_DIR" ]; then
    conf_count=$(find "$SCRIPT_DIR/$GIT_RSYSLOG_CONFIG_DIR" -name "*.conf" | wc -l)
    if [ "$conf_count" -gt 0 ]; then
        log_pass "Found $conf_count rsyslog config files in $GIT_RSYSLOG_CONFIG_DIR/"
        # Try to validate each file if rsyslogd is available
        if command -v rsyslogd &>/dev/null; then
            for conf in "$SCRIPT_DIR/$GIT_RSYSLOG_CONFIG_DIR"/*.conf; do
                if rsyslogd -N1 -f "$conf" 2>/dev/null; then
                    log_info "Valid: $(basename "$conf")"
                else
                    log_fail "Invalid: $(basename "$conf")"
                fi
            done
        fi
    else
        log_warn "No .conf files found in $GIT_RSYSLOG_CONFIG_DIR/"
    fi
 else
    log_fail "$GIT_RSYSLOG_CONFIG_DIR/ directory not found"
 fi
 # =============================================================================
 # 5. Summary
 # =============================================================================
 echo
 echo "=========================================="
 if [ "$EXIT_CODE" -eq 0 ]; then
    echo -e "${GREEN}All checks passed!${NC}"
 else
    echo -e "${RED}Some checks failed. Please review above.${NC}"
 fi
 echo "=========================================="
 exit "$EXIT_CODE"