diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-05-08 22:34:22 +0200 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2023-05-08 22:45:53 +0200 |
| commit | 46d2bcdb0b500b4d1b9d973ab5b9ca3c6cf44e51 (patch) | |
| tree | ed4136e5222db87aa3b0bf2879867b6a5e3508a0 | |
| parent | 1dc79cebc6d27a8f9d2f9ca9c2e0f2fd0809d940 (diff) | |
| download | vyos-1x-46d2bcdb0b500b4d1b9d973ab5b9ca3c6cf44e51.tar.gz vyos-1x-46d2bcdb0b500b4d1b9d973ab5b9ca3c6cf44e51.zip | |
syslog: T2769: add VRF support
Allow syslog messages to be sent through a VRF (e.g. management).
| -rw-r--r-- | data/templates/rsyslog/override.conf.j2 | 11 | ||||
| -rw-r--r-- | interface-definitions/system-syslog.xml.in | 1 | ||||
| -rwxr-xr-x | src/conf_mode/system-syslog.py | 20 | ||||
| -rw-r--r-- | src/etc/rsyslog.conf | 6 |
4 files changed, 37 insertions, 1 deletions
diff --git a/data/templates/rsyslog/override.conf.j2 b/data/templates/rsyslog/override.conf.j2 new file mode 100644 index 000000000..5f6a87edf --- /dev/null +++ b/data/templates/rsyslog/override.conf.j2 @@ -0,0 +1,11 @@ +{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %} +[Unit] +StartLimitIntervalSec=0 + +[Service] +ExecStart= +ExecStart={{ vrf_command }}/usr/sbin/rsyslogd -n -iNONE +Restart=always +RestartPreventExitStatus= +RestartSec=10 +RuntimeDirectoryPreserve=yes diff --git a/interface-definitions/system-syslog.xml.in b/interface-definitions/system-syslog.xml.in index 17aa85706..cd5c514a8 100644 --- a/interface-definitions/system-syslog.xml.in +++ b/interface-definitions/system-syslog.xml.in @@ -147,6 +147,7 @@ #include <include/syslog-facility.xml.i> </children> </node> + #include <include/interface/vrf.xml.i> </children> </node> </children> diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system-syslog.py index dba29d152..e646fb0ae 100755 --- a/src/conf_mode/system-syslog.py +++ b/src/conf_mode/system-syslog.py @@ -20,6 +20,8 @@ from sys import exit from vyos.config import Config from vyos.configdict import dict_merge +from vyos.configdict import is_node_changed +from vyos.configverify import verify_vrf from vyos.util import call from vyos.template import render from vyos.xml import defaults @@ -29,6 +31,7 @@ airbag.enable() rsyslog_conf = '/etc/rsyslog.d/00-vyos.conf' logrotate_conf = '/etc/logrotate.d/vyos-rsyslog' +systemd_override = r'/run/systemd/system/rsyslog.service.d/override.conf' def get_config(config=None): if config: @@ -43,6 +46,8 @@ def get_config(config=None): get_first_key=True, no_tag_node_value_mangle=True) syslog.update({ 'logrotate' : logrotate_conf }) + tmp = is_node_changed(conf, base + ['vrf']) + if tmp: syslog.update({'restart_required': {}}) # We have gathered the dict representation of the CLI, but there are default # options which we need to update into the dictionary retrived. @@ -101,6 +106,8 @@ def verify(syslog): if not syslog: return None + verify_vrf(syslog) + def generate(syslog): if not syslog: if os.path.exists(rsyslog_conf): @@ -111,15 +118,26 @@ def generate(syslog): return None render(rsyslog_conf, 'rsyslog/rsyslog.conf.j2', syslog) + render(systemd_override, 'rsyslog/override.conf.j2', syslog) render(logrotate_conf, 'rsyslog/logrotate.j2', syslog) + # Reload systemd manager configuration + call('systemctl daemon-reload') + return None + def apply(syslog): systemd_service = 'syslog.service' if not syslog: call(f'systemctl stop {systemd_service}') return None - call(f'systemctl reload-or-restart {systemd_service}') + # we need to restart the service if e.g. the VRF name changed + systemd_action = 'reload-or-restart' + if 'restart_required' in syslog: + systemd_action = 'restart' + + call(f'systemctl {systemd_action} {systemd_service}') + return None if __name__ == '__main__': try: diff --git a/src/etc/rsyslog.conf b/src/etc/rsyslog.conf index 706ebb60d..c28e9b537 100644 --- a/src/etc/rsyslog.conf +++ b/src/etc/rsyslog.conf @@ -50,6 +50,12 @@ $DirCreateMode 0755 $Umask 0022 # +# Stop excessive logging of sudo +# +:msg, contains, " pam_unix(sudo:session): session opened for user root(uid=0) by" ~ +:msg, contains, "pam_unix(sudo:session): session closed for user root" ~ + +# # Include all config files in /etc/rsyslog.d/ # $IncludeConfig /etc/rsyslog.d/*.conf |