From 46d2bcdb0b500b4d1b9d973ab5b9ca3c6cf44e51 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Mon, 8 May 2023 22:34:22 +0200
Subject: syslog: T2769: add VRF support
Allow syslog messages to be sent through a VRF (e.g. management).
---
data/templates/rsyslog/override.conf.j2 | 11 +++++++++++
interface-definitions/system-syslog.xml.in | 1 +
src/conf_mode/system-syslog.py | 20 +++++++++++++++++++-
src/etc/rsyslog.conf | 6 ++++++
4 files changed, 37 insertions(+), 1 deletion(-)
create mode 100644 data/templates/rsyslog/override.conf.j2
diff --git a/data/templates/rsyslog/override.conf.j2 b/data/templates/rsyslog/override.conf.j2
new file mode 100644
index 000000000..5f6a87edf
--- /dev/null
+++ b/data/templates/rsyslog/override.conf.j2
@@ -0,0 +1,11 @@
+{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %}
+[Unit]
+StartLimitIntervalSec=0
+
+[Service]
+ExecStart=
+ExecStart={{ vrf_command }}/usr/sbin/rsyslogd -n -iNONE
+Restart=always
+RestartPreventExitStatus=
+RestartSec=10
+RuntimeDirectoryPreserve=yes
diff --git a/interface-definitions/system-syslog.xml.in b/interface-definitions/system-syslog.xml.in
index 17aa85706..cd5c514a8 100644
--- a/interface-definitions/system-syslog.xml.in
+++ b/interface-definitions/system-syslog.xml.in
@@ -147,6 +147,7 @@
#include <include/syslog-facility.xml.i>
</children>
</node>
+ #include <include/interface/vrf.xml.i>
</children>
</node>
</children>
diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system-syslog.py
index dba29d152..e646fb0ae 100755
--- a/src/conf_mode/system-syslog.py
+++ b/src/conf_mode/system-syslog.py
@@ -20,6 +20,8 @@ from sys import exit
from vyos.config import Config
from vyos.configdict import dict_merge
+from vyos.configdict import is_node_changed
+from vyos.configverify import verify_vrf
from vyos.util import call
from vyos.template import render
from vyos.xml import defaults
@@ -29,6 +31,7 @@ airbag.enable()
rsyslog_conf = '/etc/rsyslog.d/00-vyos.conf'
logrotate_conf = '/etc/logrotate.d/vyos-rsyslog'
+systemd_override = r'/run/systemd/system/rsyslog.service.d/override.conf'
def get_config(config=None):
if config:
@@ -43,6 +46,8 @@ def get_config(config=None):
get_first_key=True, no_tag_node_value_mangle=True)
syslog.update({ 'logrotate' : logrotate_conf })
+ tmp = is_node_changed(conf, base + ['vrf'])
+ if tmp: syslog.update({'restart_required': {}})
# We have gathered the dict representation of the CLI, but there are default
# options which we need to update into the dictionary retrived.
@@ -101,6 +106,8 @@ def verify(syslog):
if not syslog:
return None
+ verify_vrf(syslog)
+
def generate(syslog):
if not syslog:
if os.path.exists(rsyslog_conf):
@@ -111,15 +118,26 @@ def generate(syslog):
return None
render(rsyslog_conf, 'rsyslog/rsyslog.conf.j2', syslog)
+ render(systemd_override, 'rsyslog/override.conf.j2', syslog)
render(logrotate_conf, 'rsyslog/logrotate.j2', syslog)
+ # Reload systemd manager configuration
+ call('systemctl daemon-reload')
+ return None
+
def apply(syslog):
systemd_service = 'syslog.service'
if not syslog:
call(f'systemctl stop {systemd_service}')
return None
- call(f'systemctl reload-or-restart {systemd_service}')
+ # we need to restart the service if e.g. the VRF name changed
+ systemd_action = 'reload-or-restart'
+ if 'restart_required' in syslog:
+ systemd_action = 'restart'
+
+ call(f'systemctl {systemd_action} {systemd_service}')
+ return None
if __name__ == '__main__':
try:
diff --git a/src/etc/rsyslog.conf b/src/etc/rsyslog.conf
index 706ebb60d..c28e9b537 100644
--- a/src/etc/rsyslog.conf
+++ b/src/etc/rsyslog.conf
@@ -49,6 +49,12 @@ $FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
+#
+# Stop excessive logging of sudo
+#
+:msg, contains, " pam_unix(sudo:session): session opened for user root(uid=0) by" ~
+:msg, contains, "pam_unix(sudo:session): session closed for user root" ~
+
#
# Include all config files in /etc/rsyslog.d/
#
--
cgit v1.2.3