Note: The default ITS GitLab runner is a shared resource and is subject to slowdowns during heavy usage.
You can run your own GitLab runner that is dedicated just to your group if you need to avoid processing delays.

Commit e0349bb0 authored by Adam Robinson's avatar Adam Robinson
Browse files

initial import

parents
configure_vmware_syslog
=========
Configure syslog on an ESXi host
Requirements
------------
pyvmomi is required. This role assumes your inventory file contains each ESXi host you are managing.
Syslog filters from a template cannot be configured on ESXi 6.0 due to the filecmp python module missing.
Role Variables
--------------
### Defaults
- `configure_remote_syslog` - Defaults to no. If set to yes, will configure a host to send syslogs to a remote host. Requires a variable named `syslog_servers` if yes.
- `configure_syslog_filters` - Defaults to no. If set to yes, will configure a host to filter certain syslog messages from a template named logfilters.j2.
### Required
- `vcenter_hostname` - The hostname or address of the vCenter server.
- `inventory_hostname` - The hostname or address of the ESXi server.
Dependencies
------------
None
Example Playbook
----------------
Todo
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
---
# defaults file for configure_vmware_syslog
vmware_user: "{{ lookup('env','VMWARE_USER') }}"
vmware_password: "{{ lookup('env','VMWARE_PASSWORD') }}"
configure_remote_syslog: no
configure_syslog_filters: no
\ No newline at end of file
---
# handlers file for configure_vmware_syslog
- name: Reload syslog
shell: esxcli system syslog reload
vars:
ansible_user: '{{ vmware_user }}@{{ ad_domain|upper }}'
ansible_password: '{{ vmware_password }}'
ansible_connection: paramiko
ansible_python_interpreter: /bin/python
- name: Stop SSH
vmware_host_service_manager:
hostname: '{{ vcenter_hostname }}'
esxi_hostname: '{{ inventory_hostname }}'
username: '{{ vmware_user }}'
password: '{{ vmware_password }}'
service_name: TSM-SSH
state: stop
delegate_to: localhost
when: not host_service_facts['host_service_facts'][inventory_hostname] | selectattr('key', 'equalto', 'TSM-SSH') | map(attribute='running') | list | first | bool
\ No newline at end of file
galaxy_info:
author: your name
description: your description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.4
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
\ No newline at end of file
---
# tasks file for configure_vmware_syslog
- name: Get the current state of all services
vmware_host_service_facts:
hostname: '{{ vcenter_hostname }}'
esxi_hostname: '{{ inventory_hostname }}'
username: '{{ vmware_user }}'
password: '{{ vmware_password }}'
delegate_to: localhost
register: host_service_facts
- name: Start SSH Temporarily to configure Syslog Filtering
vmware_host_service_manager:
hostname: '{{ vcenter_hostname }}'
esxi_hostname: '{{ inventory_hostname }}'
username: '{{ vmware_user }}'
password: '{{ vmware_password }}'
service_name: TSM-SSH
state: start
delegate_to: localhost
when: not host_service_facts['host_service_facts'][inventory_hostname] | selectattr('key', 'equalto', 'TSM-SSH') | map(attribute='running') | list | first | bool
notify: Stop SSH
- name: Enable Syslog Filtering
ini_file:
create: no
backup: yes
path: /etc/vmsyslog.conf
section: vmsyslog
option: enable_logfilters
value: 'true'
state: present
when: configure_syslog_filters|bool
notify: Reload syslog
vars:
ansible_user: '{{ vmware_user }}@{{ ad_domain|upper }}'
ansible_password: '{{ vmware_password }}'
ansible_connection: paramiko
ansible_python_interpreter: /bin/python
- name: Disable Syslog Filtering
ini_file:
create: no
backup: yes
path: /etc/vmsyslog.conf
section: vmsyslog
option: enable_logfilters
state: absent
when: not configure_syslog_filters|bool
notify: Reload syslog
vars:
ansible_user: '{{ vmware_user }}@{{ ad_domain|upper }}'
ansible_password: '{{ vmware_password }}'
ansible_connection: paramiko
ansible_python_interpreter: /bin/python
- name: Deploy Syslog Filters Template
template:
src: logfilters.j2
dest: /etc/vmware/logfilters
when: configure_syslog_filters|bool and (ansible_distribution_version == "6.5.0" or ansible_distribution_version == "6.7.0")
notify: Reload syslog
vars:
ansible_user: '{{ vmware_user }}@{{ ad_domain|upper }}'
ansible_password: '{{ vmware_password }}'
ansible_connection: paramiko
ansible_python_interpreter: /bin/python
- name: Set Syslog Host
vmware_host_config_manager:
hostname: '{{ vcenter_hostname }}'
esxi_hostname: '{{ inventory_hostname }}'
username: '{{ vmware_user }}'
password: '{{ vmware_password }}'
options:
'Syslog.global.logHost': '{{ syslog_servers }}'
delegate_to: localhost
when: configure_remote_syslog|bool
- name: Allow syslog through the firewall
vmware_host_firewall_manager:
hostname: '{{ vcenter_hostname }}'
esxi_hostname: '{{ inventory_hostname }}'
username: '{{ vmware_user }}'
password: '{{ vmware_password }}'
rules:
- name: syslog
enabled: True
delegate_to: localhost
when: configure_remote_syslog|bool
# Copyright 2014, VMware, Inc.
# To filter out excessive logging, add lines with the following syntax:
#
# numLogs | ident | logRegexp
#
# Any log line with a substring matching the regular expression logRegexp
# will appear the first "numLogs" times that it's issued, but will be
# ignored after that point. For example, the line:
#
# 5 | vmkernel | .*
#
# will ensure that only the first 5 vmkernel-related lines appear in the log
# and others are ignored.
#
# All comparisons are case-sensitive. logRegexp must be a valid regular
# expression confirming to the Python regular expression syntax.
# Using '*' for the ident field implies that log messages from all sources
# are a potential match. Multiple ident values can be specified in a comma
# separated list. Consult /etc/vmsyslog.conf.d/*.conf for possible values
# of ident.
#
# This feature should be used only in the case where a log statement is
# spewing excessively. Filtering the log too aggressively may make
# troubleshooting more difficult if it loses valuable information.
{% if ansible_facts.system_vendor == 'HPE' and 'Gen10' in ansible_facts.product_name %}
# Filter out SDcard messages for HPE Gen10 hosts that can be ignored
# https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=1010083017&docLocale=en_US&docId=emr_na-a00063477en_us
0 | vmkernel | 0x9e, CmdSN 0x\w* from world 0 to dev "eui\.00e04c2020202000" failed H:0x7 D:0x0 P:0x0 Invalid sense data: 0x0 0x0 0x0
0 | vmkwarning | WARNING: NMP: nmp_DeviceRequestFastDeviceProbe:237: NMP device "eui\.00e04c2020202000" state in doubt; requested fast path state update\.\.\.
{% endif %}
{% if (ansible_facts.system_vendor == 'HP' or ansible_facts.system_vendor == 'HPE') and 'Gen10' not in ansible_facts.product_name %}
# Filter out SDcard messages for Gen9 and older HP hardware
0 | vmkernel | 0x1a, CmdSN 0x\w* from world 0 to dev "mpx\.vmhba32:C0:T0:L0" failed H:0x0 D:0x2 P:0x0 Valid sense data: 0x5 0x24 0x0
{% endif %}
\ No newline at end of file
---
- hosts: localhost
remote_user: root
roles:
- configure_vmware_syslog
\ No newline at end of file
---
# vars file for configure_vmware_syslog
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment