Commit e0349bb0 authored by Adam Robinson's avatar Adam Robinson
Browse files

initial import

parents
configure_vmware_syslog
=========
Configure syslog on an ESXi host
Requirements
------------
pyvmomi is required. This role assumes your inventory file contains each ESXi host you are managing.
Syslog filters from a template cannot be configured on ESXi 6.0 due to the filecmp python module missing.
Role Variables
--------------
### Defaults
- `configure_remote_syslog` - Defaults to no. If set to yes, will configure a host to send syslogs to a remote host. Requires a variable named `syslog_servers` if yes.
- `configure_syslog_filters` - Defaults to no. If set to yes, will configure a host to filter certain syslog messages from a template named logfilters.j2.
### Required
- `vcenter_hostname` - The hostname or address of the vCenter server.
- `inventory_hostname` - The hostname or address of the ESXi server.
Dependencies
------------
None
Example Playbook
----------------
Todo
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
---
# defaults file for configure_vmware_syslog
vmware_user: "{{ lookup('env','VMWARE_USER') }}"
vmware_password: "{{ lookup('env','VMWARE_PASSWORD') }}"
configure_remote_syslog: no
configure_syslog_filters: no
\ No newline at end of file
---
# handlers file for configure_vmware_syslog
- name: Reload syslog
shell: esxcli system syslog reload
vars:
ansible_user: '{{ vmware_user }}@{{ ad_domain|upper }}'
ansible_password: '{{ vmware_password }}'
ansible_connection: paramiko
ansible_python_interpreter: /bin/python
- name: Stop SSH
vmware_host_service_manager:
hostname: '{{ vcenter_hostname }}'
esxi_hostname: '{{ inventory_hostname }}'
username: '{{ vmware_user }}'
password: '{{ vmware_password }}'
service_name: TSM-SSH
state: stop
delegate_to: localhost
when: not host_service_facts['host_service_facts'][inventory_hostname] | selectattr('key', 'equalto', 'TSM-SSH') | map(attribute='running') | list | first | bool
\ No newline at end of file
galaxy_info:
author: your name
description: your description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.4
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
\ No newline at end of file
---
# tasks file for configure_vmware_syslog
- name: Get the current state of all services
vmware_host_service_facts:
hostname: '{{ vcenter_hostname }}'
esxi_hostname: '{{ inventory_hostname }}'
username: '{{ vmware_user }}'
password: '{{ vmware_password }}'
delegate_to: localhost
register: host_service_facts
- name: Start SSH Temporarily to configure Syslog Filtering
vmware_host_service_manager:
hostname: '{{ vcenter_hostname }}'
esxi_hostname: '{{ inventory_hostname }}'
username: '{{ vmware_user }}'
password: '{{ vmware_password }}'
service_name: TSM-SSH
state: start
delegate_to: localhost
when: not host_service_facts['host_service_facts'][inventory_hostname] | selectattr('key', 'equalto', 'TSM-SSH') | map(attribute='running') | list | first | bool
notify: Stop SSH
- name: Enable Syslog Filtering
ini_file:
create: no
backup: yes
path: /etc/vmsyslog.conf
section: vmsyslog
option: enable_logfilters
value: 'true'
state: present
when: configure_syslog_filters|bool
notify: Reload syslog
vars:
ansible_user: '{{ vmware_user }}@{{ ad_domain|upper }}'
ansible_password: '{{ vmware_password }}'
ansible_connection: paramiko
ansible_python_interpreter: /bin/python
- name: Disable Syslog Filtering
ini_file:
create: no
backup: yes
path: /etc/vmsyslog.conf
section: vmsyslog
option: enable_logfilters
state: absent
when: not configure_syslog_filters|bool
notify: Reload syslog
vars:
ansible_user: '{{ vmware_user }}@{{ ad_domain|upper }}'
ansible_password: '{{ vmware_password }}'
ansible_connection: paramiko
ansible_python_interpreter: /bin/python
- name: Deploy Syslog Filters Template
template:
src: logfilters.j2
dest: /etc/vmware/logfilters
when: configure_syslog_filters|bool and (ansible_distribution_version == "6.5.0" or ansible_distribution_version == "6.7.0")
notify: Reload syslog
vars:
ansible_user: '{{ vmware_user }}@{{ ad_domain|upper }}'
ansible_password: '{{ vmware_password }}'
ansible_connection: paramiko
ansible_python_interpreter: /bin/python
- name: Set Syslog Host
vmware_host_config_manager:
hostname: '{{ vcenter_hostname }}'
esxi_hostname: '{{ inventory_hostname }}'
username: '{{ vmware_user }}'
password: '{{ vmware_password }}'
options:
'Syslog.global.logHost': '{{ syslog_servers }}'
delegate_to: localhost
when: configure_remote_syslog|bool
- name: Allow syslog through the firewall
vmware_host_firewall_manager:
hostname: '{{ vcenter_hostname }}'
esxi_hostname: '{{ inventory_hostname }}'
username: '{{ vmware_user }}'
password: '{{ vmware_password }}'
rules:
- name: syslog
enabled: True
delegate_to: localhost
when: configure_remote_syslog|bool
# Copyright 2014, VMware, Inc.
# To filter out excessive logging, add lines with the following syntax:
#
# numLogs | ident | logRegexp
#
# Any log line with a substring matching the regular expression logRegexp
# will appear the first "numLogs" times that it's issued, but will be
# ignored after that point. For example, the line:
#
# 5 | vmkernel | .*
#
# will ensure that only the first 5 vmkernel-related lines appear in the log
# and others are ignored.
#
# All comparisons are case-sensitive. logRegexp must be a valid regular
# expression confirming to the Python regular expression syntax.
# Using '*' for the ident field implies that log messages from all sources
# are a potential match. Multiple ident values can be specified in a comma
# separated list. Consult /etc/vmsyslog.conf.d/*.conf for possible values
# of ident.
#
# This feature should be used only in the case where a log statement is
# spewing excessively. Filtering the log too aggressively may make
# troubleshooting more difficult if it loses valuable information.
{% if ansible_facts.system_vendor == 'HPE' and 'Gen10' in ansible_facts.product_name %}
# Filter out SDcard messages for HPE Gen10 hosts that can be ignored
# https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=1010083017&docLocale=en_US&docId=emr_na-a00063477en_us
0 | vmkernel | 0x9e, CmdSN 0x\w* from world 0 to dev "eui\.00e04c2020202000" failed H:0x7 D:0x0 P:0x0 Invalid sense data: 0x0 0x0 0x0
0 | vmkwarning | WARNING: NMP: nmp_DeviceRequestFastDeviceProbe:237: NMP device "eui\.00e04c2020202000" state in doubt; requested fast path state update\.\.\.
{% endif %}
{% if (ansible_facts.system_vendor == 'HP' or ansible_facts.system_vendor == 'HPE') and 'Gen10' not in ansible_facts.product_name %}
# Filter out SDcard messages for Gen9 and older HP hardware
0 | vmkernel | 0x1a, CmdSN 0x\w* from world 0 to dev "mpx\.vmhba32:C0:T0:L0" failed H:0x0 D:0x2 P:0x0 Valid sense data: 0x5 0x24 0x0
{% endif %}
\ No newline at end of file
---
- hosts: localhost
remote_user: root
roles:
- configure_vmware_syslog
\ No newline at end of file
---
# vars file for configure_vmware_syslog
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment