syslog: First step in retiring /etc/syslog.conf

This change does not affect the current usage of the module.  It does
allow manifests to choose to retire /etc/syslog.conf in favor or
fragments in /etc/rsyslog.d to control the syslog activity.  One
default fragment, 90-local.conf, that writes syslog messages
locally.

This change also include a fragment define that is used for the
management of rsyslog fragments.

NEWS

@@ -24,6 +24,14 @@ release/003.000 (unreleased)
 
     Add validation check in newsyslog config.
 
+    Updates to base::syslog. Retire /etc/syslog.conf.  Modify
+    /etc/rsyslog.conf so that it contains no input/output
+    specifications.  Create a fragments define to manage files in
+    /etc/rsyslog.d.  Define one default fragment that replicates
+    current behavior if no additional fragments are added. (Bill
+    MacAllister <whm@stanford.edu>)
+
+
 release/002.002 (2013-09-10)
 
     Add support for a listen_addresses parameter to ssh::config::sshd that

files/syslog/etc/rsyslog.d/90-local.conf

+# 90-local.conf - Write syslog messages to the normal places locally
+
+*.emerg         *
+*.debug         /var/log/messages
+*.err           /dev/console

manifests/syslog/config/rsyslog.pp

 # create rsyslog.conf
 
 define base::syslog::config::rsyslog(
-    $ensure         = 'present',
-    $source         = undef,
-    $owner          = 'root',
-    $group          = 'root',
-    $mode           = '0644',
-    $replace        = true,
+    $ensure          = 'present',
+    $source          = undef,
+    $owner           = 'root',
+    $group           = 'root',
+    $mode            = '0644',
+    $replace         = true,
+    $use_syslog_conf = true,
 ) {
   if $source {
     $template = undef
   } else {
-    $template = template('base/syslog/rsyslog.conf.erb')
+    if $use_syslog_conf
+      $template = template('base/syslog/rsyslog.conf.erb')
+    } else {
+      $template = template('base/syslog/rsyslog-nosyslog.conf.erb')
+      file {
+        '/etc/syslog.conf':
+          ensure => absent;
+        '/etc/rsyslog.d/90-local.conf':
+          ensure  => present,
+          source  => 'puppet:///modules/base/syslog/etc/rsyslog.d/90-local.conf';
+          owner   => $owner,
+          group   => $group,
+          mode    => $mode;
+      }
+    }
   }
   file { $name:
     ensure  => $ensure,
@@ -23,4 +38,4 @@ define base::syslog::config::rsyslog(
     replace => $replace,
     notify  => Service['syslog'],
   }
-}
\ No newline at end of file
+}

manifests/syslog/fragment.pp

+# modules/syslog/manifests/fragment.pp - definition for
+# base::iptables::fragments ()
+#
+# Install or remove a syslog fragment.  Recommented practice is to
+# include fragments in the syslog module, but they can be pulled from
+# any puppet manifest.  The default is use puppet templates for
+# fragments which allows dynamic content without having to define all
+# possible substitutions as part of the define.  Some default values
+# are provided for example syslog_target defaults to
+# logsink.stanford.edu.
+#
+# Example:
+#
+#  syslog_target = 'logsink-dev.stanford.edu'
+#  base::syslog::fragment { '50-tcp-output.conf': ensure => present }
+#
+# Example:
+#
+#  base::syslog::fragment {
+#    '90-default-remote.conf':
+#      ensure => present;
+#    '95-local.conf':
+#      ensure => present,
+#      source => 'puppet:///modules/s_audit/etc/rsyslog.d/95-local.conf',
+#  }
+
+define base::syslog::fragment(
+  $ensure,
+  $source  = NOSRC,
+  $content = NOCONTENT)
+{
+  $realname = "/etc/rsyslog.d/$name"
+  $codename = "syslog::fragment"
+  $basetmpl = "base/etc/rsyslog.d/${name}.erb"
+
+  # Useful default template values
+  if $syslog_target {
+    $logsink_server = $syslog_target
+  } else {
+    $logsink_server = 'logsink.stanford.edu'
+  }
+  
+  case $ensure {
+
+    present: {
+      case $content {
+        'NOCONTENT': {
+          case $source {
+            'NOSRC': {
+              # Use default content 
+              file { "$realname":
+                content => template($basetmpl),
+                notify  => Service['syslog'],
+              }
+            }
+            default: {
+              # Source specificed
+              file { "$realname":
+                source => "$source",
+                notify => Service['syslog'],
+              }
+            }
+          }
+        }
+        default: {
+          case $source {
+            'NOSRC': {
+              file { "$realname":
+                source => "$source",
+                notify => Service['syslog'],
+              }
+            }
+            default: {
+              fail "$codename - source or content, not both."
+            }
+          }
+        }
+      }
+    }
+
+    absent: {
+      file { "$realname":
+        ensure => absent,
+        notify => Service['syslog'],
+      }
+    }
+
+    default: {
+      crit "Invalid ensure value: $ensure"
+    }
+  }
+}

templates/syslog/rsyslog.conf.erb

@@ -28,8 +28,10 @@ $DirCreateMode 0755
 $SystemLogRateLimitInterval 0
 
 <% end -%>
+<% if use_syslog_conf -%>
 # Include the syslog rules first so they can be overriden by rsyslog.d.
 $IncludeConfig /etc/syslog.conf
 
+<% end -%>
 # Include all config files in /etc/rsyslog.d.
 $IncludeConfig /etc/rsyslog.d/*.conf