Update rsyslog.conf template to support newer platforms

.github/workflows/ci.yml

@@ -24,29 +24,40 @@ jobs:
       matrix:
         os:
           - almalinux-8
-          - amazonlinux-2
-          - centos-7
-          - centos-stream-8
-          - debian-10
+          - almalinux-9
+          - amazonlinux-2023
+          - centos-stream-9
+          - centos-stream-10
           - debian-11
-          - fedora-latest
+          - debian-12
           - opensuse-leap-15
           - rockylinux-8
-          - ubuntu-1804
+          - rockylinux-9
           - ubuntu-2004
+          - ubuntu-2204
+          - ubuntu-2404
         suite:
           - client
           - default
           - input-file-resource
           - relp
           - server
+        exclude:
+          - os: amazonlinux-2023
+            suite: relp
       fail-fast: false
 
     steps:
       - name: Check out code
         uses: actions/checkout@v4 # v4
       - name: Install Chef
         uses: actionshub/[email protected]
+      - name: Disable apparmor for rsyslog
+        run: |
+          set -x
+          sudo apt-get update
+          sudo apt-get -y install apparmor-profiles
+          sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.rsyslogd
       - name: Dokken
         uses: actionshub/[email protected]
         env:

CHANGELOG.md

@@ -4,6 +4,9 @@ This file is used to list changes made in each version of the rsyslog cookbook.
 
 ## Unreleased
 
+- Update rsyslog.conf template to support newer platforms
+- Update platforms tested in CI
+
 ## 9.2.25 - *2024-12-04*
 
 ## 9.2.24 - *2024-11-18*
@@ -385,12 +388,12 @@ Fixing bug fix in rsyslog.conf
 
 ### Bug
 
-- **[COOK-4256](https://tickets.opscode.com/browse/COOK-4256)** - Fix syntax errors in default.conf on rhel
+- [COOK-4256] - Fix syntax errors in default.conf on rhel
 
 ### New Feature
 
-- **[COOK-4022](https://tickets.opscode.com/browse/COOK-4022)** - Add use_local_ipv4 option to allow selecting internal interface on cloud systems
-- **[COOK-4018](https://tickets.opscode.com/browse/COOK-4018)** - rsyslog TLS encryption support
+- [COOK-4022] - Add use_local_ipv4 option to allow selecting internal interface on cloud systems
+- [COOK-4018] - rsyslog TLS encryption support
 
 ## v1.10.2
 
@@ -400,44 +403,44 @@ No change. Version bump for toolchain.
 
 ### New Feature
 
-- **[COOK-4021](https://tickets.opscode.com/browse/COOK-4021)** - Allow specifying default templates for local and remote
+- [COOK-4021] - Allow specifying default templates for local and remote
 
 ### Improvement
 
-- **[COOK-3876](https://tickets.opscode.com/browse/COOK-3876)** - Cater for setting rate limits
+- [COOK-3876] - Cater for setting rate limits
 
 ## v1.9.0
 
 ### New Feature
 
-- **[COOK-3736](https://tickets.opscode.com/browse/COOK-3736)** - Support OmniOS
+- [COOK-3736] - Support OmniOS
 
 ### Improvement
 
-- **[COOK-3609](https://tickets.opscode.com/browse/COOK-3609)** - Add actionqueue to remote rsyslog configurations
+- [COOK-3609] - Add actionqueue to remote rsyslog configurations
 
 ### Bug
 
-- **[COOK-3608](https://tickets.opscode.com/browse/COOK-3608)** - Add 50-default template knobs
-- **[COOK-3600](https://tickets.opscode.com/browse/COOK-3600)** - SmartOS support
+- [COOK-3608] - Add 50-default template knobs
+- [COOK-3600] - SmartOS support
 
 ## v1.8.0
 
 ### Improvement
 
-- **[COOK-3573](https://tickets.opscode.com/browse/COOK-3573)** - Add Test Kitchen, Specs, and Travis CI
+- [COOK-3573] - Add Test Kitchen, Specs, and Travis CI
 
 ### New Feature
 
-- **[COOK-3435](https://tickets.opscode.com/browse/COOK-3435)** - Add support for relp
+- [COOK-3435] - Add support for relp
 
 ## v1.7.0
 
 ### Improvement
 
-- **[COOK-3253](https://tickets.opscode.com/browse/COOK-3253)** - Enable repeated message reduction
-- **[COOK-3190](https://tickets.opscode.com/browse/COOK-3190)** - Allow specifying which logs to send to remote server
-- **[COOK-2355](https://tickets.opscode.com/browse/COOK-2355)** - Support forwarding events to more than one server
+- [COOK-3253] - Enable repeated message reduction
+- [COOK-3190] - Allow specifying which logs to send to remote server
+- [COOK-2355] - Support forwarding events to more than one server
 
 ## v1.6.0
 

README.md

@@ -16,12 +16,12 @@ This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of
 
 ### Platforms
 
-- CentOS 7+ (incl. Rocky & Alma)
-- Debian 10+
+- CentOS 8+ (incl. Rocky & Alma)
+- Debian 11+
 - Fedora
 - OpenSUSE Leap
 - SmartOS / OmniOS
-- Ubuntu 18.04+
+- Ubuntu 20.04+
 
 ### Chef
 
@@ -105,7 +105,7 @@ Uses `node['rsyslog']['server_ip']` or Chef search (in that precedence order) to
 
 You can use `node['rsyslog']['custom_config']` to define custom entries for sending logs to remote servers. Available attributes:
 
-```
+```ruby
     'server': Ip/hostname of remote syslog server (Required)
     'port': Port to send logs to
     'logs': Syslog log facilities to send (auth, authpriv, daemon, etc)
@@ -160,9 +160,9 @@ For example, to change this to just the hostname, set the attribute `node['rsysl
 
 At this time, the server can only listen on UDP _or_ TCP.
 
-# Resources
+## Resources
 
-## file_input
+### file_input
 
 Configures a [text file input monitor](http://www.rsyslog.com/doc/imfile.html) to push a log file into rsyslog. Rsyslog must be installed to use this custom resource either using your own wrapper cookbook or the rsyslog::default recipe.
 
@@ -176,7 +176,7 @@ Properties:
 - `cookbook_source`: cookbook containing the template. Defaults to `rsyslog`.
 - `template_source`: template file source. Defaults to `file-input.conf.erb`
 
-# Usage
+## Usage
 
 Use `recipe[rsyslog]` to install and start rsyslog as a basic configured service for standalone systems.
 

attributes/default.rb

@@ -151,7 +151,7 @@
     'local7.*' => "#{node['rsyslog']['default_log_dir']}/boot.log",
   }
   default['rsyslog']['modules'] = %w(imuxsock imjournal)
-  default['rsyslog']['additional_directives'] = { 'OmitLocalLogging' => 'on', 'IMJournalStateFile' => 'imjournal.state' }
+  default['rsyslog']['additional_directives'] = { 'IMJournalStateFile' => 'imjournal.state' }
 else
   # format { facility => destination }
   default['rsyslog']['default_facility_logs'] = {

kitchen.yml

@@ -2,7 +2,8 @@ driver:
   name: vagrant
 
 provisioner:
-  name: chef_zero
+  name: chef_infra
+  chef_license: accept-no-persist
   enforce_idempotency: true
   multiple_converge: 2
   deprecations_as_errors: true

spec/default_spec.rb

@@ -89,7 +89,7 @@
   it do
     is_expected.to render_file('/etc/rsyslog.conf').with_content('Config generated by Chef - manual edits will be overwritten')
     %w(imuxsock imklog).each do |mod|
-      is_expected.to render_file('/etc/rsyslog.conf').with_content(/^\$ModLoad #{mod}/)
+      is_expected.to render_file('/etc/rsyslog.conf').with_content(/^module\(load="#{mod}"/)
     end
   end
 

templates/default/35-server-per-host.conf.erb

@@ -2,8 +2,8 @@
 # Local modifications will be overwritten
 
 <% if node['rsyslog']['use_relp'] -%>
-$ModLoad imrelp
-$InputRELPServerRun <%= node['rsyslog']['relp_port'] %>
+module(load="imrelp")
+input(type="imrelp" port="<%= node['rsyslog']['relp_port'] %>")
 <% end -%>
 $DirGroup <%= node['rsyslog']['group'] %>
 $DirCreateMode 0755

templates/default/rsyslog.conf.erb

@@ -30,7 +30,14 @@ $PreserveFQDN <%= node['rsyslog']['preserve_fqdn'] %>
 
 <% if node['rsyslog']['modules'] && !node['rsyslog']['modules'].empty? %>
   <% [*node['rsyslog']['modules']].each do |mod| %>
-$ModLoad <%= mod %>
+  <% case mod -%>
+  <% when 'imuxsock' -%>
+module(load="imuxsock" SysSock.Use="off")
+  <% when 'imjournal' -%>
+module(load="imjournal" UsePid="system" StateFile="imjournal.state")
+  <% else -%>
+module(load="<%= mod %>")
+  <% end %>
   <% end %>
 <% end %>
 
@@ -42,23 +49,24 @@ $DefaultNetstreamDriverCAFile <%= node['rsyslog']['tls_ca_file'] %>
 $DefaultNetstreamDriverCertFile <%= node['rsyslog']['tls_certificate_file'] %>
 $DefaultNetstreamDriverKeyFile <%= node['rsyslog']['tls_key_file'] %>
 
-$ModLoad imtcp
+module(load="imtcp"
+  MaxSessions="<%= node['rsyslog']['tcp_max_sessions'] || 200 %>"
+  StreamDriver.Mode="1"
+  StreamDriver.AuthMode="<%= node['rsyslog']['tls_auth_mode'] || 'anon' %>")
+input(type="imtcp" Port="<%= node['rsyslog']['port'] %>")
 
-$InputTCPMaxSessions <%= node['rsyslog']['tcp_max_sessions'] || 200 %>
-$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
-$InputTCPServerStreamDriverAuthMode <%= node['rsyslog']['tls_auth_mode'] || 'anon' %>
-$InputTCPServerRun <%= node['rsyslog']['port'] %>
 # Provide <%= node['rsyslog']['protocol'].upcase %> log reception
   <% else -%>
 <% if node['rsyslog']['protocol'] =~ /tcp/ %>
-  $ModLoad imtcp
-  $InputTCPMaxSessions <%= node['rsyslog']['tcp_max_sessions'] || 200 %>
-  $InputTCPServerRun <%= node['rsyslog']['port'] %>
+module(load="imtcp"
+  MaxSessions="<%= node['rsyslog']['tcp_max_sessions'] || 200 %>")
+input(type="imtcp" Port="<%= node['rsyslog']['port'] %>")
 <% end -%>
 <% if node['rsyslog']['protocol'] =~ /udp/ %>
-  $ModLoad imudp
-  $UDPServerAddress <%= node['rsyslog']['bind'] %>
-  $UDPServerRun <%= node['rsyslog']['port'] %>
+module(load="imudp")
+input(type="imudp"
+  Address="<%= node['rsyslog']['bind'] %>"
+  Port="<%= node['rsyslog']['port'] %>")
 <% end -%>
   <% end -%>
 <% end -%>

test/integration/server/controls/server_spec.rb

@@ -1,7 +1,7 @@
 control 'server' do
   describe file '/etc/rsyslog.conf' do
     it { should be_file }
-    its(:content) { should match /^\$InputTCPMaxSessions 123$/ }
+    its('content') { should match /MaxSessions="123"/ }
   end
 
   describe file '/etc/rsyslog.d/35-server-per-host.conf' do