Fixes #15446: When HTTPS reporting is selected, rsyslog is still acti…

…ve and so reports are duplicated on the server

techniques/system/common/1.0/metadata.xml

@@ -129,6 +129,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
     <NAME>RUDDER_NODE_GROUPS_VARS</NAME>
     <NAME>RUDDER_NODE_GROUPS_CLASSES</NAME>
     <NAME>REPORTING_PROTOCOL</NAME>
+    <NAME>SYSLOG_PROTOCOL_DISABLED</NAME>
     <NAME>RUDDER_INVENTORY_VARS</NAME>
   </SYSTEMVARS>
 

techniques/system/common/1.0/promises.st

@@ -36,6 +36,7 @@ bundle common rudder_roles
       "changes_only"           expression => "changes_only_mode.!force_full_compliance";
       "reports_disabled"       expression => "reports_disabled_mode.!force_full_compliance";
       "rudder_reporting_https" expression => strcmp("&REPORTING_PROTOCOL&", "HTTPS");
+      "rsyslog_disabled"       expression => strcmp("&SYSLOG_PROTOCOL_DISABLED&", "true");
 
       # full compliance is the default mode
       "full_compliance" not => "changes_only|reports_disabled";

techniques/system/distributePolicy/1.0/rsyslogConf.cf

@@ -62,14 +62,16 @@ bundle agent install_rsyslogd
 
   files:
 
-    policy_server.!reports_disabled.!role_rudder_relay_promises_only::
+    policy_server.!(reports_disabled|rsyslog_disabled).!role_rudder_relay_promises_only::
 
       "/etc/rsyslog.d/rudder.conf"
-        create    => "true",
-        edit_defaults => empty_size("8388608"), # the template can get pretty big with a lot of entries
-        edit_line => expand_template("${this.promise_dirname}/../rsyslog.conf/${rsyslog_source_file}"),
-        classes => classes_generic("rudder_rsyslog_conf"),
-        comment => "Copying rsyslog conf";  
+        create          => "true",
+        edit_defaults   => empty_size("8388608"), # the template can get pretty big with a lot of entries
+        perms           => mog("600", "root", "0"),
+        template_method => "mustache",
+        edit_template   => "${this.promise_dirname}/../rsyslog.conf/${rsyslog_source_file}",
+        classes         => classes_generic("rudder_rsyslog_conf"),
+        comment         => "Copying rsyslog conf";
 
       "/etc/rsyslog.conf"
         edit_line => append_if_no_lines("$IncludeConfig /etc/rsyslog.d/*.conf"),
@@ -84,20 +86,28 @@ bundle agent install_rsyslogd
         classes => classes_generic("rudder_rsyslog_historical_conf"),
         comment => "Deleting historical rudder-agent.conf file if it is there";
 
-    (root_server|role_rudder_relay_top).debian.!reports_disabled.!role_rudder_relay_promises_only::
+    (root_server|role_rudder_relay_top).debian.!(reports_disabled|rsyslog_disabled).!role_rudder_relay_promises_only::
       "/etc/rsyslog.d/pgsql.conf"
         edit_line => comment_all(),
         edit_defaults => noempty_backup,
         classes => classes_generic("rudder_rsyslog_pgsql"),
         comment => "Removing the logging of all in the database";  
 
+    # If reports are disabled, or if rsyslog is disabled, we remove rudder rsyslog conf
+    policy_server.(reports_disabled|rsyslog_disabled)
+      "/etc/rsyslog.d/rudder.conf"
+        delete  => tidy,
+        classes => classes_generic("remove_rudder_rsyslog_conf");
+
+
+
   commands:
-    policy_server.!SuSE.(rudder_rsyslog_conf_repaired|rsyslog_inc_repaired|rudder_rsyslog_historical_conf_repaired|rudder_rsyslog_pgsql_repaired)::
+    policy_server.!SuSE.(rudder_rsyslog_conf_repaired|rsyslog_inc_repaired|rudder_rsyslog_historical_conf_repaired|rudder_rsyslog_pgsql_repaired|remove_rudder_rsyslog_conf_repaired)::
       "${paths.path[service]} rsyslog"
         args => "restart",
         classes => classes_generic("rsyslog_restarted"),
         comment => "restarting rsyslog";
-    policy_server.SuSE.(rudder_rsyslog_conf_repaired|rsyslog_inc_repaired|rudder_rsyslog_historical_conf_repaired|rudder_rsyslog_pgsql_repaired)::
+    policy_server.SuSE.(rudder_rsyslog_conf_repaired|rsyslog_inc_repaired|rudder_rsyslog_historical_conf_repaired|rudder_rsyslog_pgsql_repaired|remove_rudder_rsyslog_conf_repaired)::
       "${paths.path[service]} syslog"
         args => "restart",
         classes => classes_generic("rsyslog_restarted"),

techniques/system/distributePolicy/1.0/rudder-rsyslog-relay.st

@@ -44,13 +44,21 @@ $ActionQueueSaveOnShutdown on
 
 # Filtering by content
 # Process :
+
+# If report protocol is HTTPS, we drop the local rsyslog message
+{{#classes.rudder_reporting_https}}
+if $fromhost-ip == "127.0.0.1" then {
+    :programname, isequal, "rudder" ~
+}
+{{/classes.rudder_reporting_https}}
+
 # We first forward the data to the root server, then we drop it to prevent
 # it from reaching local storage in .log files.
 # The report format is @@Policy@@State@@RuleId@@DirectiveId@@VersionId@@Component@@Key@@ExecutionTimeStamp##NodeId@#HumanReadableMessage
 #
 
 # 1 - Send every matching report to the root server
-:msg, ereregex, "(R: )?@@[ a-zA-Z0-9_\-]+?@@[a-zA-Z0-9_\-]{1,64}?@@[a-zA-Z0-9\-]+@@[a-zA-Z0-9\-]+?@@[0-9]+?@@.*?@@.*?@@[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}[+-][0-9]{1,2}:[0-9]{2}##[a-zA-Z0-9\-]+?@#.*" ${check_log_system.rsyslog_rule_prefix}${server_info.policy_server}:&SYSLOGPORT&
+:msg, ereregex, "(R: )?@@[ a-zA-Z0-9_\-]+?@@[a-zA-Z0-9_\-]{1,64}?@@[a-zA-Z0-9\-]+@@[a-zA-Z0-9\-]+?@@[0-9]+?@@.*?@@.*?@@[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}[+-][0-9]{1,2}:[0-9]{2}##[a-zA-Z0-9\-]+?@#.*" {{vars.check_log_system.rsyslog_rule_prefix}}{{vars.server_info.policy_server}}:&SYSLOGPORT&
 
 # 2 - Drop the remaining rudder logs to prevent local storage cluttering
 

techniques/system/distributePolicy/1.0/rudder-rsyslog-root.st

@@ -63,12 +63,19 @@ $template RudderReportsFormat,"insert into RudderSysEvents (executionDate, nodeI
 
 # Filtering by content
 # Process :
-# We first store the data in the database, then we drop it to prevent
+# If report protocol is HTTPS, we drop the local rsyslog message
+{{#classes.rudder_reporting_https}}
+if $fromhost-ip == "127.0.0.1" then {
+    :programname, isequal, "rudder" ~
+}
+{{/classes.rudder_reporting_https}}
+
+# Else we first store the data in the database, then we drop it to prevent
 # it from reaching local storage in .log files.
 # The report format is @@Policy@@State@@RuleId@@DirectiveId@@0@@Component@@Key@@ExecutionTimeStamp##NodeId@#HumanReadableMessage
 #
 # 1 - Send every matching report in the database...
-:msg, ereregex, "(R: )?@@[ a-zA-Z0-9_\-]+?@@[a-zA-Z0-9_\-]+?@@[a-zA-Z0-9\-]+@@[a-zA-Z0-9\-]+?@@0@@.*?@@.*?@@[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}[+-][0-9]{1,2}:[0-9]{2}##[a-zA-Z0-9\-]+?@#.*"  :ompgsql:${rudder_postgresql.host},${rudder_postgresql.db_name},${rudder_postgresql.db_user},${rudder_postgresql.db_pass};RudderReportsFormat
+:msg, ereregex, "(R: )?@@[ a-zA-Z0-9_\-]+?@@[a-zA-Z0-9_\-]+?@@[a-zA-Z0-9\-]+@@[a-zA-Z0-9\-]+?@@0@@.*?@@.*?@@[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}[+-][0-9]{1,2}:[0-9]{2}##[a-zA-Z0-9\-]+?@#.*"  :ompgsql:{{vars.rudder_postgresql.host}},{{vars.rudder_postgresql.db_name}},{{vars.rudder_postgresql.db_user}},{{vars.rudder_postgresql.db_pass}};RudderReportsFormat
 
 # 2 - Drop the remaining rudder logs to prevent local storage cluttering