Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upGitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
LB-64, Add TLS support #85
Conversation
|
@Shwetajain148 next time if you want to change the formatting please do it in separate PR. It is very hard to review the code. |
Shwetajain148
force-pushed the
Shwetajain148:Add-TLS-Support
branch
from
6704dd1
to
81b1606
|
@mchaudhary @mostlyjason This PR consists of two commits. In the first commit, I have fixed the indentation. You can see the tab changes here: Fix Indentation In second commit you can compare the actual file changes to support TLS. Please go through link here: Add TLS Support to the script to send logs securely |
| echo "DOWNLOADING CERTIFICATE" | ||
| mkdir -pv /etc/rsyslog.d/keys/ca.d | ||
| curl -O https://logdog.loggly.com/media/logs-01.loggly.com_sha12.crt | ||
| sudo cp -Prf logs-01.loggly.com_sha12.crt /etc/rsyslog.d/keys/ca.d/logs-01.loggly.com_sha12.crt |
mostlyjason
Feb 16, 2017
Contributor
DOn't forget to clean up the local directory when done
DOn't forget to clean up the local directory when done
| @@ -215,18 +219,23 @@ removeLogglyConf() | |||
| case "$LINUX_DIST_IN_LOWER_CASE" in | |||
| *"ubuntu"* ) | |||
| echo "INFO: Operating system is Ubuntu." | |||
| PKG_MGR="apt-get" | |||
mostlyjason
Feb 16, 2017
Contributor
What are these for?
What are these for?
Shwetajain148
Feb 20, 2017
Author
Contributor
@mostlyjason : In the case of Rsyslog version 7, we need to install rsyslog-gnutls package. So I have initialised the package manager variable for each Linux distribution. Please refer: Line-554
@mostlyjason : In the case of Rsyslog version 7, we need to install rsyslog-gnutls package. So I have initialised the package manager variable for each Linux distribution. Please refer: Line-554
mostlyjason
Feb 21, 2017
Contributor
Ok thanks
Ok thanks
| # ------------------------------------------------------- | ||
| # Define the template used for sending logs to Loggly. Do not change this format. | ||
| \$template LogglyFormat,\"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [$2@$3] %msg%\n\" | ||
| \$template LogglyFormat,\"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [$LOGGLY_AUTH_TOKEN@$LOGGLY_DISTRIBUTION_ID tag=\\\"Rsyslog\\\"] %msg%\n\" |
mostlyjason
Feb 16, 2017
Contributor
Let's use the tag from the tls documentation
Let's use the tag from the tls documentation
| exit 1 | ||
| fi | ||
| #This script needs to be run as root | ||
| if [[ $EUID -ne 0 ]]; then |
mostlyjason
Feb 16, 2017
Contributor
What was wrong with the formatting of the indents before? I noticed that you are changing it but is there any particular reason?
What was wrong with the formatting of the indents before? I noticed that you are changing it but is there any particular reason?
Shwetajain148
Feb 20, 2017
Author
Contributor
@mostlyjason Formatting is done by IntelliJ IDE automatically. If you want then I can revert it back to the previous indentation and will only raise PR with actual file changes.
@mostlyjason Formatting is done by IntelliJ IDE automatically. If you want then I can revert it back to the previous indentation and will only raise PR with actual file changes.
| ) | ||
| # Send messages to Loggly over TCP using the template. | ||
| action(type=\"omfwd\" protocol=\"tcp\" target=\"$LOGS_01_HOST\" port=\"$LOGGLY_SYSLOG_TLS_PORT\" template=\"LogglyFormat\" StreamDriver=\"gtls\" StreamDriverMode=\"1\" StreamDriverAuthMode=\"x509/name\" StreamDriverPermittedPeers=\"*.loggly.com\") | ||
| " |
Shwetajain148
Feb 20, 2017
Author
Contributor
These are the TLS configurations for Rsyslog version 7- and 8+. If user sets up for Non-TLS logging then inputStr_NO_TLS will be installed.
These are the TLS configurations for Rsyslog version 7- and 8+. If user sets up for Non-TLS logging then inputStr_NO_TLS will be installed.
| SUPPRESS_PROMPT="true" | ||
| ;; | ||
| --insecure ) | ||
| LOGGLY_TLS_SENDING="false" |
Shwetajain148
Feb 20, 2017
Author
Contributor
Command line parameter to setup non-tls sending.
Command line parameter to setup non-tls sending.
| logMsgToConfigSysLog "INFO" "INFO: Initiating Configure Loggly for Linux." | ||
|
|
||
| if [ "$LINUX_ENV_VALIDATED" = "false" ]; then | ||
| checkLinuxLogglyCompatibility |
psquickitprageet
Feb 21, 2017
@Shwetajain148: This statement should appear inside the IF block. Make the same change at all the places where this kind of indentation problem is present.
@Shwetajain148: This statement should appear inside the IF block. Make the same change at all the places where this kind of indentation problem is present.
Shwetajain148
force-pushed the
Shwetajain148:Add-TLS-Support
branch
2 times, most recently
from
674792d
to
b87a32d
Shwetajain148
force-pushed the
Shwetajain148:Add-TLS-Support
branch
from
b87a32d
to
b2c917d
|
@mchaudhary @mostlyjason Please review the script.
|
| curl -O https://logdog.loggly.com/media/logs-01.loggly.com_sha12.crt | ||
| sudo cp -Prf logs-01.loggly.com_sha12.crt /etc/rsyslog.d/keys/ca.d/logs-01.loggly.com_sha12.crt | ||
| sudo rm logs-01.loggly.com_sha12.crt | ||
| } |
mostlyjason
Mar 8, 2017
Contributor
Can we log an error message if the certificate cannot be downloaded?
Can we log an error message if the certificate cannot be downloaded?
mostlyjason
Mar 8, 2017
Contributor
@Shwetajain148 sorry I had this review in pending for several days and forgot to submit it
@Shwetajain148 sorry I had this review in pending for several days and forgot to submit it
| " | ||
| " | ||
| if [ "$RSYSLOG_VERSION_TMP" -le "7" ]; then | ||
| /bin/bash -c "sudo $PKG_MGR install rsyslog-gnutls -y" |
mostlyjason
Mar 8, 2017
Contributor
Can we log an error message if the package installation fails?
Can we log an error message if the package installation fails?
mostlyjason
Mar 9, 2017
Contributor
Will this also pass if the package has been previously installed and they are running the script again?
Will this also pass if the package has been previously installed and they are running the script again?
mchaudhary
Mar 9, 2017
Contributor
Yes that should work. I will let @Shwetajain148 comment and then merge this tomorrow morning.
Yes that should work. I will let @Shwetajain148 comment and then merge this tomorrow morning.
Shwetajain148
Mar 10, 2017
•
Author
Contributor
@mchaudhary @mostlyjason Yes. In the case of already installed package, when script will try to install it, will get the following output:
"rsyslog-gnutls is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 47 not upgraded."
And then the script will go for the next steps.
@mchaudhary @mostlyjason Yes. In the case of already installed package, when script will try to install it, will get the following output:
"rsyslog-gnutls is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 47 not upgraded."
And then the script will go for the next steps.
mostlyjason
Mar 10, 2017
Contributor
Okay great
Okay great
…tls package do not install
| then | ||
| logMsgToConfigSysLog "ERROR" "ERROR: The rsyslog-gnutls package was not downloaded. Please download it and then run the script again." | ||
| exit 1 | ||
| fi |
Shwetajain148
Mar 9, 2017
Author
Contributor
@mostlyjason I could observe that TLS logging requires the rsyslog-gnutls package in case of rsyslog version 8 as well. Otherwise, logging didn't work.
Also, I have added the error message in case package doesn't install successfully.
@mostlyjason I could observe that TLS logging requires the rsyslog-gnutls package in case of rsyslog version 8 as well. Otherwise, logging didn't work.
Also, I have added the error message in case package doesn't install successfully.
mostlyjason
Mar 9, 2017
Contributor
Okay please test on all the various distributions as well
Okay please test on all the various distributions as well
| logMsgToConfigSysLog "ERROR" "ERROR: Certificate could not be downloaded." | ||
| exit 1 | ||
| fi | ||
| } |
Shwetajain148
Mar 9, 2017
Author
Contributor
@mostlyjason I have added the error message in the case when the certificate could not be found.
@mostlyjason I have added the error message in the case when the certificate could not be found.
|
@mchaudhary I believe she has addressed all my comments so please merge whenever you're ready |
No description provided.