lint fb_syslog; delete uncontrolled files

cookbooks/fb_syslog/README.md

@@ -25,6 +25,7 @@ Attributes
 * node['fb_syslog']['rsyslog_use_omprog_force']
 * node['fb_syslog']['rsyslog_stats_logging']
 * node['fb_syslog']['rsyslog_report_suspension']
+* node['fb_syslog']['rsyslog_d_preserve']
 * node['fb_syslog']['sysconfig']['vars'][$KEY][$VAL]
 * node['fb_syslog']['sysconfig']['extra_lines']
 
@@ -36,7 +37,7 @@ in a `syslog.conf`, and all syslog-style entries in `rsyslog.conf`.
 
 Each generated rule is composed of a hash entry:
 
-```
+```ruby
 'name' => {
   comment => 'Associated comment',
   selector => '<facility>.<priority>',
@@ -70,7 +71,7 @@ define them in `node['fb_syslog']['rsyslog_rulesets']`.  This will also
 open up the required network ports for listening and bind them to the RuleSet.
 Here is an example for usage, also see fb_rlog recipe for a larger example:
 
-```
+```ruby
 node.default['fb_syslog']['rsyslog_rulesets'] = {
   'incoming_music' => {
     'proto' => 'udp',
@@ -93,7 +94,7 @@ node.default['fb_syslog']['rsyslog_rulesets'] = {
 
 The output of the above example would yield:
 
-```
+```text
 $RuleSet incoming_music
 # Metallica
 :programname, isequal, "RideTheLightning" /var/log/metallica.log
@@ -122,7 +123,7 @@ The most common use for this will be if you need to open ports to pass health
 checks that are not already opened from your ruleset.
 Here is an example:
 
-```
+```ruby
 node.default['fb_syslog']['rsyslog_nonruleset_ports'] = {
   'tcp' => [
     '514',
@@ -136,7 +137,7 @@ node.default['fb_syslog']['rsyslog_nonruleset_ports'] = {
 
 The output of the above example would yield:
 
-```
+```text
 $InputTCPServerRun 514
 $InputTCPServerRun 5140
 $InputUDPServerRun 514
@@ -153,7 +154,7 @@ If messages entering the syslog system contain control characters and it's
 causing you problems, you can enable escaping of non-printable characters by
 enabling the `node['fb_syslog']['rsyslog_escape_cchars']` attribute:
 
-```
+```ruby
 node.default['fb_syslog']['rsyslog_escape_cchars'] = true
 ```
 
@@ -162,13 +163,13 @@ If you need to have /dev/log inside chroots, you'll need to have rsyslog
 listening to additional sockets in a directory that can be bind mounted inside
 the chroot. Rsyslog will create any missing directory for you.
 
-```
+```ruby
 node.default['fb_syslog']['rsyslog_additional_sockets'] << '/dev/rsyslog/log'
 ```
 
 The output of the above example would yield:
 
-```
+```text
 $InputUnixListenSocketCreatePath on
 $AddUnixListenSocket /dev/rsyslog/log
 ```
@@ -181,7 +182,7 @@ If you set `node['fb_syslog']['rsyslog_upstream']`, then any facilities you add
 to `node['fb_syslog']['rsyslog_facilities_sent_to_remote']` will be sent to that
 upstream. For example:
 
-```
+```ruby
 node.default['fb_syslog']['rsyslog_facilities_sent_to_remote'] << 'auth.*'
 node.default['fb_syslog']['rsyslog_upstream'] << 'syslog.mydomain.com'
 ```
@@ -194,7 +195,7 @@ You will need to specify the binary to forward syslog messages to in
 in `node['fb_syslog']['rsyslog_facilities_sent_to_remote']` will be forwarded to
 that binary. For example:
 
-```
+```ruby
 node.default['fb_syslog']['rsyslog_facilities_sent_to_remote'] << 'auth.*'
 node.default['fb_syslog']['rsyslog_use_omprog'] = true
 node.default['fb_syslog']['rsyslog_omprog_binary'] = '/usr/bin/myprogram'
@@ -206,7 +207,7 @@ By default, program forwarding (omprog) will only be enabled if
 `node['fb_syslog']['rsyslog_use_omprog_force']` to enable program forwarding
 and a rsyslog server simultaneously. For example:
 
-```
+```ruby
 node.default['fb_syslog']['rsyslog_use_omprog_force'] = true
 ```
 
@@ -227,13 +228,18 @@ Set `node['fb_syslog']['rsyslog_stats_logging']` to true to enable periodic
 output of rsyslog internal counters. These will be logged using the `impstats`
 module to `/var/log/rsyslog-stats.log`.
 
+### Controlling the syslog.d directory
+By default, we will delete everything in the `/etc/rsyslog.d`, as all rsyslog
+configuration should be controlled by users of this API. However, if you need
+to preserve such files, set `node['fb_syslog']['rsyslog_d_preserve']` to `true`.
+
 ### sysconfig settings
 On non-systemd systems, `node['fb_syslog']['sysconfig']` can be used
 to setup `/etc/sysconfig/rsyslog` (for RedHat machines) or
 `/etc/default/rsyslog` (for Debian or Ubuntu). In general you should use it
 like this:
 
-```
+```ruby
 node.default['fb_syslog']['sysconfig']['vars']['SYSLOGD_OPTIONS'] =
   '-c'
 ```

cookbooks/fb_syslog/attributes/default.rb

@@ -43,9 +43,14 @@
       'comment' => 'Log anything info level or higher. A lot ' +
                    'of things go into their own file.',
       'selector' => '*.info;mail,authpriv,cron,' +
-        'local0,local1,local2,local3,local5,local6,local7.none',
+        'local0,local1,local2,local3,local4,local5,local6,local7.none',
       'action' => "-#{syslog_file}",
     },
+    'authlog' => {
+      'comment' => 'Log all auth stuff',
+      'selector' => 'auth,authpriv.*',
+      'action' => '/var/log/auth.log',
+    },
     'mail' => {
       'comment' => 'Log all the mail messages in one place.',
       'selector' => 'mail.*',
@@ -88,6 +93,7 @@
     '$DirCreateMode 0755',
     '$Umask 0002',
   ],
+  'rsyslog_d_preserve' => false,
   'rsyslog_late_lines' => [],
   'rsyslog_additional_sockets' => [],
   'rsyslog_facilities_sent_to_remote' => [],

cookbooks/fb_syslog/recipes/default.rb

@@ -73,6 +73,13 @@
   notifies :restart, "service[#{service_name}]"
 end
 
+directory '/etc/rsyslog.d' do
+  not_if { node['fb_syslog']['rsyslog_d_preserve'] }
+  action :delete
+  recursive true
+  notifies :restart, "service[#{service_name}]"
+end
+
 service service_name do
   action :start
   subscribes :restart, 'package[rsyslog]'