From 5471ca8e2720ec8381631391c63010f40f41721a Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Thu, 22 Aug 2019 10:55:49 +0200
Subject: [PATCH] stop hardcoding loghost names in syslog-ng template

---
 modules/syslog_ng/manifests/init.pp           |  3 +
 .../syslog_ng/templates/syslog-ng.conf.erb    | 62 ++++++-------------
 2 files changed, 23 insertions(+), 42 deletions(-)

diff --git a/modules/syslog_ng/manifests/init.pp b/modules/syslog_ng/manifests/init.pp
index 172c2c7b3..9e939d777 100644
--- a/modules/syslog_ng/manifests/init.pp
+++ b/modules/syslog_ng/manifests/init.pp
@@ -3,6 +3,9 @@ class syslog_ng {
 		ensure => installed
 	}
 
+	$query = 'nodes[certname] { resources { type = "Class" and title = "Roles::Loghost" } }'
+	$loghosts = sort(puppetdb_query($query).map |$value| { $value["certname"] })
+
 	service { 'syslog-ng':
 		ensure => running,
 		hasstatus => false,
diff --git a/modules/syslog_ng/templates/syslog-ng.conf.erb b/modules/syslog_ng/templates/syslog-ng.conf.erb
index 9dda8ff70..4e6619ec8 100644
--- a/modules/syslog_ng/templates/syslog-ng.conf.erb
+++ b/modules/syslog_ng/templates/syslog-ng.conf.erb
@@ -113,7 +113,7 @@ source s_local {
 <%- end -%>
 };
 
-<%- if (@hostname == "lotti") || (@hostname == "loghost-grnet-01") || (@hostname == "loghost-osuosl-01") -%>
+<% if @loghosts and @loghosts.include?(@fqdn)-%>
 source s_network {
 	tcp6(port(5140) max-connections(400)
 		tls( key_file("/etc/exim4/ssl/thishost.key")
@@ -398,54 +398,31 @@ log {
 };
 <%- end -%>
 
-
- <%- if @hostname != "lotti" -%>
-destination loghost-lotti {
-	tcp("lotti.debian.org" port (5140)
-		tls( key_file("/etc/ssl/private/thishost.key")
-		     cert_file("/etc/ssl/debian/certs/thishost.crt")
-		     ca_dir("/etc/ssl/debian/certs/")
-		)
-	);
-};
- <%- end -%>
-  <%- if @hostname != "loghost-grnet-01" -%>
-destination loghost-loghost-grnet-01 {
-	tcp("loghost-grnet-01.debian.org" port (5140)
-		tls( key_file("/etc/ssl/private/thishost.key")
-		     cert_file("/etc/ssl/debian/certs/thishost.crt")
-		     ca_dir("/etc/ssl/debian/certs/")
+<% if @loghosts -%>
+  <% @loghosts.each do |loghost| -%>
+destination loghost-<%= loghost %> {
+	tcp("<%= loghost %>" port (5140)
+		tls( key_file("/etc/ssl/torproject-auto/clientkeys/thishost.key")
+		     cert_file("/etc/ssl/torproject-auto/clientcerts/thishost.crt")
+		     ca_dir("/etc/ssl/torproject-auto/clientcerts/")
 		)
 	);
 };
- <%- end -%>
-  <%- if @hostname != "loghost-osuosl-01" -%>
-destination loghost-loghost-osuosl-01 {
-	tcp("loghost-osuosl-01.debian.org" port (5140)
-		tls( key_file("/etc/ssl/private/thishost.key")
-		     cert_file("/etc/ssl/debian/certs/thishost.crt")
-		     ca_dir("/etc/ssl/debian/certs/")
-		)
-	);
-};
- <%- end -%>
+  <% end -%>
+<% end -%>
 
 log {
 	source(s_local);
- <%- if @hostname != "lotti" -%>
-	destination(loghost-lotti);
- <%- end -%>
- <%- if @hostname != "loghost-grnet-01" -%>
-	destination(loghost-loghost-grnet-01);
- <%- end -%>
- <%- if @hostname != "loghost-osuosl-01" -%>
-	destination(loghost-loghost-osuosl-01);
- <%- end -%>
+<% if @loghosts -%>
+  <% @loghosts.each do |loghost| -%>
+    <%- if loghost != @fqdn -%>
+	destination(loghost-<%= loghost %>);
+    <% end -%>
+  <% end -%>
+<% end -%>
 };
 
-
-
-<%- if (@hostname == "lotti") || (@hostname == "loghost-grnet-01") || (@hostname == "loghost-osuosl-01") -%>
+<% if @loghosts and @loghosts.include?(@fqdn)-%>
 ###############################################################################
 ########## ON LOG HOST ########################################################
 ###############################################################################
@@ -563,4 +540,5 @@ destination fastly { file("/var/log/fastly.log"); };
 log { source(s_network_fastly);
       destination(fastly); };
 
-<%- end -%>
+
+<% end -%>
-- 
2.20.1