Merge pull request openstack-k8s-operators#521 from jlarriba/logging_tls

Configure rsyslog to being able to send TLS encrypted logs to the rem…

roles/edpm_telemetry/molecule/default/prepare.yml

@@ -216,9 +216,10 @@
         owner: root
         group: root
         content: |
-          module(load="imjournal" PersistStateInterval="10"
-                StateFile="journal_state")
-
           action(type="omfwd" target="172.17.0.80" port="10514" protocol="tcp"
                       action.resumeRetryCount="100"
-                      queue.type="linkedList" queue.size="10000")
+                      queue.type="linkedList" queue.size="10000"
+                      StreamDriver="ossl"
+                      StreamDriverMode="1"
+                      StreamDriverAuthMode="x509/certvalid"
+                      StreamDriver.CAFile="/etc/pki/rsyslog/ca-openshift.crt")

roles/edpm_telemetry/tasks/enable_logging.yml

@@ -20,13 +20,30 @@
   become: true
   failed_when: false
   register: rsyslog_service_state
+  tags:
+    - edpm_logging
 
 - name: Configure rsyslog if present
   become: true
   when:
     - (rsyslog_service_state is success) and
       ((rsyslog_service_state.status['SubState'] | lower) == 'running')
+  tags:
+    - edpm_logging
   block:
+    - name: Install openssl module support for rsyslog
+      ansible.builtin.dnf:
+        name: rsyslog-openssl
+        state: present
+
+    - name: Copy Openshift CA to the node
+      become: true
+      ansible.builtin.copy:
+        src: "{{ edpm_telemetry_config_src }}/ca-openshift.crt"
+        dest: "/etc/pki/rsyslog/ca-openshift.crt"
+        mode: "0644"
+        remote_src: "{{ telemetry_test | default('false') }}"
+
     - name: Deploy rsyslog configuration
       become: true
       ansible.builtin.copy:
@@ -35,5 +52,3 @@
         mode: "0644"
         remote_src: "{{ telemetry_test | default('false') }}"
       notify: Restart rsyslog
-      tags:
-        - edpm_logging