Set Fedora policy to 90 days of compressed logs

tasks/main.yml

@@ -41,6 +41,30 @@
     - 'ensure_log_rotation.service_facts'
 - name: 'flush handlers'
   meta: 'flush_handlers'
+- name: 'ensure configuration'
+  when:
+    - ansible_system == 'Linux'
+    - ensure_log_rotation is defined
+    - ensure_log_rotation.template_list is defined
+    - ensure_log_rotation.template_list is iterable
+  template:
+    attributes: '{{ item.attributes | default(omit) }}'
+    backup: '{{ item.backup | default(omit) }}'
+    dest: '{{ item.dest }}'
+    follow: '{{ item.follow | default(omit) }}'
+    force: '{{ item.force | default(omit) }}'
+    group: '{{ item.group | default(omit) }}'
+    mode: '{{ item.mode | default(omit) }}'
+    owner: '{{ item.owner | default(omit) }}'
+    selevel: '{{ item.selevel | default(omit) }}'
+    serole: '{{ item.serole | default(omit) }}'
+    setype: '{{ item.setype | default(omit) }}'
+    seuser: '{{ item.seuser | default(omit) }}'
+    src: '{{ item.src | default(omit) }}'
+    validate: '{{ item.validate | default(omit) }}'
+  loop: '{{ ensure_log_rotation.template_list }}'
+  loop_control:
+    label: '{{ item.dest }}'
 - name: 'ensure services'
   when:
     - ansible_system == 'Linux'

templates/Fedora/29/etc/logrotate.conf

@@ -0,0 +1,20 @@
+# see "man logrotate" for details
+# rotate log files weekly
+daily
+
+# keep 4 weeks worth of backlogs
+rotate 90
+
+# create new (empty) log files after rotating old ones
+create
+
+# use date as a suffix of the rotated file
+dateext
+
+# uncomment this if you want your log files compressed
+compress
+
+# packages drop log rotation information into this directory
+include /etc/logrotate.d
+
+# system-specific logs may be also be configured here.

templates/Fedora/29/etc/logrotate.d/btmp

@@ -0,0 +1,7 @@
+# no packages own btmp -- we'll rotate it here
+/var/log/btmp {
+    missingok
+    monthly
+    create 0660 root utmp
+    rotate 1
+}

templates/Fedora/29/etc/logrotate.d/wtmp

@@ -0,0 +1,8 @@
+# no packages own wtmp -- we'll rotate it here
+/var/log/wtmp {
+    missingok
+    monthly
+    create 0664 root utmp
+    minsize 1M
+    rotate 1
+}

templates/Fedora/30/etc/logrotate.conf

@@ -0,0 +1,20 @@
+# see "man logrotate" for details
+# rotate log files weekly
+daily
+
+# keep 4 weeks worth of backlogs
+rotate 90
+
+# create new (empty) log files after rotating old ones
+create
+
+# use date as a suffix of the rotated file
+dateext
+
+# uncomment this if you want your log files compressed
+compress
+
+# packages drop log rotation information into this directory
+include /etc/logrotate.d
+
+# system-specific logs may be also be configured here.

templates/Fedora/30/etc/logrotate.d/btmp

@@ -0,0 +1,7 @@
+# no packages own btmp -- we'll rotate it here
+/var/log/btmp {
+    missingok
+    monthly
+    create 0660 root utmp
+    rotate 1
+}

templates/Fedora/30/etc/logrotate.d/wtmp

@@ -0,0 +1,8 @@
+# no packages own wtmp -- we'll rotate it here
+/var/log/wtmp {
+    missingok
+    monthly
+    create 0664 root utmp
+    minsize 1M
+    rotate 1
+}

templates/Fedora/31/etc/logrotate.conf

@@ -0,0 +1,20 @@
+# see "man logrotate" for details
+# rotate log files weekly
+daily
+
+# keep 4 weeks worth of backlogs
+rotate 90
+
+# create new (empty) log files after rotating old ones
+create
+
+# use date as a suffix of the rotated file
+dateext
+
+# uncomment this if you want your log files compressed
+compress
+
+# packages drop log rotation information into this directory
+include /etc/logrotate.d
+
+# system-specific logs may be also be configured here.

templates/Fedora/31/etc/logrotate.d/btmp

@@ -0,0 +1,7 @@
+# no packages own btmp -- we'll rotate it here
+/var/log/btmp {
+    missingok
+    monthly
+    create 0660 root utmp
+    rotate 1
+}

templates/Fedora/31/etc/logrotate.d/wtmp

@@ -0,0 +1,8 @@
+# no packages own wtmp -- we'll rotate it here
+/var/log/wtmp {
+    missingok
+    monthly
+    create 0664 root utmp
+    minsize 1M
+    rotate 1
+}

vars/Fedora-29-x86_64.yml

@@ -4,4 +4,8 @@ package_list:
   - { name: 'logrotate', state: 'present' }
 service_list:
   - { name: 'logrotate.timer', state: 'started', enabled: 'yes' }
+template_list:
+  - { dest: '/etc/logrotate.conf', force: 'yes', group: 'root', mode: '0644', owner: 'root', src: '{{ ansible_distribution }}/{{ ansbile_distribution_major_version }}/etc/logortate.conf' }
+  - { dest: '/etc/logrotate.d/btmp', force: 'yes', group: 'root', mode: '0644', owner: 'root', src: '{{ ansible_distribution }}/{{ ansbile_distribution_major_version }}/etc/logortate.d/btmp' }
+  - { dest: '/etc/logrotate.d/wtmp', force: 'yes', group: 'root', mode: '0644', owner: 'root', src: '{{ ansible_distribution }}/{{ ansbile_distribution_major_version }}/etc/logortate.d/wtmp' }
 

vars/Fedora-30-x86_64.yml

@@ -4,4 +4,8 @@ package_list:
   - { name: 'logrotate', state: 'present' }
 service_list:
   - { name: 'logrotate.timer', state: 'started', enabled: 'yes' }
+template_list:
+  - { dest: '/etc/logrotate.conf', force: 'yes', group: 'root', mode: '0644', owner: 'root', src: '{{ ansible_distribution }}/{{ ansbile_distribution_major_version }}/etc/logortate.conf' }
+  - { dest: '/etc/logrotate.d/btmp', force: 'yes', group: 'root', mode: '0644', owner: 'root', src: '{{ ansible_distribution }}/{{ ansbile_distribution_major_version }}/etc/logortate.d/btmp' }
+  - { dest: '/etc/logrotate.d/wtmp', force: 'yes', group: 'root', mode: '0644', owner: 'root', src: '{{ ansible_distribution }}/{{ ansbile_distribution_major_version }}/etc/logortate.d/wtmp' }
 

vars/Fedora-31-x86_64.yml

@@ -4,4 +4,7 @@ package_list:
   - { name: 'logrotate', state: 'present' }
 service_list:
   - { name: 'logrotate.timer', state: 'started', enabled: 'yes' }
-
+template_list:
+  - { dest: '/etc/logrotate.conf', force: 'yes', group: 'root', mode: '0644', owner: 'root', src: '{{ ansible_distribution }}/{{ ansbile_distribution_major_version }}/etc/logortate.conf' }
+  - { dest: '/etc/logrotate.d/btmp', force: 'yes', group: 'root', mode: '0644', owner: 'root', src: '{{ ansible_distribution }}/{{ ansbile_distribution_major_version }}/etc/logortate.d/btmp' }
+  - { dest: '/etc/logrotate.d/wtmp', force: 'yes', group: 'root', mode: '0644', owner: 'root', src: '{{ ansible_distribution }}/{{ ansbile_distribution_major_version }}/etc/logortate.d/wtmp' }