apache and app logs retrieval

[Stephen John Smoogen]

On 25 June 2013 13:16, seth vidal <skvidal at fedoraproject.org> wrote:

> Last week when we were talking about spawning rdiff-backup to backup
> our systems, we diverged into discussing app/apache logs and the
> somewhat complicated system we currently have for grabbing those logs.
>
> Right now we have a list of hosts on log02 that it should grab logs
> from. Those hosts need to have rsyncd running on them to allow access
> from log02 to fetch the /var/log/httpd/ path from them.
>
> That requires 2 things to be coupled and it is a bit awkward if you set
> up a host that is tricky to access from log02 or isn't on the vpn.
>
> In general I also am not in love with having to have rsyncd listening
> on systems - even if it is ip-restricted.
>
> So the thought was we could do something like this on log02:
>
> 1. setup an ssh key on log02 that can run rsync to /var/log/httpd on
> all hosts
> 2. make any host that needs to have its logs retrieved be marked in
> the ansible inventory host/group vars
> 3.  git clone public-ansible-repo onto log02
> 4. use group_by to construct a group of the hosts which can then be
> retrieved using rsync.
>
> The sole reason for using ansible here is so we can keep the log sync
> info in our inventory and to parallelize the retrieval of logs.
>
> This is more or less identical to what we talked about for backups
> using rdiff-backup.
>
>
My question is will a person who is on log02 be able to ssh into every
rsyncable host as root like they can do so from lockbox. or will we be
using a sub-user who can be ssh'd from log02 to get the log files? I am
just wanting to keep the number of systems we need to really worry about to
a minimum so we aren't ending up with whackamole later.


-- 
Stephen J Smoogen.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20130627/5765dfd1/attachment.html>