From 33a63bc0da8fc153f07f8efbf3c86eb12e3dabf8 Mon Sep 17 00:00:00 2001 From: Dmitry Tantsur Date: Fri, 24 Jul 2020 13:01:19 +0200 Subject: [PATCH] Make ironic logging more in line with other services. Currently ironic logs into files, other services - into journald. Ramdisk logs are for some reason stored with data rather than in /var/log. This change makes all services log into journald and changes to standard paths for ramdisk logs (making them available in the CI as a side effect). Change-Id: I8b3c7750596602c2609798ffbb7e274e2c18b40f --- .../bifrost-ironic-install/defaults/main.yml | 5 +-- .../tasks/bootstrap.yml | 35 ++++++++----------- .../templates/ironic.conf.j2 | 7 ++-- .../notes/logging-bcc7d552944c94e4.yaml | 17 +++++++++ scripts/collect-test-info.sh | 20 ++++------- 5 files changed, 46 insertions(+), 38 deletions(-) create mode 100644 releasenotes/notes/logging-bcc7d552944c94e4.yaml diff --git a/playbooks/roles/bifrost-ironic-install/defaults/main.yml b/playbooks/roles/bifrost-ironic-install/defaults/main.yml index 8e576bdbb..4eab91de8 100644 --- a/playbooks/roles/bifrost-ironic-install/defaults/main.yml +++ b/playbooks/roles/bifrost-ironic-install/defaults/main.yml @@ -172,9 +172,10 @@ cors_allowed_origin: "http://localhost:8000" # not need to be modified by the user. enable_cors_credential_support: false +ironic_store_ramdisk_logs: true # The path to the directory where the deployment logs should be stored when using # local storage. -ironic_agent_deploy_logs_local_path: "{{ '/'.join([ironic_log_dir, 'deploy']) }}" +ironic_agent_deploy_logs_local_path: /var/log/ironic/deploy # Set this to true to configure dnsmasq to respond to requests from the # hosts in your dynamic inventory. @@ -195,7 +196,7 @@ inspector_debug: true inspector_manage_firewall: false # Set ironic_log_dir to use a non-default log directory for ironic. -ironic_log_dir: /var/log/ironic +#ironic_log_dir: /var/log/ironic # Set inspector_log_dir to use a non-default log directory for inspector. #inspector_log_dir: diff --git a/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml b/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml index 9a92c495b..0e271060c 100644 --- a/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml +++ b/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml @@ -146,16 +146,17 @@ - name: "Generate ironic Configuration" include: ironic_config.yml -- name: "Set permissions on directory for the ironic user" +- name: "Create the log directories (if requested)" file: path: "{{ item }}" state: directory - mode: 0755 + mode: 0700 owner: "ironic" group: "ironic" loop: - - "{{ ironic_log_dir }}" - - "{{ ironic_agent_deploy_logs_local_path }}" + - "{{ ironic_log_dir | default('') }}" + - "{{ ironic_agent_deploy_logs_local_path | default('') }}" + when: item != "" - name: "Create ironic DB Schema" command: ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema @@ -198,29 +199,21 @@ - "/var/lib/ironic/master_images" - "/var/lib/ironic/images" -- name: "Place ironic services on Debian family" +- name: "Place ironic services" template: src: systemd_template.j2 dest: "{{ init_dest_dir }}{{ item.service_name }}.service" owner: "root" group: "root" loop: - - { service_path: "{{ ironic_install_prefix.stdout | default('') }}", service_name: 'ironic-api', username: 'ironic', args: '--config-file /etc/ironic/ironic.conf'} - - { service_path: "{{ ironic_install_prefix.stdout | default('') }}", service_name: 'ironic-conductor', username: 'ironic', args: '--config-file /etc/ironic/ironic.conf'} - when: - - ansible_distribution not in ["CentOS","RedHat"] - -- name: "Place ironic services on RedHat family" - template: - src: systemd_template.j2 - dest: "{{ init_dest_dir }}{{ item.service_name }}.service" - owner: "root" - group: "root" - loop: - - { service_path: "{{ ironic_install_prefix.stdout | default('') }}", service_name: 'ironic-api', username: 'ironic', args: '--config-file /etc/ironic/ironic.conf --log-file {{ ironic_log_dir }}/ironic-api.log'} - - { service_path: "{{ ironic_install_prefix.stdout | default('') }}", service_name: 'ironic-conductor', username: 'ironic', args: '--config-file /etc/ironic/ironic.conf --log-file {{ ironic_log_dir }}/ironic-conductor.log'} - when: - - ansible_distribution in ["CentOS","RedHat"] + - service_path: "{{ ironic_install_prefix.stdout | default('') }}" + service_name: 'ironic-api' + username: 'ironic' + args: '--config-file /etc/ironic/ironic.conf' + - service_path: "{{ ironic_install_prefix.stdout | default('') }}" + service_name: 'ironic-conductor' + username: 'ironic' + args: '--config-file /etc/ironic/ironic.conf' - name: "Create and populate /tftpboot" include: create_tftpboot.yml diff --git a/playbooks/roles/bifrost-ironic-install/templates/ironic.conf.j2 b/playbooks/roles/bifrost-ironic-install/templates/ironic.conf.j2 index 875f9223b..6fe96c83b 100644 --- a/playbooks/roles/bifrost-ironic-install/templates/ironic.conf.j2 +++ b/playbooks/roles/bifrost-ironic-install/templates/ironic.conf.j2 @@ -33,12 +33,15 @@ auth_strategy = keystone auth_strategy = noauth {% endif %} -{% if ironic_log_dir is defined %} +{% if ironic_log_dir | default("") != "" %} log_dir = {{ ironic_log_dir }} {% endif %} -{% if ironic_agent_deploy_logs_local_path | default("") != "/var/log/ironic/deploy" %} [agent] +{% if ironic_store_ramdisk_logs | bool %} +deploy_logs_collect = always +{% endif %} +{% if ironic_agent_deploy_logs_local_path | default("") != "" %} deploy_logs_local_path = {{ ironic_agent_deploy_logs_local_path }} {% endif %} diff --git a/releasenotes/notes/logging-bcc7d552944c94e4.yaml b/releasenotes/notes/logging-bcc7d552944c94e4.yaml new file mode 100644 index 000000000..fe6ebf0d2 --- /dev/null +++ b/releasenotes/notes/logging-bcc7d552944c94e4.yaml @@ -0,0 +1,17 @@ +--- +upgrade: + - | + All services now use *journald* logging by default, ``ironic-api.log`` and + ``ironic-conductor.log`` are no longer populated. Use ``ironic_log_dir`` + and ``inspector_log_dir`` to override. + - | + The ramdisk logs for deploy/cleaning are now by default stored in + ``/var/log/ironic/deploy``. +security: + - | + Uses mode 0700 for the ironic log directories to prevent them from being + world readable. +features: + - | + Deploy/cleaning ramdisk logs are now always stored by default, use + ``ironic_store_ramdisk_logs`` to override. diff --git a/scripts/collect-test-info.sh b/scripts/collect-test-info.sh index bb2184fd8..50b786f5e 100755 --- a/scripts/collect-test-info.sh +++ b/scripts/collect-test-info.sh @@ -56,19 +56,13 @@ mkdir -p ${LOG_LOCATION}/all sudo cp -a /var/log/* ${LOG_LOCATION}/all/. sudo chown -R $USER ${LOG_LOCATION}/all -if $(journalctl --version &>/dev/null); then - sudo journalctl -u libvirtd &> ${LOG_LOCATION}/libvirtd.log - sudo journalctl -u ironic-api &> ${LOG_LOCATION}/ironic-api.log - sudo journalctl -u ironic-conductor &> ${LOG_LOCATION}/ironic-conductor.log - sudo journalctl -u ironic-inspector &> ${LOG_LOCATION}/ironic-inspector.log - sudo journalctl -u dnsmasq &> ${LOG_LOCATION}/dnsmasq.log - sudo journalctl -u vbmcd &> ${LOG_LOCATION}/vbmcd.log -else - sudo cp /var/log/upstart/ironic-api.log ${LOG_LOCATION}/ - sudo cp /var/log/upstart/ironic-conductor.log ${LOG_LOCATION}/ - sudo cp /var/log/upstart/ironic-inspector.log ${LOG_LOCATION}/ - sudo cp /var/log/upstart/libvirtd.log ${LOG_LOCATION}/ -fi +sudo journalctl -u libvirtd &> ${LOG_LOCATION}/libvirtd.log +sudo journalctl -u ironic-api &> ${LOG_LOCATION}/ironic-api.log +sudo journalctl -u ironic-conductor &> ${LOG_LOCATION}/ironic-conductor.log +sudo journalctl -u ironic-inspector &> ${LOG_LOCATION}/ironic-inspector.log +sudo journalctl -u dnsmasq &> ${LOG_LOCATION}/dnsmasq.log +sudo journalctl -u vbmcd &> ${LOG_LOCATION}/vbmcd.log +sudo journalctl -u uwsgi &> ${LOG_LOCATION}/uwsgi.log # Copy PXE information mkdir -p ${LOG_LOCATION}/pxe/