ca1a80ab2f
This change allows a user to forward control plane logs directly to Elasticsearch from Fluentd, rather than via the Monasca Log API when Monasca is enabled. The Monasca Log API can continue to handle tenant logs. For many use cases this is simpler, reduces resource consumption and helps to decouple control plane logging services from tenant logging services. It may not always be desired, so is optional and off by default. Change-Id: I195e8e4b73ca8f573737355908eb30a3ef13b0d6
283 lines
11 KiB
YAML
283 lines
11 KiB
YAML
---
|
|
- name: Ensuring config directories exist
|
|
vars:
|
|
service_name: "{{ item.0.service_name }}"
|
|
service: "{{ common_services[service_name] }}"
|
|
file:
|
|
path: "{{ node_config_directory }}/{{ item.1 }}"
|
|
state: "directory"
|
|
owner: "{{ config_owner_user }}"
|
|
group: "{{ config_owner_group }}"
|
|
mode: "0770"
|
|
become: true
|
|
with_subelements:
|
|
- - service_name: "cron"
|
|
paths:
|
|
- "cron"
|
|
- "cron/logrotate"
|
|
- service_name: "fluentd"
|
|
paths:
|
|
- "fluentd"
|
|
- service_name: "kolla-toolbox"
|
|
paths:
|
|
- "kolla-toolbox"
|
|
- paths
|
|
when: service | service_enabled_and_mapped_to_host
|
|
|
|
- name: Ensure fluentd image is present for label check
|
|
vars:
|
|
service_name: "fluentd"
|
|
service: "{{ common_services[service_name] }}"
|
|
become: true
|
|
kolla_docker:
|
|
action: "ensure_image"
|
|
common_options: "{{ docker_common_options }}"
|
|
image: "{{ service.image }}"
|
|
when: service | service_enabled_and_mapped_to_host
|
|
|
|
- name: Fetch fluentd image labels
|
|
vars:
|
|
service_name: "fluentd"
|
|
service: "{{ common_services[service_name] }}"
|
|
become: true
|
|
docker_image_info:
|
|
name: "{{ service.image }}"
|
|
register: fluentd_labels
|
|
when: service | service_enabled_and_mapped_to_host
|
|
|
|
- name: Set fluentd facts
|
|
set_fact:
|
|
fluentd_binary: "{{ fluentd_labels.images.0.ContainerConfig.Labels.fluentd_binary }}"
|
|
when: common_services.fluentd | service_enabled_and_mapped_to_host
|
|
|
|
- include_tasks: copy-certs.yml
|
|
when:
|
|
- kolla_copy_ca_into_containers | bool
|
|
|
|
- name: Copying over config.json files for services
|
|
template:
|
|
src: "{{ item.key }}.json.j2"
|
|
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
|
|
mode: "0660"
|
|
become: true
|
|
when: item.value | service_enabled_and_mapped_to_host
|
|
with_dict: "{{ common_services }}"
|
|
notify:
|
|
- "Restart {{ item.key }} container"
|
|
|
|
- name: Find custom fluentd input config files
|
|
find:
|
|
path: "{{ node_custom_config }}/fluentd/input"
|
|
pattern: "*.conf"
|
|
run_once: True
|
|
register: find_custom_fluentd_inputs
|
|
delegate_to: localhost
|
|
when: common_services.fluentd.enabled | bool
|
|
|
|
- name: Find custom fluentd filter config files
|
|
find:
|
|
path: "{{ node_custom_config }}/fluentd/filter"
|
|
pattern: "*.conf"
|
|
run_once: True
|
|
register: find_custom_fluentd_filters
|
|
delegate_to: localhost
|
|
when: common_services.fluentd.enabled | bool
|
|
|
|
- name: Find custom fluentd format config files
|
|
find:
|
|
path: "{{ node_custom_config }}/fluentd/format"
|
|
pattern: "*.conf"
|
|
run_once: True
|
|
register: find_custom_fluentd_formats
|
|
delegate_to: localhost
|
|
when: common_services.fluentd.enabled | bool
|
|
|
|
- name: Find custom fluentd output config files
|
|
find:
|
|
path: "{{ node_custom_config }}/fluentd/output"
|
|
pattern: "*.conf"
|
|
run_once: True
|
|
register: find_custom_fluentd_outputs
|
|
delegate_to: localhost
|
|
when: common_services.fluentd.enabled | bool
|
|
|
|
- name: Copying over td-agent.conf
|
|
vars:
|
|
log_direct_to_elasticsearch: >-
|
|
{{ ( enable_elasticsearch | bool or
|
|
( elasticsearch_address != kolla_internal_vip_address )) and
|
|
( not enable_monasca | bool or not monasca_ingest_control_plane_logs | bool ) }}
|
|
fluentd_version: "{{ fluentd_labels.images.0.ContainerConfig.Labels.fluentd_version | default('0.12') }}"
|
|
# Inputs
|
|
fluentd_input_files: "{{ default_input_files | customise_fluentd(customised_input_files) }}"
|
|
default_input_files:
|
|
- "conf/input/00-global.conf.j2"
|
|
- "conf/input/01-syslog.conf.j2"
|
|
- "conf/input/02-mariadb.conf.j2"
|
|
- "conf/input/03-rabbitmq.conf.j2"
|
|
- "conf/input/04-openstack-wsgi.conf.j2"
|
|
- "conf/input/05-libvirt.conf.j2"
|
|
- "conf/input/06-zookeeper.conf.j2"
|
|
- "conf/input/07-kafka.conf.j2"
|
|
- "conf/input/09-monasca.conf.j2"
|
|
customised_input_files: "{{ find_custom_fluentd_inputs.files | map(attribute='path') | list }}"
|
|
# Filters
|
|
fluentd_filter_files: "{{ default_filter_files | customise_fluentd(customised_filter_files) }}"
|
|
default_filter_files:
|
|
- "conf/filter/00-record_transformer.conf.j2"
|
|
- "conf/filter/{{ '01-rewrite-0.14' if fluentd_version == '0.14' else '01-rewrite-0.12' }}.conf.j2"
|
|
- "conf/filter/02-parser.conf.j2"
|
|
customised_filter_files: "{{ find_custom_fluentd_filters.files | map(attribute='path') | list }}"
|
|
# Formats
|
|
fluentd_format_files: "{{ default_format_files | customise_fluentd(customised_format_files) }}"
|
|
default_format_files:
|
|
- "conf/format/apache_access.conf.j2"
|
|
- "conf/format/wsgi_access.conf.j2"
|
|
customised_format_files: "{{ find_custom_fluentd_formats.files | map(attribute='path') | list }}"
|
|
# Outputs
|
|
fluentd_output_files: "{{ default_output_files_enabled | customise_fluentd(customised_output_files) }}"
|
|
default_output_files_enabled: "{{ default_output_files | selectattr('enabled') | map(attribute='name') | list }}"
|
|
default_output_files:
|
|
- name: "conf/output/00-local.conf.j2"
|
|
enabled: true
|
|
- name: "conf/output/01-es.conf.j2"
|
|
enabled: "{{ log_direct_to_elasticsearch }}"
|
|
- name: "conf/output/02-monasca.conf.j2"
|
|
enabled: "{{ enable_monasca | bool and monasca_ingest_control_plane_logs | bool }}"
|
|
customised_output_files: "{{ find_custom_fluentd_outputs.files | map(attribute='path') | list }}"
|
|
template:
|
|
src: "td-agent.conf.j2"
|
|
dest: "{{ node_config_directory }}/fluentd/td-agent.conf"
|
|
mode: "0660"
|
|
become: true
|
|
when:
|
|
- common_services.fluentd | service_enabled_and_mapped_to_host
|
|
notify:
|
|
- Restart fluentd container
|
|
|
|
- name: Copying over cron logrotate config file
|
|
vars:
|
|
cron_logrotate_enabled_services: >-
|
|
{{ cron_logrotate_services |
|
|
selectattr('enabled') |
|
|
map(attribute='name') |
|
|
list }}
|
|
cron_logrotate_services:
|
|
- { name: "ansible", enabled: "yes" }
|
|
- { name: "aodh", enabled: "{{ enable_aodh | bool }}" }
|
|
- { name: "barbican", enabled: "{{ enable_barbican | bool }}" }
|
|
- { name: "blazar", enabled: "{{ enable_blazar | bool }}" }
|
|
- { name: "ceilometer", enabled: "{{ enable_ceilometer | bool }}" }
|
|
- { name: "chrony", enabled: "{{ enable_chrony | bool }}" }
|
|
- { name: "cinder", enabled: "{{ enable_cinder | bool }}" }
|
|
- { name: "cloudkitty", enabled: "{{ enable_cloudkitty | bool }}" }
|
|
- { name: "collectd", enabled: "{{ enable_collectd | bool }}" }
|
|
- { name: "cyborg", enabled: "{{ enable_cyborg | bool }}" }
|
|
- { name: "designate", enabled: "{{ enable_designate | bool }}" }
|
|
- { name: "elasticsearch", enabled: "{{ enable_elasticsearch | bool }}" }
|
|
- { name: "etcd", enabled: "{{ enable_etcd | bool }}" }
|
|
- { name: "fluentd", enabled: "{{ enable_fluentd | bool }}" }
|
|
- { name: "freezer", enabled: "{{ enable_freezer | bool }}" }
|
|
- { name: "glance", enabled: "{{ enable_glance | bool }}" }
|
|
- { name: "glance-tls-proxy", enabled: "{{ glance_enable_tls_backend | bool }}" }
|
|
- { name: "gnocchi", enabled: "{{ enable_gnocchi | bool }}" }
|
|
- { name: "grafana", enabled: "{{ enable_grafana | bool }}" }
|
|
- { name: "haproxy", enabled: "{{ enable_haproxy | bool }}" }
|
|
- { name: "heat", enabled: "{{ enable_heat | bool }}" }
|
|
- { name: "horizon", enabled: "{{ enable_horizon | bool }}" }
|
|
- { name: "influxdb", enabled: "{{ enable_influxdb | bool }}" }
|
|
- { name: "ironic", enabled: "{{ enable_ironic | bool }}" }
|
|
- { name: "ironic-inspector", enabled: "{{ enable_ironic | bool }}" }
|
|
- { name: "iscsid", enabled: "{{ enable_iscsid | bool }}" }
|
|
- { name: "kafka", enabled: "{{ enable_kafka | bool }}" }
|
|
- { name: "keepalived", enabled: "{{ enable_haproxy | bool }}" }
|
|
- { name: "keystone", enabled: "{{ enable_keystone | bool }}" }
|
|
- { name: "kibana", enabled: "{{ enable_kibana | bool }}" }
|
|
- { name: "kuryr", enabled: "{{ enable_kuryr | bool }}" }
|
|
- { name: "magnum", enabled: "{{ enable_magnum | bool }}" }
|
|
- { name: "manila", enabled: "{{ enable_manila | bool }}" }
|
|
- { name: "mariadb", enabled: "{{ enable_mariadb | bool }}" }
|
|
- { name: "masakari", enabled: "{{ enable_masakari | bool }}" }
|
|
- { name: "mistral", enabled: "{{ enable_mistral | bool }}" }
|
|
- { name: "monasca", enabled: "{{ enable_monasca | bool }}" }
|
|
- { name: "murano", enabled: "{{ enable_murano | bool }}" }
|
|
- { name: "neutron", enabled: "{{ enable_neutron | bool }}" }
|
|
- { name: "neutron-tls-proxy", enabled: "{{ neutron_enable_tls_backend |
|
|
bool }}" }
|
|
- { name: "nova", enabled: "{{ enable_nova | bool }}" }
|
|
- { name: "octavia", enabled: "{{ enable_octavia | bool }}" }
|
|
- { name: "outward-rabbitmq", enabled: "{{ enable_outward_rabbitmq | bool }}" }
|
|
- { name: "panko", enabled: "{{ enable_panko | bool }}" }
|
|
- { name: "rabbitmq", enabled: "{{ enable_rabbitmq | bool }}" }
|
|
- { name: "rally", enabled: "{{ enable_rally | bool }}" }
|
|
- { name: "sahara", enabled: "{{ enable_sahara | bool }}" }
|
|
- { name: "senlin", enabled: "{{ enable_senlin | bool }}" }
|
|
- { name: "skydive", enabled: "{{ enable_skydive | bool }}" }
|
|
- { name: "solum", enabled: "{{ enable_solum | bool }}" }
|
|
- { name: "storm", enabled: "{{ enable_storm | bool }}" }
|
|
- { name: "swift", enabled: "{{ enable_swift | bool }}" }
|
|
- { name: "tacker", enabled: "{{ enable_tacker | bool }}" }
|
|
- { name: "tempest", enabled: "{{ enable_tempest | bool }}" }
|
|
- { name: "trove", enabled: "{{ enable_trove | bool }}" }
|
|
- { name: "vitrage", enabled: "{{ enable_vitrage | bool }}" }
|
|
- { name: "watcher", enabled: "{{ enable_watcher | bool }}" }
|
|
- { name: "zookeeper", enabled: "{{ enable_zookeeper | bool }}" }
|
|
- { name: "zun", enabled: "{{ enable_zun | bool }}" }
|
|
template:
|
|
src: "cron-logrotate-global.conf.j2"
|
|
dest: "{{ node_config_directory }}/cron/logrotate.conf"
|
|
mode: "0660"
|
|
become: true
|
|
when:
|
|
- common_services.cron | service_enabled_and_mapped_to_host
|
|
notify:
|
|
- Restart cron container
|
|
|
|
- name: Ensure RabbitMQ Erlang cookie exists
|
|
become: true
|
|
copy:
|
|
content: "{{ rabbitmq_cluster_cookie }}"
|
|
dest: "{{ node_config_directory }}/kolla-toolbox/rabbitmq-erlang.cookie"
|
|
mode: "0660"
|
|
when:
|
|
- common_services['kolla-toolbox'] | service_enabled_and_mapped_to_host
|
|
- enable_rabbitmq | bool
|
|
notify:
|
|
- Restart kolla-toolbox container
|
|
|
|
- name: Ensuring config directories have correct owner and permission
|
|
become: true
|
|
file:
|
|
path: "{{ node_config_directory }}/{{ item.key }}"
|
|
owner: "{{ config_owner_user }}"
|
|
group: "{{ config_owner_group }}"
|
|
mode: "0770"
|
|
ignore_errors: "{{ ansible_check_mode }}"
|
|
when:
|
|
- item.value | service_enabled_and_mapped_to_host
|
|
- item.key != "kolla-toolbox"
|
|
with_dict: "{{ common_services }}"
|
|
|
|
- name: Copy rabbitmq-env.conf to kolla toolbox
|
|
copy:
|
|
content: |
|
|
RABBITMQ_CTL_ERL_ARGS="-proto_dist inet6_tcp"
|
|
export ERL_INETRC=/etc/rabbitmq/erl_inetrc
|
|
dest: "{{ node_config_directory }}/kolla-toolbox/rabbitmq-env.conf"
|
|
mode: "0600"
|
|
become: true
|
|
when:
|
|
- common_services['kolla-toolbox'] | service_enabled_and_mapped_to_host
|
|
- api_address_family == "ipv6"
|
|
|
|
- name: Copy rabbitmq erl_intr to kolla toolbox
|
|
copy:
|
|
content: |
|
|
{inet6,true}.
|
|
dest: "{{ node_config_directory }}/kolla-toolbox/erl_inetrc"
|
|
mode: "0600"
|
|
become: true
|
|
when:
|
|
- common_services['kolla-toolbox'] | service_enabled_and_mapped_to_host
|
|
- api_address_family == "ipv6"
|