diff --git a/docker/fluentd/Dockerfile.j2 b/docker/fluentd/Dockerfile.j2 index c823b8715a..7f0820e52c 100644 --- a/docker/fluentd/Dockerfile.j2 +++ b/docker/fluentd/Dockerfile.j2 @@ -5,27 +5,48 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build {% import "macros.j2" as macros with context %} -{{ macros.configure_user(name='td-agent', groups='mysql') }} - {% if base_distro in ['centos', 'oraclelinux', 'rhel'] %} + {{ macros.configure_user(name='fluentd', groups='mysql') }} +# TODO:remove hostname package as it should be installed by the +# fluentd dependencies. +# hostname package is installed by default on CentOS/RHEL but not on +# oraclelinux. + {% set fluentd_packages = [ + 'fluentd', 'gcc-c++', + 'hostname', 'make', - 'td-agent' + 'ruby-devel' ] %} {% elif base_distro in ['debian', 'ubuntu'] %} - + {{ macros.configure_user(name='td-agent', groups='mysql') }} {% set fluentd_packages = [ 'g++', 'make', 'td-agent' ] %} + {% endif %} {{ macros.install_packages(fluentd_packages | customizable("packages")) }} +{% block fluentd_plugins_install %} + +{% if base_distro in ['centos', 'oraclelinux', 'rhel'] %} +COPY rpm_fluentd_sudoers /etc/sudoers.d/kolla_fluentd_sudoers +COPY extend_start.sh /usr/local/bin/kolla_extend_start + +RUN ulimit -n 65536 \ + && gem install --minimal-deps activesupport:4.2.9 fluent-plugin-parser fluent-plugin-kubernetes_metadata_filter fluent-plugin-elasticsearch fluent-plugin-grep fluent-plugin-grok-parser:0.3.1 fluent-plugin-rewrite-tag-filter \ + && chmod -R 440 /etc/sudoers.d/kolla_fluentd_sudoers \ + && chmod 755 /usr/local/bin/kolla_extend_start \ + && mkdir -p /var/run/fluentd \ + && chown -R fluentd: /etc/fluentd /var/run/fluentd + +{% elif base_distro in ['debian', 'ubuntu'] %} # NOTE: We use fluentd version is v12.0 so fluent-plugin-grok-parse version should < 1.0.0. # https://github.com/fluent/fluent-plugin-grok-parser RUN ulimit -n 65536 \ @@ -40,7 +61,15 @@ RUN chmod 440 /etc/sudoers.d/kolla_fluentd_sudoers \ && chmod 755 /usr/local/bin/kolla_extend_start \ && chown -R td-agent: /etc/td-agent +{% endif %} + +{% endblock %} + {% block fluentd_footer %}{% endblock %} {% block footer %}{% endblock %} +{% if base_distro in ['centos', 'oraclelinux', 'rhel'] %} +USER fluentd +{% elif base_distro in ['debian', 'ubuntu'] %} USER td-agent +{% endif %} diff --git a/docker/fluentd/extend_start.sh b/docker/fluentd/extend_start.sh index bcdbed09df..b2ace498e4 100644 --- a/docker/fluentd/extend_start.sh +++ b/docker/fluentd/extend_start.sh @@ -5,12 +5,24 @@ # # Also set the setgid permission on the /var/log/kolla directory so that new # files and sub-directories in that directory inherit its group id ("kolla"). -if [[ $(stat -c %U:%G /var/log/kolla) != "td-agent:kolla" ]]; then - sudo chown td-agent:kolla /var/log/kolla + +if [[ "${KOLLA_BASE_DISTRO}" =~ debian|ubuntu ]]; then + USERGROUP="td-agent:kolla" + FLUENTD="td-agent" +else + USERGROUP="fluentd:kolla" + FLUENTD="fluentd" +fi + +if [ ! -d /var/log/kolla ]; then + mkdir -p /var/log/kolla +fi +if [[ $(stat -c %U:%G /var/log/kolla) != "${USERGROUP}" ]]; then + sudo chown ${USERGROUP} /var/log/kolla fi if [[ $(stat -c %a /var/log/kolla) != "2775" ]]; then sudo chmod 2775 /var/log/kolla fi -if [[ $(stat -c %U:%G /var/lib/td-agent) != "td-agent:kolla" ]]; then - sudo chown td-agent:kolla /var/lib/td-agent +if [[ $(stat -c %U:%G /var/lib/${FLUENTD}) != "${USERGROUP}" ]]; then + sudo chown ${USERGROUP} /var/lib/${FLUENTD} fi diff --git a/docker/fluentd/rpm_fluentd_sudoers b/docker/fluentd/rpm_fluentd_sudoers new file mode 100644 index 0000000000..b6a50f563f --- /dev/null +++ b/docker/fluentd/rpm_fluentd_sudoers @@ -0,0 +1,4 @@ +%kolla ALL=(root) NOPASSWD: /bin/chown fluentd\:kolla /var/log/kolla, /usr/bin/chown fluentd\:kolla /var/log/kolla +%kolla ALL=(root) NOPASSWD: /bin/chown fluentd\:kolla /var/lib/fluentd, /usr/bin/chown fluentd\:kolla /var/lib/fluentd +%kolla ALL=(root) NOPASSWD: /bin/chmod 2775 /var/log/kolla, /usr/bin/chmod 2775 /var/log/kolla +%kolla ALL=(root) NOPASSWD: /bin/chmod 2775 /var/lib/fluentd, /usr/bin/chmod 2775 /var/lib/fluentd diff --git a/kolla/common/config.py b/kolla/common/config.py index 811a06de6b..5bd1382887 100755 --- a/kolla/common/config.py +++ b/kolla/common/config.py @@ -931,6 +931,10 @@ USERS = { 'uid': 42473, # unused user, but we need the group for socket access 'gid': 42473, }, + 'fluentd-user': { + 'uid': 42474, + 'gid': 42474, + } }