Browse Source

Allow rsyslog to log HAProxy locally

* Install haproxy-logging.cfg numerically before Ubuntu's
  /etc/rsyslog.d/49-haproxy.conf so its logging directives see HAProxy
  logs before they are discarded by 49-haproxy.conf.
* Set owner of /var/log/haproxy to rsyslog's `syslog` user so rsyslog
  can write to it on Ubuntu.
* Limit HAProxy-related rsyslog processing to HAProxy log messages
  instead of any/all log messages with the local0 or local1 facility
  and assuming HAProxy is the only application using those facilities.

Change-Id: Ic259abc281619ba5ee8f020ac68373858a06e94d
Closes-Bug: #1783886
Corey Wright 8 months ago
parent
commit
1e0aa6bf47
5 changed files with 30 additions and 5 deletions
  1. 12
    3
      files/haproxy-logging.cfg
  2. 10
    1
      tasks/haproxy_post_install.yml
  3. 1
    1
      tasks/haproxy_pre_install.yml
  4. 2
    0
      vars/main.yml
  5. 5
    0
      vars/ubuntu.yml

+ 12
- 3
files/haproxy-logging.cfg View File

@@ -1,6 +1,15 @@
1 1
 $ModLoad imudp
2 2
 $UDPServerRun 514
3 3
 $template Haproxy,"%msg%\n"
4
-local0.=info    -/var/log/haproxy/haproxy.log
5
-local1.notice   -/var/log/haproxy/haproxy-status.log
6
-local0.* ~
4
+if $programname startswith 'haproxy' then {
5
+  # Connections are logged at level "info".
6
+  # See https://www.haproxy.org/download/1.6/doc/configuration.txt.
7
+  local0.=info    -/var/log/haproxy/haproxy.log
8
+  # Level "notice" will be used to indicate a server going up,
9
+  # "warning" will be used for termination signals and definitive service
10
+  # termination, and "alert" will be used for when a server goes down.
11
+  # See https://www.haproxy.org/download/1.6/doc/configuration.txt.
12
+  local1.notice   -/var/log/haproxy/haproxy-status.log
13
+  # Discard HAProxy messages to prevent further processing/logging.
14
+  local0.*;local1.* ~
15
+}

+ 10
- 1
tasks/haproxy_post_install.yml View File

@@ -31,10 +31,19 @@
31 31
   tags:
32 32
     - haproxy-base-config
33 33
 
34
+# remove config file from old location (ie releases 14-18)
35
+- name: Delete prior haproxy logging config
36
+  file:
37
+    path: "/etc/rsyslog.d/99-haproxy-local-logging.conf"
38
+    state: absent
39
+  notify: Restart rsyslog
40
+  tags:
41
+    - haproxy-logging-config
42
+
34 43
 - name: Drop haproxy logging config
35 44
   copy:
36 45
     src: "haproxy-logging.cfg"
37
-    dest: "/etc/rsyslog.d/99-haproxy-local-logging.conf"
46
+    dest: "/etc/rsyslog.d/10-haproxy-local-logging.conf"
38 47
   notify: Restart rsyslog
39 48
   tags:
40 49
     - haproxy-logging-config

+ 1
- 1
tasks/haproxy_pre_install.yml View File

@@ -47,7 +47,7 @@
47 47
   file:
48 48
     path: "{{ '/var/log/haproxy' | realpath }}"
49 49
     state: directory
50
-    owner: haproxy
50
+    owner: "{{ haproxy_log_directory_owner }}"
51 51
     group: adm
52 52
     mode: "0755"
53 53
   tags:

+ 2
- 0
vars/main.yml View File

@@ -14,3 +14,5 @@
14 14
 # limitations under the License.
15 15
 
16 16
 haproxy_distro_packages_remove: []
17
+
18
+haproxy_log_directory_owner: haproxy

+ 5
- 0
vars/ubuntu.yml View File

@@ -36,3 +36,8 @@ haproxy_remove_files:
36 36
   - "/etc/apt/preferences.d/haproxy_pin.pref"
37 37
   - "/etc/apt/sources.list.d/haproxy.list"
38 38
   - "/etc/apt/sources.list.d/ppa_launchpad_net_vbernat_haproxy_1_5_ubuntu.list"
39
+
40
+# On Ubuntu 16.04 and 18.04 rsyslog runs as the "syslog" user, so have the
41
+# HAProxy log directory be owned by the same user so that rsyslog can write
42
+# HAProxy's logs to that directory.
43
+haproxy_log_directory_owner: syslog

Loading…
Cancel
Save