Allow rsyslog to log HAProxy locally
* Install haproxy-logging.cfg numerically before Ubuntu's /etc/rsyslog.d/49-haproxy.conf so its logging directives see HAProxy logs before they are discarded by 49-haproxy.conf. * Set owner of /var/log/haproxy to rsyslog's `syslog` user so rsyslog can write to it on Ubuntu. * Limit HAProxy-related rsyslog processing to HAProxy log messages instead of any/all log messages with the local0 or local1 facility and assuming HAProxy is the only application using those facilities. Change-Id: Ic259abc281619ba5ee8f020ac68373858a06e94d Closes-Bug: #1783886
This commit is contained in:
parent
7015fc3dbb
commit
1e0aa6bf47
|
@ -1,6 +1,15 @@
|
||||||
$ModLoad imudp
|
$ModLoad imudp
|
||||||
$UDPServerRun 514
|
$UDPServerRun 514
|
||||||
$template Haproxy,"%msg%\n"
|
$template Haproxy,"%msg%\n"
|
||||||
local0.=info -/var/log/haproxy/haproxy.log
|
if $programname startswith 'haproxy' then {
|
||||||
local1.notice -/var/log/haproxy/haproxy-status.log
|
# Connections are logged at level "info".
|
||||||
local0.* ~
|
# See https://www.haproxy.org/download/1.6/doc/configuration.txt.
|
||||||
|
local0.=info -/var/log/haproxy/haproxy.log
|
||||||
|
# Level "notice" will be used to indicate a server going up,
|
||||||
|
# "warning" will be used for termination signals and definitive service
|
||||||
|
# termination, and "alert" will be used for when a server goes down.
|
||||||
|
# See https://www.haproxy.org/download/1.6/doc/configuration.txt.
|
||||||
|
local1.notice -/var/log/haproxy/haproxy-status.log
|
||||||
|
# Discard HAProxy messages to prevent further processing/logging.
|
||||||
|
local0.*;local1.* ~
|
||||||
|
}
|
||||||
|
|
|
@ -31,10 +31,19 @@
|
||||||
tags:
|
tags:
|
||||||
- haproxy-base-config
|
- haproxy-base-config
|
||||||
|
|
||||||
|
# remove config file from old location (ie releases 14-18)
|
||||||
|
- name: Delete prior haproxy logging config
|
||||||
|
file:
|
||||||
|
path: "/etc/rsyslog.d/99-haproxy-local-logging.conf"
|
||||||
|
state: absent
|
||||||
|
notify: Restart rsyslog
|
||||||
|
tags:
|
||||||
|
- haproxy-logging-config
|
||||||
|
|
||||||
- name: Drop haproxy logging config
|
- name: Drop haproxy logging config
|
||||||
copy:
|
copy:
|
||||||
src: "haproxy-logging.cfg"
|
src: "haproxy-logging.cfg"
|
||||||
dest: "/etc/rsyslog.d/99-haproxy-local-logging.conf"
|
dest: "/etc/rsyslog.d/10-haproxy-local-logging.conf"
|
||||||
notify: Restart rsyslog
|
notify: Restart rsyslog
|
||||||
tags:
|
tags:
|
||||||
- haproxy-logging-config
|
- haproxy-logging-config
|
||||||
|
|
|
@ -47,7 +47,7 @@
|
||||||
file:
|
file:
|
||||||
path: "{{ '/var/log/haproxy' | realpath }}"
|
path: "{{ '/var/log/haproxy' | realpath }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: haproxy
|
owner: "{{ haproxy_log_directory_owner }}"
|
||||||
group: adm
|
group: adm
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -14,3 +14,5 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
haproxy_distro_packages_remove: []
|
haproxy_distro_packages_remove: []
|
||||||
|
|
||||||
|
haproxy_log_directory_owner: haproxy
|
||||||
|
|
|
@ -36,3 +36,8 @@ haproxy_remove_files:
|
||||||
- "/etc/apt/preferences.d/haproxy_pin.pref"
|
- "/etc/apt/preferences.d/haproxy_pin.pref"
|
||||||
- "/etc/apt/sources.list.d/haproxy.list"
|
- "/etc/apt/sources.list.d/haproxy.list"
|
||||||
- "/etc/apt/sources.list.d/ppa_launchpad_net_vbernat_haproxy_1_5_ubuntu.list"
|
- "/etc/apt/sources.list.d/ppa_launchpad_net_vbernat_haproxy_1_5_ubuntu.list"
|
||||||
|
|
||||||
|
# On Ubuntu 16.04 and 18.04 rsyslog runs as the "syslog" user, so have the
|
||||||
|
# HAProxy log directory be owned by the same user so that rsyslog can write
|
||||||
|
# HAProxy's logs to that directory.
|
||||||
|
haproxy_log_directory_owner: syslog
|
||||||
|
|
Loading…
Reference in New Issue