Merge "Add systemd journal logging to the service config"

2018-07-28 02:40:48 +00:00 · 2018-07-28 02:40:48 +00:00 · ab512d14dc
commit ab512d14dc
parent cf37e8428f ac9d598d33
10 changed files with 42 additions and 30 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -432,6 +432,7 @@ keystone_pip_packages:
  - PyMySQL
  - python-memcached
  - python-openstackclient
+  - systemd-python
  - uWSGI

 # This variable is used by the repo_build process to determine
--- a/releasenotes/notes/journal-log-ccbb504642b49611.yaml
+++ b/releasenotes/notes/journal-log-ccbb504642b49611.yaml
@ -0,0 +1,9 @@
+---
+deprecations:
+  - The log path, ``/var/log/keystone`` is no longer used to capture service
+    logs. All logging for the Keystone service will now be sent directly to the
+    systmed journal.
+other:
+  - When running keystone with apache(httpd) all apache logs will be stored in
+    the standard apache log directory which is controlled by the distro specific
+    variable ``keystone_apache_default_log_folder``.
--- a/tasks/keystone_pre_install.yml
+++ b/tasks/keystone_pre_install.yml
@ -84,24 +84,3 @@
      - { path: "/etc/ansible/facts.d", owner: root, group: root }
  delegate_to: "{{ item[0] }}"
  when: "inventory_hostname == ansible_play_hosts[0]"
-
- name: Test for log directory or link
-  shell: |
-    if [ -h "/var/log/keystone"  ]; then
-      chown -h {{ keystone_system_user_name }}:{{ keystone_system_group_name }} "/var/log/keystone"
-      chown -R {{ keystone_system_user_name }}:{{ keystone_system_group_name }} "$(readlink /var/log/keystone)"
-    else
-      exit 1
-    fi
-  register: log_dir
-  failed_when: false
-  changed_when: log_dir.rc != 0
-
- name: Create keystone log dir
-  file:
-    path: "/var/log/keystone"
-    state: directory
-    owner: "{{ keystone_system_user_name }}"
-    group: "{{ keystone_system_group_name }}"
-    mode: "0755"
-  when: log_dir.rc != 0
--- a/templates/keystone-httpd.conf.j2
+++ b/templates/keystone-httpd.conf.j2
@ -8,8 +8,9 @@ Listen {{ keystone_service_port }}
    </IfVersion>

    LogLevel  {{  keystone_apache_log_level }}
-    ErrorLog  /var/log/keystone/keystone-apache-error.log
-    CustomLog /var/log/keystone/ssl_access.log {{ keystone_apache_custom_log_format }}
+    # NOTE(Cloudnull): Log files can changed to use "mod_journal" when Apache 2.5 is released
+    ErrorLog  {{ keystone_apache_default_log_folder }}/keystone-apache-error.log
+    CustomLog {{ keystone_apache_default_log_folder }}/ssl_access.log {{ keystone_apache_custom_log_format }}
    Options +FollowSymLinks

    Header set X-Content-Type-Options "nosniff"
@ -76,8 +77,9 @@ Listen {{ keystone_admin_port }}
    </IfVersion>

    LogLevel  {{  keystone_apache_log_level }}
-    ErrorLog  /var/log/keystone/keystone-apache-error.log
-    CustomLog /var/log/keystone/ssl_access.log {{ keystone_apache_custom_log_format }}
+    # NOTE(Cloudnull): Log files can changed to use "mod_journal" when Apache 2.5 is released
+    ErrorLog  {{ keystone_apache_default_log_folder }}/keystone-apache-error.log
+    CustomLog {{ keystone_apache_default_log_folder }}/ssl_access.log {{ keystone_apache_custom_log_format }}
    Options +FollowSymLinks


--- a/templates/keystone.conf.j2
+++ b/templates/keystone.conf.j2
@ -1,6 +1,7 @@
 # {{ ansible_managed }}

 [DEFAULT]
+use_journal = True
 # Disable stderr logging
 use_stderr = False
 debug = {{ debug }}
@ -15,9 +16,6 @@ member_role_name = {{ keystone_default_role_name }}
 secure_proxy_ssl_header = {{ keystone_secure_proxy_ssl_header }}
 {% endif %}

-log_file = keystone.log
-log_dir = /var/log/keystone
-
 ## Oslo.Messaging RPC
 {% if keystone_messaging_enabled | bool %}
 transport_url = {{ keystone_oslomsg_rpc_transport }}://{% for host in keystone_oslomsg_rpc_servers.split(',') %}{{ keystone_oslomsg_rpc_userid }}:{{ keystone_oslomsg_rpc_password }}@{{ host }}:{{ keystone_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ keystone_oslomsg_rpc_vhost }}{% if keystone_oslomsg_rpc_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
--- a/templates/keystone_nginx.conf.j2
+++ b/templates/keystone_nginx.conf.j2
@ -19,8 +19,8 @@ server {
    {{ line }}
    {%- endfor %}

-    access_log  /var/log/nginx/{{ item }}-access.log custom;
-    error_log   /var/log/nginx/{{ item }}-error.log info;
+    error_log   syslog:server=unix:/dev/log;
+    access_log  syslog:server=unix:/dev/log;

    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
--- a/vars/redhat-7.yml
+++ b/vars/redhat-7.yml
@ -28,10 +28,13 @@ keystone_devel_distro_packages:
  - libxslt-devel
  - openldap-devel
  - python-devel
+  - systemd-devel
  - which

 keystone_service_distro_packages:
  - openstack-keystone
+  - python-systemd
+  - python3-systemd
  - uwsgi
  - uwsgi-plugin-python

--- a/vars/suse-42.yml
+++ b/vars/suse-42.yml
@ -27,11 +27,14 @@ keystone_devel_distro_packages:
  - libxml2-devel
  - libxslt-devel
  - openldap2-devel
+  - systemd-devel
+  - pkg-config
  - python-devel
  - which

 keystone_service_distro_packages:
  - openstack-keystone
+  - python-systemd
  - uwsgi
  - uwsgi-python

@ -92,6 +95,9 @@ keystone_apache_modules:
    state: "present"
  - name: "headers"
    state: "present"
+# This can be enabled when Apache2.5+ is available
+#  - name: "mod_journald"
+#    state: "present"

 keystone_nginx_conf_path: 'conf.d'

--- a/vars/ubuntu-16.04.yml
+++ b/vars/ubuntu-16.04.yml
@ -25,13 +25,17 @@ keystone_devel_distro_packages:
  - libjs-underscore
  - libldap2-dev
  - libsasl2-dev
+  - libsystemd-dev
  - libxslt1.1
  - libxslt1-dev
  - libxml2-dev
+  - pkg-config
  - python-dev

 keystone_service_distro_packages:
  - keystone
+  - python-systemd
+  - python3-systemd
  - uwsgi
  - uwsgi-plugin-python

@ -78,6 +82,9 @@ keystone_apache_modules:
    state: "present"
  - name: "headers"
    state: "present"
+# This can be enabled when Apache2.5+ is available
+#  - name: "mod_journald"
+#    state: "present

 keystone_nginx_conf_path: "sites-available"

--- a/vars/ubuntu-18.04.yml
+++ b/vars/ubuntu-18.04.yml
@ -25,13 +25,17 @@ keystone_devel_distro_packages:
  - libjs-underscore
  - libldap2-dev
  - libsasl2-dev
+  - libsystemd-dev
  - libxslt1.1
  - libxslt1-dev
  - libxml2-dev
+  - pkg-config
  - python-dev

 keystone_service_distro_packages:
  - keystone
+  - python-systemd
+  - python3-systemd
  - uwsgi
  - uwsgi-plugin-python

@ -78,6 +82,9 @@ keystone_apache_modules:
    state: "present"
  - name: "headers"
    state: "present"
+# This can be enabled when Apache2.5+ is available
+#  - name: "mod_journald"
+#    state: "present

 keystone_nginx_conf_path: "sites-available"