Add systemd journal logging to the service config

The systemd journal would normally be populated with the standard out of a service however with the use of uwsgi this is not actually happening resulting in us only capturing the logs from the uwsgi process instead of the service itself. This change implements journal logging in the service config, which is part of OSLO logging. OSLO logging docs found here: <https://docs.openstack.org/oslo.log/3.28.1/journal.html> Change-Id: I943bd5f1ac767f83d853cee09a5857f6f9f0efff Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2018-07-24 14:36:09 -05:00 · 2018-07-24 14:36:09 -05:00 · ac9d598d33
commit ac9d598d33
parent a8081d658d
10 changed files with 42 additions and 30 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -432,6 +432,7 @@ keystone_pip_packages:
  - PyMySQL
  - python-memcached
  - python-openstackclient
+  - systemd-python
  - uWSGI

 # This variable is used by the repo_build process to determine
--- a/releasenotes/notes/journal-log-ccbb504642b49611.yaml
+++ b/releasenotes/notes/journal-log-ccbb504642b49611.yaml
@ -0,0 +1,9 @@
+---
+deprecations:
+  - The log path, ``/var/log/keystone`` is no longer used to capture service
+    logs. All logging for the Keystone service will now be sent directly to the
+    systmed journal.
+other:
+  - When running keystone with apache(httpd) all apache logs will be stored in
+    the standard apache log directory which is controlled by the distro specific
+    variable ``keystone_apache_default_log_folder``.
--- a/tasks/keystone_pre_install.yml
+++ b/tasks/keystone_pre_install.yml
@ -84,24 +84,3 @@
      - { path: "/etc/ansible/facts.d", owner: root, group: root }
  delegate_to: "{{ item[0] }}"
  when: "inventory_hostname == ansible_play_hosts[0]"
-
- name: Test for log directory or link
-  shell: |
-    if [ -h "/var/log/keystone"  ]; then
-      chown -h {{ keystone_system_user_name }}:{{ keystone_system_group_name }} "/var/log/keystone"
-      chown -R {{ keystone_system_user_name }}:{{ keystone_system_group_name }} "$(readlink /var/log/keystone)"
-    else
-      exit 1
-    fi
-  register: log_dir
-  failed_when: false
-  changed_when: log_dir.rc != 0
-
- name: Create keystone log dir
-  file:
-    path: "/var/log/keystone"
-    state: directory
-    owner: "{{ keystone_system_user_name }}"
-    group: "{{ keystone_system_group_name }}"
-    mode: "0755"
-  when: log_dir.rc != 0
--- a/templates/keystone-httpd.conf.j2
+++ b/templates/keystone-httpd.conf.j2
@ -8,8 +8,9 @@ Listen {{ keystone_service_port }}
    </IfVersion>

    LogLevel  {{  keystone_apache_log_level }}
-    ErrorLog  /var/log/keystone/keystone-apache-error.log
-    CustomLog /var/log/keystone/ssl_access.log {{ keystone_apache_custom_log_format }}
+    # NOTE(Cloudnull): Log files can changed to use "mod_journal" when Apache 2.5 is released
+    ErrorLog  {{ keystone_apache_default_log_folder }}/keystone-apache-error.log
+    CustomLog {{ keystone_apache_default_log_folder }}/ssl_access.log {{ keystone_apache_custom_log_format }}
    Options +FollowSymLinks

    Header set X-Content-Type-Options "nosniff"
@ -76,8 +77,9 @@ Listen {{ keystone_admin_port }}
    </IfVersion>

    LogLevel  {{  keystone_apache_log_level }}
-    ErrorLog  /var/log/keystone/keystone-apache-error.log
-    CustomLog /var/log/keystone/ssl_access.log {{ keystone_apache_custom_log_format }}
+    # NOTE(Cloudnull): Log files can changed to use "mod_journal" when Apache 2.5 is released
+    ErrorLog  {{ keystone_apache_default_log_folder }}/keystone-apache-error.log
+    CustomLog {{ keystone_apache_default_log_folder }}/ssl_access.log {{ keystone_apache_custom_log_format }}
    Options +FollowSymLinks


--- a/templates/keystone.conf.j2
+++ b/templates/keystone.conf.j2
@ -1,6 +1,7 @@
 # {{ ansible_managed }}

 [DEFAULT]
+use_journal = True
 # Disable stderr logging
 use_stderr = False
 debug = {{ debug }}
@ -15,9 +16,6 @@ member_role_name = {{ keystone_default_role_name }}
 secure_proxy_ssl_header = {{ keystone_secure_proxy_ssl_header }}
 {% endif %}

-log_file = keystone.log
-log_dir = /var/log/keystone
-
 ## Oslo.Messaging RPC
 {% if keystone_messaging_enabled | bool %}
 transport_url = {{ keystone_oslomsg_rpc_transport }}://{% for host in keystone_oslomsg_rpc_servers.split(',') %}{{ keystone_oslomsg_rpc_userid }}:{{ keystone_oslomsg_rpc_password }}@{{ host }}:{{ keystone_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ keystone_oslomsg_rpc_vhost }}{% if keystone_oslomsg_rpc_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
--- a/templates/keystone_nginx.conf.j2
+++ b/templates/keystone_nginx.conf.j2
@ -19,8 +19,8 @@ server {
    {{ line }}
    {%- endfor %}

-    access_log  /var/log/nginx/{{ item }}-access.log custom;
-    error_log   /var/log/nginx/{{ item }}-error.log info;
+    error_log   syslog:server=unix:/dev/log;
+    access_log  syslog:server=unix:/dev/log;

    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
--- a/vars/redhat-7.yml
+++ b/vars/redhat-7.yml
@ -28,10 +28,13 @@ keystone_devel_distro_packages:
  - libxslt-devel
  - openldap-devel
  - python-devel
+  - systemd-devel
  - which

 keystone_service_distro_packages:
  - openstack-keystone
+  - python-systemd
+  - python3-systemd
  - uwsgi
  - uwsgi-plugin-python

--- a/vars/suse-42.yml
+++ b/vars/suse-42.yml
@ -27,11 +27,14 @@ keystone_devel_distro_packages:
  - libxml2-devel
  - libxslt-devel
  - openldap2-devel
+  - systemd-devel
+  - pkg-config
  - python-devel
  - which

 keystone_service_distro_packages:
  - openstack-keystone
+  - python-systemd
  - uwsgi
  - uwsgi-python

@ -92,6 +95,9 @@ keystone_apache_modules:
    state: "present"
  - name: "headers"
    state: "present"
+# This can be enabled when Apache2.5+ is available
+#  - name: "mod_journald"
+#    state: "present"

 keystone_nginx_conf_path: 'conf.d'

--- a/vars/ubuntu-16.04.yml
+++ b/vars/ubuntu-16.04.yml
@ -25,13 +25,17 @@ keystone_devel_distro_packages:
  - libjs-underscore
  - libldap2-dev
  - libsasl2-dev
+  - libsystemd-dev
  - libxslt1.1
  - libxslt1-dev
  - libxml2-dev
+  - pkg-config
  - python-dev

 keystone_service_distro_packages:
  - keystone
+  - python-systemd
+  - python3-systemd
  - uwsgi
  - uwsgi-plugin-python

@ -78,6 +82,9 @@ keystone_apache_modules:
    state: "present"
  - name: "headers"
    state: "present"
+# This can be enabled when Apache2.5+ is available
+#  - name: "mod_journald"
+#    state: "present

 keystone_nginx_conf_path: "sites-available"

--- a/vars/ubuntu-18.04.yml
+++ b/vars/ubuntu-18.04.yml
@ -25,13 +25,17 @@ keystone_devel_distro_packages:
  - libjs-underscore
  - libldap2-dev
  - libsasl2-dev
+  - libsystemd-dev
  - libxslt1.1
  - libxslt1-dev
  - libxml2-dev
+  - pkg-config
  - python-dev

 keystone_service_distro_packages:
  - keystone
+  - python-systemd
+  - python3-systemd
  - uwsgi
  - uwsgi-plugin-python

@ -78,6 +82,9 @@ keystone_apache_modules:
    state: "present"
  - name: "headers"
    state: "present"
+# This can be enabled when Apache2.5+ is available
+#  - name: "mod_journald"
+#    state: "present

 keystone_nginx_conf_path: "sites-available"