From ac9d598d33f30758e3a7852647f668fe15297565 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Tue, 24 Jul 2018 14:36:09 -0500 Subject: [PATCH] Add systemd journal logging to the service config The systemd journal would normally be populated with the standard out of a service however with the use of uwsgi this is not actually happening resulting in us only capturing the logs from the uwsgi process instead of the service itself. This change implements journal logging in the service config, which is part of OSLO logging. OSLO logging docs found here: Change-Id: I943bd5f1ac767f83d853cee09a5857f6f9f0efff Signed-off-by: Kevin Carter --- defaults/main.yml | 1 + .../notes/journal-log-ccbb504642b49611.yaml | 9 ++++++++ tasks/keystone_pre_install.yml | 21 ------------------- templates/keystone-httpd.conf.j2 | 10 +++++---- templates/keystone.conf.j2 | 4 +--- templates/keystone_nginx.conf.j2 | 4 ++-- vars/redhat-7.yml | 3 +++ vars/suse-42.yml | 6 ++++++ vars/ubuntu-16.04.yml | 7 +++++++ vars/ubuntu-18.04.yml | 7 +++++++ 10 files changed, 42 insertions(+), 30 deletions(-) create mode 100644 releasenotes/notes/journal-log-ccbb504642b49611.yaml diff --git a/defaults/main.yml b/defaults/main.yml index 916a6be1..1476ff23 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -432,6 +432,7 @@ keystone_pip_packages: - PyMySQL - python-memcached - python-openstackclient + - systemd-python - uWSGI # This variable is used by the repo_build process to determine diff --git a/releasenotes/notes/journal-log-ccbb504642b49611.yaml b/releasenotes/notes/journal-log-ccbb504642b49611.yaml new file mode 100644 index 00000000..c97b7c97 --- /dev/null +++ b/releasenotes/notes/journal-log-ccbb504642b49611.yaml @@ -0,0 +1,9 @@ +--- +deprecations: + - The log path, ``/var/log/keystone`` is no longer used to capture service + logs. All logging for the Keystone service will now be sent directly to the + systmed journal. +other: + - When running keystone with apache(httpd) all apache logs will be stored in + the standard apache log directory which is controlled by the distro specific + variable ``keystone_apache_default_log_folder``. diff --git a/tasks/keystone_pre_install.yml b/tasks/keystone_pre_install.yml index 119de80f..c2f765b8 100644 --- a/tasks/keystone_pre_install.yml +++ b/tasks/keystone_pre_install.yml @@ -84,24 +84,3 @@ - { path: "/etc/ansible/facts.d", owner: root, group: root } delegate_to: "{{ item[0] }}" when: "inventory_hostname == ansible_play_hosts[0]" - -- name: Test for log directory or link - shell: | - if [ -h "/var/log/keystone" ]; then - chown -h {{ keystone_system_user_name }}:{{ keystone_system_group_name }} "/var/log/keystone" - chown -R {{ keystone_system_user_name }}:{{ keystone_system_group_name }} "$(readlink /var/log/keystone)" - else - exit 1 - fi - register: log_dir - failed_when: false - changed_when: log_dir.rc != 0 - -- name: Create keystone log dir - file: - path: "/var/log/keystone" - state: directory - owner: "{{ keystone_system_user_name }}" - group: "{{ keystone_system_group_name }}" - mode: "0755" - when: log_dir.rc != 0 diff --git a/templates/keystone-httpd.conf.j2 b/templates/keystone-httpd.conf.j2 index a04037b1..9b563a30 100644 --- a/templates/keystone-httpd.conf.j2 +++ b/templates/keystone-httpd.conf.j2 @@ -8,8 +8,9 @@ Listen {{ keystone_service_port }} LogLevel {{ keystone_apache_log_level }} - ErrorLog /var/log/keystone/keystone-apache-error.log - CustomLog /var/log/keystone/ssl_access.log {{ keystone_apache_custom_log_format }} + # NOTE(Cloudnull): Log files can changed to use "mod_journal" when Apache 2.5 is released + ErrorLog {{ keystone_apache_default_log_folder }}/keystone-apache-error.log + CustomLog {{ keystone_apache_default_log_folder }}/ssl_access.log {{ keystone_apache_custom_log_format }} Options +FollowSymLinks Header set X-Content-Type-Options "nosniff" @@ -76,8 +77,9 @@ Listen {{ keystone_admin_port }} LogLevel {{ keystone_apache_log_level }} - ErrorLog /var/log/keystone/keystone-apache-error.log - CustomLog /var/log/keystone/ssl_access.log {{ keystone_apache_custom_log_format }} + # NOTE(Cloudnull): Log files can changed to use "mod_journal" when Apache 2.5 is released + ErrorLog {{ keystone_apache_default_log_folder }}/keystone-apache-error.log + CustomLog {{ keystone_apache_default_log_folder }}/ssl_access.log {{ keystone_apache_custom_log_format }} Options +FollowSymLinks diff --git a/templates/keystone.conf.j2 b/templates/keystone.conf.j2 index 2a4bcbe2..320ee480 100644 --- a/templates/keystone.conf.j2 +++ b/templates/keystone.conf.j2 @@ -1,6 +1,7 @@ # {{ ansible_managed }} [DEFAULT] +use_journal = True # Disable stderr logging use_stderr = False debug = {{ debug }} @@ -15,9 +16,6 @@ member_role_name = {{ keystone_default_role_name }} secure_proxy_ssl_header = {{ keystone_secure_proxy_ssl_header }} {% endif %} -log_file = keystone.log -log_dir = /var/log/keystone - ## Oslo.Messaging RPC {% if keystone_messaging_enabled | bool %} transport_url = {{ keystone_oslomsg_rpc_transport }}://{% for host in keystone_oslomsg_rpc_servers.split(',') %}{{ keystone_oslomsg_rpc_userid }}:{{ keystone_oslomsg_rpc_password }}@{{ host }}:{{ keystone_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ keystone_oslomsg_rpc_vhost }}{% if keystone_oslomsg_rpc_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} diff --git a/templates/keystone_nginx.conf.j2 b/templates/keystone_nginx.conf.j2 index 7c3a12cb..13f85821 100644 --- a/templates/keystone_nginx.conf.j2 +++ b/templates/keystone_nginx.conf.j2 @@ -19,8 +19,8 @@ server { {{ line }} {%- endfor %} - access_log /var/log/nginx/{{ item }}-access.log custom; - error_log /var/log/nginx/{{ item }}-error.log info; + error_log syslog:server=unix:/dev/log; + access_log syslog:server=unix:/dev/log; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml index adf744ec..695d6ba8 100644 --- a/vars/redhat-7.yml +++ b/vars/redhat-7.yml @@ -28,10 +28,13 @@ keystone_devel_distro_packages: - libxslt-devel - openldap-devel - python-devel + - systemd-devel - which keystone_service_distro_packages: - openstack-keystone + - python-systemd + - python3-systemd - uwsgi - uwsgi-plugin-python diff --git a/vars/suse-42.yml b/vars/suse-42.yml index 99fe70b6..80b3f1e4 100644 --- a/vars/suse-42.yml +++ b/vars/suse-42.yml @@ -27,11 +27,14 @@ keystone_devel_distro_packages: - libxml2-devel - libxslt-devel - openldap2-devel + - systemd-devel + - pkg-config - python-devel - which keystone_service_distro_packages: - openstack-keystone + - python-systemd - uwsgi - uwsgi-python @@ -92,6 +95,9 @@ keystone_apache_modules: state: "present" - name: "headers" state: "present" +# This can be enabled when Apache2.5+ is available +# - name: "mod_journald" +# state: "present" keystone_nginx_conf_path: 'conf.d' diff --git a/vars/ubuntu-16.04.yml b/vars/ubuntu-16.04.yml index fcad02fe..c4220721 100644 --- a/vars/ubuntu-16.04.yml +++ b/vars/ubuntu-16.04.yml @@ -25,13 +25,17 @@ keystone_devel_distro_packages: - libjs-underscore - libldap2-dev - libsasl2-dev + - libsystemd-dev - libxslt1.1 - libxslt1-dev - libxml2-dev + - pkg-config - python-dev keystone_service_distro_packages: - keystone + - python-systemd + - python3-systemd - uwsgi - uwsgi-plugin-python @@ -78,6 +82,9 @@ keystone_apache_modules: state: "present" - name: "headers" state: "present" +# This can be enabled when Apache2.5+ is available +# - name: "mod_journald" +# state: "present keystone_nginx_conf_path: "sites-available" diff --git a/vars/ubuntu-18.04.yml b/vars/ubuntu-18.04.yml index e9a10206..76f5a610 100644 --- a/vars/ubuntu-18.04.yml +++ b/vars/ubuntu-18.04.yml @@ -25,13 +25,17 @@ keystone_devel_distro_packages: - libjs-underscore - libldap2-dev - libsasl2-dev + - libsystemd-dev - libxslt1.1 - libxslt1-dev - libxml2-dev + - pkg-config - python-dev keystone_service_distro_packages: - keystone + - python-systemd + - python3-systemd - uwsgi - uwsgi-plugin-python @@ -78,6 +82,9 @@ keystone_apache_modules: state: "present" - name: "headers" state: "present" +# This can be enabled when Apache2.5+ is available +# - name: "mod_journald" +# state: "present keystone_nginx_conf_path: "sites-available"