Add Apache WSGI logging parameters for pipe/syslog

Add parameters for advanced logging configurations in Apache to
support piped logging and support for syslog (via mod_syslog
available in Apache >= 2.5.0)

Co-Authored-By: Andy Botting <andy@andybotting.com>
Change-Id: I1491f5b5a895b214e16263c9a2f57838911789be

manifests/wsgi/apache_api.pp

@@ -74,6 +74,14 @@
 #     The log file name for the virtualhost.
 #     Optional. Defaults to undef.
 #
+#   [*access_log_pipe*]
+#     Specifies a pipe where Apache sends access logs for the virtualhost.
+#     Optional. Defaults to undef.
+#
+#   [*access_log_syslog*]
+#     Sends the virtualhost access log messages to syslog.
+#     Optional. Defaults to undef.
+#
 #   [*access_log_format*]
 #     The log format for the virtualhost.
 #     Optional. Defaults to undef.
@@ -82,6 +90,14 @@
 #     The error log file name for the virtualhost.
 #     Optional. Defaults to undef.
 #
+#   [*error_log_pipe*]
+#     Specifies a pipe where Apache sends error logs for the virtualhost.
+#     Optional. Defaults to undef.
+#
+#   [*error_log_syslog*]
+#     Sends the virtualhost error log messages to syslog.
+#     Optional. Defaults to undef.
+#
 #   [*custom_wsgi_process_options*]
 #     (optional) gives you the opportunity to add custom process options or to
 #     overwrite the default options for the WSGI main process.
@@ -131,8 +147,12 @@ class nova::wsgi::apache_api (
   $threads                     = 1,
   $priority                    = 10,
   $access_log_file             = undef,
+  $access_log_pipe             = undef,
+  $access_log_syslog           = undef,
   $access_log_format           = undef,
   $error_log_file              = undef,
+  $error_log_pipe              = undef,
+  $error_log_syslog            = undef,
   $custom_wsgi_process_options = {},
   $headers                     = undef,
   $request_headers             = undef,
@@ -174,8 +194,12 @@ class nova::wsgi::apache_api (
     request_headers             => $request_headers,
     custom_wsgi_process_options => $custom_wsgi_process_options,
     access_log_file             => $access_log_file,
+    access_log_pipe             => $access_log_pipe,
+    access_log_syslog           => $access_log_syslog,
     access_log_format           => $access_log_format,
     error_log_file              => $error_log_file,
+    error_log_pipe              => $error_log_pipe,
+    error_log_syslog            => $error_log_syslog,
   }
 
 }

manifests/wsgi/apache_metadata.pp

@@ -60,6 +60,14 @@
 #     The log file name for the virtualhost.
 #     Optional. Defaults to undef.
 #
+#   [*access_log_pipe*]
+#     Specifies a pipe where Apache sends access logs for the virtualhost.
+#     Optional. Defaults to undef.
+#
+#   [*access_log_syslog*]
+#     Sends the virtualhost access log messages to syslog.
+#     Optional. Defaults to undef.
+#
 #   [*access_log_format*]
 #     The log format for the virtualhost.
 #     Optional. Defaults to undef.
@@ -68,6 +76,14 @@
 #     The error log file name for the virtualhost.
 #     Optional. Defaults to undef.
 #
+#   [*error_log_pipe*]
+#     Specifies a pipe where Apache sends error logs for the virtualhost.
+#     Optional. Defaults to undef.
+#
+#   [*error_log_syslog*]
+#     Sends the virtualhost error log messages to syslog.
+#     Optional. Defaults to undef.
+#
 #   [*custom_wsgi_process_options*]
 #     (optional) gives you the opportunity to add custom process options or to
 #     overwrite the default options for the WSGI main process.
@@ -118,8 +134,12 @@ class nova::wsgi::apache_metadata (
   $priority                    = 10,
   $ensure_package              = 'present',
   $access_log_file             = undef,
+  $access_log_pipe             = undef,
+  $access_log_syslog           = undef,
   $access_log_format           = undef,
   $error_log_file              = undef,
+  $error_log_pipe              = undef,
+  $error_log_syslog            = undef,
   $custom_wsgi_process_options = {},
   $headers                     = undef,
   $request_headers             = undef,
@@ -169,8 +189,12 @@ class nova::wsgi::apache_metadata (
     request_headers             => $request_headers,
     custom_wsgi_process_options => $custom_wsgi_process_options,
     access_log_file             => $access_log_file,
+    access_log_pipe             => $access_log_pipe,
+    access_log_syslog           => $access_log_syslog,
     access_log_format           => $access_log_format,
     error_log_file              => $error_log_file,
+    error_log_pipe              => $error_log_pipe,
+    error_log_syslog            => $error_log_syslog,
   }
 
 }

releasenotes/notes/httpd-logs-piped-syslog-ecd9fdbb8811c5ce.yaml

@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Added parameters for advanced configuration of httpd access and error log
+    destinations including piped logging and syslog (see `mod_syslog`). Note
+    that mod_syslog requires Apache2 >= 2.5.0.

spec/classes/nova_wsgi_apache_api_spec.rb

@@ -33,8 +33,12 @@ describe 'nova::wsgi::apache_api' do
         :request_headers             => nil,
         :custom_wsgi_process_options => {},
         :access_log_file             => nil,
+        :access_log_pipe             => nil,
+        :access_log_syslog           => nil,
         :access_log_format           => nil,
         :error_log_file              => nil,
+        :error_log_pipe              => nil,
+        :error_log_syslog            => nil,
       )}
     end
 
@@ -63,9 +67,6 @@ describe 'nova::wsgi::apache_api' do
           },
           :headers                     => ['set X-XSS-Protection "1; mode=block"'],
           :request_headers             => ['set Content-Type "application/json"'],
-          :access_log_file             => '/var/log/httpd/access_log',
-          :access_log_format           => 'some format',
-          :error_log_file              => '/var/log/httpd/error_log'
         }
       end
 
@@ -92,9 +93,6 @@ describe 'nova::wsgi::apache_api' do
         :custom_wsgi_process_options => {
           'python_path' => '/my/python/path',
         },
-        :access_log_file             => '/var/log/httpd/access_log',
-        :access_log_format           => 'some format',
-        :error_log_file              => '/var/log/httpd/error_log'
       )}
     end
 
@@ -107,6 +105,119 @@ describe 'nova::wsgi::apache_api' do
       it { should raise_error(Puppet::Error, /nova::api class must be declared in composition layer./) }
     end
 
+    context 'with custom access logging' do
+      let :pre_condition do
+        "include nova
+         class { 'nova::keystone::authtoken':
+           password => 'secrete',
+         }
+         class { 'nova::api':
+           service_name   => 'httpd',
+         }"
+      end
+
+      let :params do
+        {
+          :access_log_format => 'foo',
+          :access_log_syslog => 'syslog:local0',
+          :error_log_syslog  => 'syslog:local1',
+        }
+      end
+
+      it { should contain_openstacklib__wsgi__apache('nova_api_wsgi').with(
+        :access_log_format => params[:access_log_format],
+        :access_log_syslog => params[:access_log_syslog],
+        :error_log_syslog  => params[:error_log_syslog],
+      )}
+    end
+
+    context 'with access_log_file' do
+      let :pre_condition do
+        "include nova
+         class { 'nova::keystone::authtoken':
+           password => 'secrete',
+         }
+         class { 'nova::api':
+           service_name   => 'httpd',
+         }"
+      end
+
+      let :params do
+        {
+          :access_log_file => '/path/to/file',
+        }
+      end
+
+      it { should contain_openstacklib__wsgi__apache('nova_api_wsgi').with(
+        :access_log_file => params[:access_log_file],
+      )}
+    end
+
+    context 'with access_log_pipe' do
+      let :pre_condition do
+        "include nova
+         class { 'nova::keystone::authtoken':
+           password => 'secrete',
+         }
+         class { 'nova::api':
+           service_name   => 'httpd',
+         }"
+      end
+
+      let :params do
+        {
+          :access_log_pipe => 'pipe',
+        }
+      end
+
+      it { should contain_openstacklib__wsgi__apache('nova_api_wsgi').with(
+        :access_log_pipe => params[:access_log_pipe],
+      )}
+    end
+
+    context 'with error_log_file' do
+      let :pre_condition do
+        "include nova
+         class { 'nova::keystone::authtoken':
+           password => 'secrete',
+         }
+         class { 'nova::api':
+           service_name   => 'httpd',
+         }"
+      end
+
+      let :params do
+        {
+          :error_log_file => '/path/to/file',
+        }
+      end
+
+      it { should contain_openstacklib__wsgi__apache('nova_api_wsgi').with(
+        :error_log_file => params[:error_log_file],
+      )}
+    end
+
+    context 'with error_log_pipe' do
+      let :pre_condition do
+        "include nova
+         class { 'nova::keystone::authtoken':
+           password => 'secrete',
+         }
+         class { 'nova::api':
+           service_name   => 'httpd',
+         }"
+      end
+
+      let :params do
+        {
+          :error_log_pipe => 'pipe',
+        }
+      end
+
+      it { should contain_openstacklib__wsgi__apache('nova_api_wsgi').with(
+        :error_log_pipe => params[:error_log_pipe],
+      )}
+    end
   end
 
   on_supported_os({

spec/classes/nova_wsgi_apache_metadata_spec.rb

@@ -31,8 +31,12 @@ describe 'nova::wsgi::apache_metadata' do
         :request_headers             => nil,
         :custom_wsgi_process_options => {},
         :access_log_file             => nil,
+        :access_log_pipe             => nil,
+        :access_log_syslog           => nil,
         :access_log_format           => nil,
         :error_log_file              => nil,
+        :error_log_pipe              => nil,
+        :error_log_syslog            => nil,
       )}
     end
 
@@ -59,9 +63,6 @@ describe 'nova::wsgi::apache_metadata' do
           },
           :headers                     => ['set X-XSS-Protection "1; mode=block"'],
           :request_headers             => ['set Content-Type "application/json"'],
-          :access_log_file             => '/var/log/httpd/access_log',
-          :access_log_format           => 'some format',
-          :error_log_file              => '/var/log/httpd/error_log'
         }
       end
 
@@ -88,9 +89,6 @@ describe 'nova::wsgi::apache_metadata' do
         :custom_wsgi_process_options => {
           'python_path' => '/my/python/path',
         },
-        :access_log_file             => '/var/log/httpd/access_log',
-        :access_log_format           => 'some format',
-        :error_log_file              => '/var/log/httpd/error_log'
       )}
     end
 
@@ -103,6 +101,109 @@ describe 'nova::wsgi::apache_metadata' do
       it { should raise_error(Puppet::Error, /nova::metadata class must be declared in composition layer./) }
     end
 
+    context 'with custom access logging' do
+      let :pre_condition do
+        "include nova
+         class { 'nova::keystone::authtoken':
+           password => 'secrete',
+         }
+         class { 'nova::metadata': }"
+      end
+
+      let :params do
+        {
+          :access_log_format => 'foo',
+          :access_log_syslog => 'syslog:local0',
+          :error_log_syslog  => 'syslog:local1',
+        }
+      end
+
+      it { should contain_openstacklib__wsgi__apache('nova_metadata_wsgi').with(
+        :access_log_format => params[:access_log_format],
+        :access_log_syslog => params[:access_log_syslog],
+        :error_log_syslog  => params[:error_log_syslog],
+      )}
+    end
+
+    context 'with access_log_file' do
+      let :pre_condition do
+        "include nova
+         class { 'nova::keystone::authtoken':
+           password => 'secrete',
+         }
+         class { 'nova::metadata': }"
+      end
+
+      let :params do
+        {
+          :access_log_file => '/path/to/file',
+        }
+      end
+
+      it { should contain_openstacklib__wsgi__apache('nova_metadata_wsgi').with(
+        :access_log_file => params[:access_log_file],
+      )}
+    end
+
+    context 'with access_log_pipe' do
+      let :pre_condition do
+        "include nova
+         class { 'nova::keystone::authtoken':
+           password => 'secrete',
+         }
+         class { 'nova::metadata': }"
+      end
+
+      let :params do
+        {
+          :access_log_pipe => 'pipe',
+        }
+      end
+
+      it { should contain_openstacklib__wsgi__apache('nova_metadata_wsgi').with(
+        :access_log_pipe => params[:access_log_pipe],
+      )}
+    end
+
+    context 'with error_log_file' do
+      let :pre_condition do
+        "include nova
+         class { 'nova::keystone::authtoken':
+           password => 'secrete',
+         }
+         class { 'nova::metadata': }"
+      end
+
+      let :params do
+        {
+          :error_log_file => '/path/to/file',
+        }
+      end
+
+      it { should contain_openstacklib__wsgi__apache('nova_metadata_wsgi').with(
+        :error_log_file => params[:error_log_file],
+      )}
+    end
+
+    context 'with error_log_pipe' do
+      let :pre_condition do
+        "include nova
+         class { 'nova::keystone::authtoken':
+           password => 'secrete',
+         }
+         class { 'nova::metadata': }"
+      end
+
+      let :params do
+        {
+          :error_log_pipe => 'pipe',
+        }
+      end
+
+      it { should contain_openstacklib__wsgi__apache('nova_metadata_wsgi').with(
+        :error_log_pipe => params[:error_log_pipe],
+      )}
+    end
   end
 
   on_supported_os({