From 01d96ea057c1ae228b42b6c02481d409f2ec2598 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= <cjeanner@redhat.com>
Date: Thu, 29 Nov 2018 09:17:25 +0100
Subject: [PATCH] Allow to set log facility for HAProxy

This change allows to get a better filtering at (r)syslog level, as
we can now dedicate a facility for this service.

Change-Id: I8fee040287940188f6bc6bc35bdbdaf6c234cbfd
---
 manifests/haproxy.pp                          |  7 ++++-
 .../haproxy-facility-8196cc8e1299d79b.yaml    |  3 +++
 spec/classes/tripleo_haproxy_spec.rb          | 26 +++++++++++++++++++
 3 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/haproxy-facility-8196cc8e1299d79b.yaml

diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index b58e215c7..14c5cdfc2 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -49,6 +49,10 @@
 #  The IPv4, IPv6 or filesystem socket path of the syslog server.
 #  Defaults to '/dev/log'
 #
+# [*haproxy_log_facility*]
+#  The syslog facility for HAProxy.
+#  Defaults to 'local0'
+#
 # [*activate_httplog*]
 #  Globally activate "httplog" option (in defaults section)
 #  In case the listener is NOT set to "http" mode, HAProxy will fallback to "tcplog".
@@ -597,6 +601,7 @@ class tripleo::haproxy (
   $haproxy_listen_bind_param   = [ 'transparent' ],
   $haproxy_member_options      = [ 'check', 'inter 2000', 'rise 2', 'fall 5' ],
   $haproxy_log_address         = '/dev/log',
+  $haproxy_log_facility        = 'local0',
   $activate_httplog            = false,
   $haproxy_globals_override    = {},
   $haproxy_defaults_override   = {},
@@ -824,7 +829,7 @@ class tripleo::haproxy (
   }
 
   $haproxy_global_options = {
-    'log'                      => "${haproxy_log_address} local0",
+    'log'                      => "${haproxy_log_address} ${haproxy_log_facility}",
     'pidfile'                  => '/var/run/haproxy.pid',
     'user'                     => 'haproxy',
     'group'                    => 'haproxy',
diff --git a/releasenotes/notes/haproxy-facility-8196cc8e1299d79b.yaml b/releasenotes/notes/haproxy-facility-8196cc8e1299d79b.yaml
new file mode 100644
index 000000000..d777fe1a9
--- /dev/null
+++ b/releasenotes/notes/haproxy-facility-8196cc8e1299d79b.yaml
@@ -0,0 +1,3 @@
+---
+features:
+  - Add new parameter haproxy_log_facility.
diff --git a/spec/classes/tripleo_haproxy_spec.rb b/spec/classes/tripleo_haproxy_spec.rb
index 0dc0955e5..b227377e7 100644
--- a/spec/classes/tripleo_haproxy_spec.rb
+++ b/spec/classes/tripleo_haproxy_spec.rb
@@ -160,6 +160,32 @@ describe 'tripleo::haproxy' do
         )
       end
     end
+
+    describe "set log facility" do
+      before :each do
+        params.merge!({
+          :haproxy_log_facility => 'local7',
+        })
+      end
+      it 'should set log facility' do
+        is_expected.to contain_class('haproxy').with(
+          :global_options => {
+            'log'     => '/dev/log local7',
+            'pidfile' => '/var/run/haproxy.pid',
+            'user'    => 'haproxy',
+            'group'   => 'haproxy',
+            'maxconn' => 20480,
+            'ssl-default-bind-ciphers' => "!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES",
+            'ssl-default-bind-options' => "no-sslv3 no-tlsv10",
+            'stats'                    => [
+              'socket /var/lib/haproxy/stats mode 600 level user',
+              'timeout 2m'
+            ],
+            'daemon' => '',
+          }
+        )
+      end
+    end
   end
 
   on_supported_os.each do |os, facts|