Allow to set log facility for HAProxy

This change allows to get a better filtering at (r)syslog level, as we can now dedicate a facility for this service. Partial-Bug: #1814880 Change-Id: I8fee040287940188f6bc6bc35bdbdaf6c234cbfd (cherry picked from commit 01d96ea057)
2018-11-29 09:17:25 +01:00 · 2018-11-29 09:17:25 +01:00 · 7b4ac4603f
parent 63862fbeba
commit 7b4ac4603f
3 changed files with 35 additions and 1 deletions
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@ -49,6 +49,10 @@
 #  The IPv4, IPv6 or filesystem socket path of the syslog server.
 #  Defaults to '/dev/log'
 #
+# [*haproxy_log_facility*]
+#  The syslog facility for HAProxy.
+#  Defaults to 'local0'
+#
 # [*activate_httplog*]
 #  Globally activate "httplog" option (in defaults section)
 #  In case the listener is NOT set to "http" mode, HAProxy will fallback to "tcplog".
@ -581,6 +585,7 @@ class tripleo::haproxy (
  $haproxy_listen_bind_param   = [ 'transparent' ],
  $haproxy_member_options      = [ 'check', 'inter 2000', 'rise 2', 'fall 5' ],
  $haproxy_log_address         = '/dev/log',
+  $haproxy_log_facility        = 'local0',
  $activate_httplog            = false,
  $haproxy_globals_override    = {},
  $haproxy_defaults_override   = {},
@ -801,7 +806,7 @@ class tripleo::haproxy (
  }

  $haproxy_global_options = {
-    'log'                      => "${haproxy_log_address} local0",
+    'log'                      => "${haproxy_log_address} ${haproxy_log_facility}",
    'pidfile'                  => '/var/run/haproxy.pid',
    'user'                     => 'haproxy',
    'group'                    => 'haproxy',
--- a/releasenotes/notes/haproxy-facility-8196cc8e1299d79b.yaml
+++ b/releasenotes/notes/haproxy-facility-8196cc8e1299d79b.yaml
@ -0,0 +1,3 @@
+---
+features:
+  - Add new parameter haproxy_log_facility.
--- a/spec/classes/tripleo_haproxy_spec.rb
+++ b/spec/classes/tripleo_haproxy_spec.rb
@ -160,6 +160,32 @@ describe 'tripleo::haproxy' do
        )
      end
    end
+
+    describe "set log facility" do
+      before :each do
+        params.merge!({
+          :haproxy_log_facility => 'local7',
+        })
+      end
+      it 'should set log facility' do
+        is_expected.to contain_class('haproxy').with(
+          :global_options => {
+            'log'     => '/dev/log local7',
+            'pidfile' => '/var/run/haproxy.pid',
+            'user'    => 'haproxy',
+            'group'   => 'haproxy',
+            'maxconn' => 20480,
+            'ssl-default-bind-ciphers' => "!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES",
+            'ssl-default-bind-options' => "no-sslv3 no-tlsv10",
+            'stats'                    => [
+              'socket /var/lib/haproxy/stats mode 600 level user',
+              'timeout 2m'
+            ],
+            'daemon' => '',
+          }
+        )
+      end
+    end
  end

  on_supported_os.each do |os, facts|