Fix missing groups for fluentd user
This patch moves fluentd deployment to step 4 (the same as openstack services) and makes resource for user fluentd be dependent on all openstack packages, so that we avoid errors such as "usermod: group 'cinder' does not exist". Change-Id: Ibabd4688c00c6a12ea22055c95563d906716954d
This commit is contained in:
parent
c2d3bac2d6
commit
8a29f41838
|
@ -71,105 +71,109 @@ class tripleo::profile::base::logging::fluentd (
|
|||
$fluentd_listen_syslog = true,
|
||||
$fluentd_syslog_port = 42185
|
||||
) {
|
||||
include ::fluentd
|
||||
|
||||
if $fluentd_groups {
|
||||
user { $::fluentd::config_owner:
|
||||
ensure => present,
|
||||
groups => $fluentd_groups,
|
||||
membership => 'minimum',
|
||||
}
|
||||
}
|
||||
if $step >= 4 {
|
||||
include ::fluentd
|
||||
|
||||
if $fluentd_pos_file_path {
|
||||
file { $fluentd_pos_file_path:
|
||||
ensure => 'directory',
|
||||
owner => $::fluentd::config_owner,
|
||||
group => $::fluentd::config_group,
|
||||
mode => '0750',
|
||||
}
|
||||
}
|
||||
|
||||
::fluentd::plugin { 'rubygem-fluent-plugin-add':
|
||||
plugin_provider => 'yum',
|
||||
}
|
||||
|
||||
if $fluentd_sources {
|
||||
::fluentd::config { '100-openstack-sources.conf':
|
||||
config => {
|
||||
'source' => $fluentd_sources,
|
||||
if $fluentd_groups {
|
||||
Package<| tag == 'openstack' |> ->
|
||||
user { $::fluentd::config_owner:
|
||||
ensure => present,
|
||||
groups => $fluentd_groups,
|
||||
membership => 'minimum',
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if $fluentd_listen_syslog {
|
||||
# fluentd will receive syslog messages by listening on a local udp
|
||||
# socket.
|
||||
::fluentd::config { '110-system-sources.conf':
|
||||
config => {
|
||||
'source' => {
|
||||
'type' => 'syslog',
|
||||
'tag' => 'system.messages',
|
||||
'port' => $fluentd_syslog_port,
|
||||
if $fluentd_pos_file_path {
|
||||
file { $fluentd_pos_file_path:
|
||||
ensure => 'directory',
|
||||
owner => $::fluentd::config_owner,
|
||||
group => $::fluentd::config_group,
|
||||
mode => '0750',
|
||||
}
|
||||
}
|
||||
|
||||
::fluentd::plugin { 'rubygem-fluent-plugin-add':
|
||||
plugin_provider => 'yum',
|
||||
}
|
||||
|
||||
if $fluentd_sources {
|
||||
::fluentd::config { '100-openstack-sources.conf':
|
||||
config => {
|
||||
'source' => $fluentd_sources,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
file { '/etc/rsyslog.d/fluentd.conf':
|
||||
content => "*.* @127.0.0.1:${fluentd_syslog_port}",
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
} ~> exec { 'reload rsyslog':
|
||||
command => '/bin/systemctl restart rsyslog',
|
||||
}
|
||||
}
|
||||
|
||||
if $fluentd_filters {
|
||||
::fluentd::config { '200-openstack-filters.conf':
|
||||
config => {
|
||||
'filter' => $fluentd_filters,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if $fluentd_servers and !empty($fluentd_servers) {
|
||||
if $fluentd_use_ssl {
|
||||
::fluentd::plugin { 'rubygem-fluent-plugin-secure-forward':
|
||||
plugin_provider => 'yum',
|
||||
}
|
||||
|
||||
file {'/etc/fluentd/ca_cert.pem':
|
||||
content => $fluentd_ssl_certificate,
|
||||
owner => $::fluentd::config_owner,
|
||||
group => $::fluentd::config_group,
|
||||
mode => '0444',
|
||||
}
|
||||
|
||||
::fluentd::config { '300-openstack-matches.conf':
|
||||
if $fluentd_listen_syslog {
|
||||
# fluentd will receive syslog messages by listening on a local udp
|
||||
# socket.
|
||||
::fluentd::config { '110-system-sources.conf':
|
||||
config => {
|
||||
'match' => {
|
||||
# lint:ignore:single_quote_string_with_variables
|
||||
# lint:ignore:quoted_booleans
|
||||
'type' => 'secure_forward',
|
||||
'tag_pattern' => '**',
|
||||
'self_hostname' => '${hostname}',
|
||||
'secure' => 'true',
|
||||
'ca_cert_path' => '/etc/fluentd/ca_cert.pem',
|
||||
'shared_key' => $fluentd_shared_key,
|
||||
'server' => $fluentd_servers,
|
||||
# lint:endignore
|
||||
# lint:endignore
|
||||
'source' => {
|
||||
'type' => 'syslog',
|
||||
'tag' => 'system.messages',
|
||||
'port' => $fluentd_syslog_port,
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
::fluentd::config { '300-openstack-matches.conf':
|
||||
|
||||
file { '/etc/rsyslog.d/fluentd.conf':
|
||||
content => "*.* @127.0.0.1:${fluentd_syslog_port}",
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
} ~> exec { 'reload rsyslog':
|
||||
command => '/bin/systemctl restart rsyslog',
|
||||
}
|
||||
}
|
||||
|
||||
if $fluentd_filters {
|
||||
::fluentd::config { '200-openstack-filters.conf':
|
||||
config => {
|
||||
'match' => {
|
||||
'type' => 'forward',
|
||||
'tag_pattern' => '**',
|
||||
'server' => $fluentd_servers,
|
||||
'filter' => $fluentd_filters,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if $fluentd_servers and !empty($fluentd_servers) {
|
||||
if $fluentd_use_ssl {
|
||||
::fluentd::plugin { 'rubygem-fluent-plugin-secure-forward':
|
||||
plugin_provider => 'yum',
|
||||
}
|
||||
|
||||
file {'/etc/fluentd/ca_cert.pem':
|
||||
content => $fluentd_ssl_certificate,
|
||||
owner => $::fluentd::config_owner,
|
||||
group => $::fluentd::config_group,
|
||||
mode => '0444',
|
||||
}
|
||||
|
||||
::fluentd::config { '300-openstack-matches.conf':
|
||||
config => {
|
||||
'match' => {
|
||||
# lint:ignore:single_quote_string_with_variables
|
||||
# lint:ignore:quoted_booleans
|
||||
'type' => 'secure_forward',
|
||||
'tag_pattern' => '**',
|
||||
'self_hostname' => '${hostname}',
|
||||
'secure' => 'true',
|
||||
'ca_cert_path' => '/etc/fluentd/ca_cert.pem',
|
||||
'shared_key' => $fluentd_shared_key,
|
||||
'server' => $fluentd_servers,
|
||||
# lint:endignore
|
||||
# lint:endignore
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
::fluentd::config { '300-openstack-matches.conf':
|
||||
config => {
|
||||
'match' => {
|
||||
'type' => 'forward',
|
||||
'tag_pattern' => '**',
|
||||
'server' => $fluentd_servers,
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue