307 lines
9.4 KiB
Puppet
307 lines
9.4 KiB
Puppet
# Copyright 2016 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
# == Class: tripleo::profile::base::logging::fluentd
|
|
#
|
|
# FluentD configuration for TripleO
|
|
#
|
|
# === Parameters
|
|
#
|
|
# [*step*]
|
|
# (Optional) String. The current step of the deployment
|
|
# Defaults to hiera('step')
|
|
#
|
|
# [*fluentd_sources*]
|
|
# (Optional) List of dictionaries. A list of sources for fluentd.
|
|
#
|
|
# [*fluentd_filters*]
|
|
# (Optional) List of dictionaries. A list of filters for fluentd.
|
|
#
|
|
# [*fluentd_servers*]
|
|
# (Optional) List of dictionaries. A list of destination hosts for
|
|
# fluentd. Each should be of the form {host=>'my.host.name',
|
|
# 'port'=>24224}
|
|
#
|
|
# [*fluentd_groups*]
|
|
# (Optional) List of strings. Add the 'fluentd' user to these groups.
|
|
#
|
|
# [*fluentd_manage_groups*]
|
|
# (Optional) Boolean. If true, modify the group membership of the
|
|
# fluentd_config_user using information provided by fluentd_groups
|
|
# and the per-service configurations.
|
|
#
|
|
# [*fluentd_use_ssl*]
|
|
# (Optional) Boolean. If true, use the secure_forward plugin.
|
|
#
|
|
# [*fluentd_ssl_certificate*]
|
|
# (Required if fluentd_use_ssl is true) PEM encoded certificate data from
|
|
# for example "secure-forward-ca-generate".
|
|
#
|
|
# [*fluentd_shared_key*]
|
|
# (Required if fluentd_use_ssl is true) Shared secret key for fluentd
|
|
# secure-foward plugin.
|
|
#
|
|
# [*fluentd_monitoring*]
|
|
# (Optional, default true) When true, fluentd will have REST API interface
|
|
# for monitoring purposes.
|
|
#
|
|
# [*fluentd_monitoring_bind*]
|
|
# (Optional, default '127.0.0.1') Interface on which fluentd monitoring
|
|
# interface should listen if $fluentd_monitoring is true.
|
|
#
|
|
# [*fluentd_monitoring_port*]
|
|
# (Optional, default 24220) Port on which fluentd monitoring interface
|
|
# should listen if $fluentd_monitoring is true.
|
|
#
|
|
# [*fluentd_listen_syslog*]
|
|
# (Optional, default true) When true, fluentd will listen for syslog
|
|
# messages on a local UDP port.
|
|
#
|
|
# [*fluentd_syslog_port*]
|
|
# (Optional, default 42185) Port on which fluentd should listen if
|
|
# $fluentd_listen_syslog is true.
|
|
#
|
|
# [*fluentd_path_transform*]
|
|
# (Optional) List. Specifies [find, replace] arguments that will be
|
|
# used to transform the 'path' value for logging sources using puppet's
|
|
# regsubst function.
|
|
#
|
|
# [*fluentd_pos_file_path*]
|
|
# (Optional) String. Path to a directory that will be created
|
|
# if it does not exist and made writable by the fluentd user.
|
|
#
|
|
# [*fluentd_default_format*]
|
|
# (Optional) String. Default log format if not otherwise specified
|
|
# in a log source definition.
|
|
#
|
|
# [*fluentd_service_user*]
|
|
# (Optional) String. Username that will run the fluentd service.
|
|
# This will be used to create a systemd drop-in for the fluentd
|
|
# service that sets User explicitly.
|
|
#
|
|
# [*service_names*]
|
|
# (Optional) List of services enabled on the current role. This is used
|
|
# to obtain per-service configuration information.
|
|
#
|
|
# [*fluentd_managed_rsyslog*]
|
|
# (Optional, default false) Let fluentd configure and restart rsyslog
|
|
# service
|
|
class tripleo::profile::base::logging::fluentd (
|
|
$step = Integer(hiera('step')),
|
|
$fluentd_sources = undef,
|
|
$fluentd_filters = undef,
|
|
$fluentd_servers = undef,
|
|
$fluentd_groups = undef,
|
|
$fluentd_manage_groups = true,
|
|
$fluentd_use_ssl = undef,
|
|
$fluentd_ssl_certificate = undef,
|
|
$fluentd_shared_key = undef,
|
|
$fluentd_listen_syslog = true,
|
|
$fluentd_syslog_port = 42185,
|
|
$fluentd_path_transform = undef,
|
|
$fluentd_pos_file_path = undef,
|
|
$fluentd_default_format = undef,
|
|
$fluentd_service_user = undef,
|
|
$fluentd_monitoring = true,
|
|
$fluentd_monitoring_bind = '127.0.0.1',
|
|
$fluentd_monitoring_port = 24220,
|
|
$service_names = hiera('service_names', []),
|
|
$fluentd_managed_rsyslog = false
|
|
) {
|
|
if $step >= 4 {
|
|
warning('Service fluentd is deprecated. Please take in mind, that it going to be removed in T release.')
|
|
|
|
include ::fluentd
|
|
include ::systemd::systemctl::daemon_reload
|
|
|
|
$_fluentd_service_user = pick($fluentd_service_user,
|
|
$::fluentd::config_owner,
|
|
'fluentd')
|
|
|
|
# don't manage groups for 'root'
|
|
$_fluentd_manage_groups = $_fluentd_service_user ? {
|
|
'root' => false,
|
|
default => $fluentd_manage_groups,
|
|
}
|
|
|
|
::systemd::dropin_file { 'fluentd_user.conf':
|
|
unit => "${::fluentd::service_name}.service",
|
|
content => template('tripleo/fluentd/fluentd_user.conf.erb'),
|
|
}
|
|
~> Service['fluentd']
|
|
|
|
# Load per-service plugin configuration
|
|
::tripleo::profile::base::logging::fluentd::fluentd_service {
|
|
$service_names:
|
|
pos_file_path => $fluentd_pos_file_path,
|
|
default_format => $fluentd_default_format,
|
|
fluentd_transform => $fluentd_path_transform
|
|
}
|
|
|
|
if $_fluentd_manage_groups {
|
|
# compute a list of all the groups of which the fluentd user
|
|
# should be a member.
|
|
$_tmpgroups1 = $service_names.map |$srv| {
|
|
hiera("tripleo_fluentd_groups_${srv}", undef)
|
|
}.filter |$new_srv| { ! empty($new_srv) }.flatten()
|
|
|
|
$_tmpgroups2 = any2array($fluentd_groups)
|
|
$groups = concat($_tmpgroups2,
|
|
$_tmpgroups1)
|
|
|
|
if !empty($groups) {
|
|
Package<| tag == 'openstack' |>
|
|
-> user { $_fluentd_service_user:
|
|
ensure => present,
|
|
groups => $groups,
|
|
membership => 'minimum',
|
|
}
|
|
~> Service[$::fluentd::service_name]
|
|
}
|
|
}
|
|
|
|
if $fluentd_pos_file_path {
|
|
file { $fluentd_pos_file_path:
|
|
ensure => 'directory',
|
|
owner => $_fluentd_service_user,
|
|
group => $::fluentd::config_group,
|
|
mode => '0750',
|
|
recurse => true,
|
|
}
|
|
~> Service[$::fluentd::service_name]
|
|
}
|
|
|
|
::fluentd::plugin { 'rubygem-fluent-plugin-add':
|
|
plugin_provider => 'yum',
|
|
}
|
|
|
|
if $fluentd_sources {
|
|
|
|
if $fluentd_path_transform {
|
|
$_fluentd_sources = map($fluentd_sources) |$source| {
|
|
if $source['path'] {
|
|
$newpath = {
|
|
'path' => regsubst($source['path'],
|
|
$fluentd_path_transform[0],
|
|
$fluentd_path_transform[1])
|
|
}
|
|
|
|
$source + $newpath
|
|
} else {
|
|
$source
|
|
}
|
|
}
|
|
} else {
|
|
$_fluentd_sources = $fluentd_sources
|
|
}
|
|
|
|
::fluentd::config { '100-openstack-sources.conf':
|
|
config => {
|
|
'source' => $_fluentd_sources,
|
|
}
|
|
}
|
|
}
|
|
|
|
if $fluentd_monitoring {
|
|
# fluentd will open port for monitoring REST API interface
|
|
::fluentd::config { '110-monitoring-agent.conf':
|
|
config => {
|
|
'source' => {
|
|
'type' => 'monitor_agent',
|
|
'bind' => $fluentd_monitoring_bind,
|
|
'port' => $fluentd_monitoring_port,
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if $fluentd_listen_syslog {
|
|
# fluentd will receive syslog messages by listening on a local udp
|
|
# socket.
|
|
::fluentd::config { '110-system-sources.conf':
|
|
config => {
|
|
'source' => {
|
|
'type' => 'syslog',
|
|
'tag' => 'system.messages',
|
|
'port' => $fluentd_syslog_port,
|
|
}
|
|
}
|
|
}
|
|
|
|
if $fluentd_managed_rsyslog {
|
|
file { '/etc/rsyslog.d/fluentd.conf':
|
|
content => "*.* @127.0.0.1:${fluentd_syslog_port}",
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0644',
|
|
} ~> exec { 'reload rsyslog':
|
|
command => '/bin/systemctl restart rsyslog',
|
|
refreshonly => true,
|
|
}
|
|
}
|
|
}
|
|
|
|
if $fluentd_filters {
|
|
::fluentd::config { '200-openstack-filters.conf':
|
|
config => {
|
|
'filter' => $fluentd_filters,
|
|
}
|
|
}
|
|
}
|
|
|
|
if $fluentd_servers and !empty($fluentd_servers) {
|
|
if $fluentd_use_ssl {
|
|
::fluentd::plugin { 'rubygem-fluent-plugin-secure-forward':
|
|
plugin_provider => 'yum',
|
|
}
|
|
|
|
file {'/etc/fluentd/ca_cert.pem':
|
|
content => $fluentd_ssl_certificate,
|
|
owner => $_fluentd_service_user,
|
|
group => $::fluentd::config_group,
|
|
mode => '0444',
|
|
}
|
|
|
|
::fluentd::config { '300-openstack-matches.conf':
|
|
config => {
|
|
'match' => {
|
|
# lint:ignore:single_quote_string_with_variables
|
|
# lint:ignore:quoted_booleans
|
|
'type' => 'secure_forward',
|
|
'tag_pattern' => '**',
|
|
'self_hostname' => '${hostname}',
|
|
'secure' => 'true',
|
|
'ca_cert_path' => '/etc/fluentd/ca_cert.pem',
|
|
'shared_key' => $fluentd_shared_key,
|
|
'server' => $fluentd_servers,
|
|
# lint:endignore
|
|
# lint:endignore
|
|
}
|
|
}
|
|
}
|
|
} else {
|
|
::fluentd::config { '300-openstack-matches.conf':
|
|
config => {
|
|
'match' => {
|
|
'type' => 'forward',
|
|
'tag_pattern' => '**',
|
|
'server' => $fluentd_servers,
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|