Add support for Octavia amphora log offloading

This patch configures Octavia to enable amphora log offloading
to the Octavia rsyslog container if the OctaviaOffloadAllLogs
parameter is True.

Depends-On: https://review.opendev.org/724187
Change-Id: Ic4ee6f4a150200531491cdd78ca3c4f66e5d1ffb

tripleo_ansible/playbooks/octavia-files.yaml

@@ -95,5 +95,6 @@
   vars:
     octavia_confd_prefix: "/var/lib/config-data/puppet-generated/octavia"
     container_cli: "{{ container_cli }}"
+    enable_log_offloading: "{{ enable_log_offloading }}"
   roles:
     - octavia_controller_post_config

tripleo_ansible/roles/octavia_common/defaults/main.yml

@@ -17,3 +17,4 @@ lb_mgmt_subnet_pool_end: "172.24.255.254"
 lb_mgmt_sec_grp_name: "lb-mgmt-sec-grp"
 lb_health_mgr_sec_grp_name: "lb-health-mgr-sec-grp"
 mgmt_port_dev: "o-hm0"
+enable_log_offloading: false

tripleo_ansible/roles/octavia_controller_post_config/tasks/main.yml

@@ -14,6 +14,35 @@
   set_fact:
     o_hm_ip_list: "{{ o_hm_ip_list[:-2] }}"
 
+- name: configure amphora log offloading
+  block:
+    - name: create ip list (rsyslog)
+      set_fact:
+        o_rsyslog_ip_list: "{% for octavia_node in groups['octavia_nodes'] %}{{ hostvars[octavia_node].mgmt_port_ip }}:514, {%endfor%}"
+
+    - name: create ip list (remove the last two characters) (rsyslog)
+      set_fact:
+        o_rsyslog_ip_list: "{{ o_rsyslog_ip_list[:-2] }}"
+
+    - name: create /etc/rsyslog.d
+      become: true
+      become_user: root
+      file:
+        state: directory
+        path: "{{ octavia_confd_prefix }}/etc/rsyslog.d"
+        selevel: s0
+        setype: svirt_sandbox_file_t
+
+    - name: create rsyslog 10-octavia.conf
+      become: true
+      become_user: root
+      template:
+        src: templates/10-octavia.conf.j2
+        dest: "{{ octavia_confd_prefix }}/etc/rsyslog.d/10-octavia.conf"
+        selevel: s0
+        setype: svirt_sandbox_file_t
+  when: enable_log_offloading | bool
+
 - name: read the current IP list
   become: true
   become_user: root
@@ -48,6 +77,32 @@
   when:
     - octavia_config_updated
 
+- name: setting [amphora_agent]/tenant_log_targets
+  become: true
+  become_user: root
+  ini_file:
+    section: "amphora_agent"
+    option: "tenant_log_targets"
+    value: "{{ o_rsyslog_ip_list }}"
+    path: "{{ octavia_confd_prefix }}/etc/octavia/post-deploy.conf"
+    selevel: s0
+    setype: svirt_sandbox_file_t
+  when:
+    - enable_log_offloading | bool
+
+- name: setting [amphora_agent]/admin_log_targets
+  become: true
+  become_user: root
+  ini_file:
+    section: "amphora_agent"
+    option: "admin_log_targets"
+    value: "{{ o_rsyslog_ip_list }}"
+    path: "{{ octavia_confd_prefix }}/etc/octavia/post-deploy.conf"
+    selevel: s0
+    setype: svirt_sandbox_file_t
+  when:
+    - enable_log_offloading | bool
+
 - name: get list of running octavia services
   become: true
   become_user: root

tripleo_ansible/roles/octavia_controller_post_config/templates/10-octavia.conf.j2

@@ -0,0 +1,14 @@
+module(load="imudp")
+input(type="imudp" address="{{ mgmt_port_ip }}" port="514")
+
+# Output the amphora tenant traffic flow logs
+if ($inputname == "imudp" and $syslogfacility-text == "local0" and $syslogseverity-text == "info" and $hostname startswith "amphora") then {
+    action(type="omfile" FileCreateMode="0644" File="/var/log/octavia/octavia-tenant-traffic.log")
+    stop
+}
+
+# Output the amphora administrative logs
+if ($inputname == "imudp" and $syslogfacility-text == "local1" and $hostname startswith "amphora") then {
+    action(type="omfile" FileCreateMode="0644" File="/var/log/octavia/octavia-amphora.log")
+    stop
+}