From ce53777c62370cdd88e038d95e2685dffcc1ecb9 Mon Sep 17 00:00:00 2001
From: Michael Johnson <johnsomor@gmail.com>
Date: Tue, 28 Apr 2020 15:25:18 -0700
Subject: [PATCH] Add support for Octavia amphora log offloading

This patch configures Octavia to enable amphora log offloading
to the Octavia rsyslog container if the OctaviaOffloadAllLogs
parameter is True.

Depends-On: https://review.opendev.org/#/c/733710
Change-Id: Ic4ee6f4a150200531491cdd78ca3c4f66e5d1ffb
(cherry picked from commit 0d52c6066a8e33cea100525a1f0b2c2fd5d301da)
---
 tripleo_ansible/playbooks/octavia-files.yaml  |  1 +
 .../roles/octavia_common/defaults/main.yml    |  1 +
 .../tasks/main.yml                            | 55 +++++++++++++++++++
 .../templates/10-octavia.conf.j2              | 14 +++++
 4 files changed, 71 insertions(+)
 create mode 100644 tripleo_ansible/roles/octavia_controller_post_config/templates/10-octavia.conf.j2

diff --git a/tripleo_ansible/playbooks/octavia-files.yaml b/tripleo_ansible/playbooks/octavia-files.yaml
index 3b2659b2a..c83d7e989 100644
--- a/tripleo_ansible/playbooks/octavia-files.yaml
+++ b/tripleo_ansible/playbooks/octavia-files.yaml
@@ -95,5 +95,6 @@
   vars:
     octavia_confd_prefix: "/var/lib/config-data/puppet-generated/octavia"
     container_cli: "{{ container_cli }}"
+    enable_log_offloading: "{{ enable_log_offloading }}"
   roles:
     - octavia_controller_post_config
diff --git a/tripleo_ansible/roles/octavia_common/defaults/main.yml b/tripleo_ansible/roles/octavia_common/defaults/main.yml
index 84b0f0c8d..fcec52264 100644
--- a/tripleo_ansible/roles/octavia_common/defaults/main.yml
+++ b/tripleo_ansible/roles/octavia_common/defaults/main.yml
@@ -17,3 +17,4 @@ lb_mgmt_subnet_pool_end: "172.24.255.254"
 lb_mgmt_sec_grp_name: "lb-mgmt-sec-grp"
 lb_health_mgr_sec_grp_name: "lb-health-mgr-sec-grp"
 mgmt_port_dev: "o-hm0"
+enable_log_offloading: false
diff --git a/tripleo_ansible/roles/octavia_controller_post_config/tasks/main.yml b/tripleo_ansible/roles/octavia_controller_post_config/tasks/main.yml
index 8176f52d9..4055e115f 100644
--- a/tripleo_ansible/roles/octavia_controller_post_config/tasks/main.yml
+++ b/tripleo_ansible/roles/octavia_controller_post_config/tasks/main.yml
@@ -14,6 +14,35 @@
   set_fact:
     o_hm_ip_list: "{{ o_hm_ip_list[:-2] }}"
 
+- name: configure amphora log offloading
+  block:
+    - name: create ip list (rsyslog)
+      set_fact:
+        o_rsyslog_ip_list: "{% for octavia_node in groups['octavia_nodes'] %}{{ hostvars[octavia_node].mgmt_port_ip }}:514, {%endfor%}"
+
+    - name: create ip list (remove the last two characters) (rsyslog)
+      set_fact:
+        o_rsyslog_ip_list: "{{ o_rsyslog_ip_list[:-2] }}"
+
+    - name: create /etc/rsyslog.d
+      become: true
+      become_user: root
+      file:
+        state: directory
+        path: "{{ octavia_confd_prefix }}/etc/rsyslog.d"
+        selevel: s0
+        setype: svirt_sandbox_file_t
+
+    - name: create rsyslog 10-octavia.conf
+      become: true
+      become_user: root
+      template:
+        src: templates/10-octavia.conf.j2
+        dest: "{{ octavia_confd_prefix }}/etc/rsyslog.d/10-octavia.conf"
+        selevel: s0
+        setype: svirt_sandbox_file_t
+  when: enable_log_offloading | bool
+
 - name: read the current IP list
   become: true
   become_user: root
@@ -48,6 +77,32 @@
   when:
     - octavia_config_updated
 
+- name: setting [amphora_agent]/tenant_log_targets
+  become: true
+  become_user: root
+  ini_file:
+    section: "amphora_agent"
+    option: "tenant_log_targets"
+    value: "{{ o_rsyslog_ip_list }}"
+    path: "{{ octavia_confd_prefix }}/etc/octavia/post-deploy.conf"
+    selevel: s0
+    setype: svirt_sandbox_file_t
+  when:
+    - enable_log_offloading | bool
+
+- name: setting [amphora_agent]/admin_log_targets
+  become: true
+  become_user: root
+  ini_file:
+    section: "amphora_agent"
+    option: "admin_log_targets"
+    value: "{{ o_rsyslog_ip_list }}"
+    path: "{{ octavia_confd_prefix }}/etc/octavia/post-deploy.conf"
+    selevel: s0
+    setype: svirt_sandbox_file_t
+  when:
+    - enable_log_offloading | bool
+
 - name: get list of running octavia services
   become: true
   become_user: root
diff --git a/tripleo_ansible/roles/octavia_controller_post_config/templates/10-octavia.conf.j2 b/tripleo_ansible/roles/octavia_controller_post_config/templates/10-octavia.conf.j2
new file mode 100644
index 000000000..3327ea569
--- /dev/null
+++ b/tripleo_ansible/roles/octavia_controller_post_config/templates/10-octavia.conf.j2
@@ -0,0 +1,14 @@
+module(load="imudp")
+input(type="imudp" address="{{ mgmt_port_ip }}" port="514")
+
+# Output the amphora tenant traffic flow logs
+if ($inputname == "imudp" and $syslogfacility-text == "local0" and $syslogseverity-text == "info" and $hostname startswith "amphora") then {
+    action(type="omfile" FileCreateMode="0644" File="/var/log/octavia/octavia-tenant-traffic.log")
+    stop
+}
+
+# Output the amphora administrative logs
+if ($inputname == "imudp" and $syslogfacility-text == "local1" and $hostname startswith "amphora") then {
+    action(type="omfile" FileCreateMode="0644" File="/var/log/octavia/octavia-amphora.log")
+    stop
+}