Browse Source

Ensure we get dedicated logging file for HAProxy

With the current configuration, HAProxy logs are in the host journal.
This isn't really friendly when you want to debug issues with this service.

This patches ensures HAProxy logs are in a dedicated file, using the syslog
facility set in its configuration.

Depends-On: I8fee040287940188f6bc6bc35bdbdaf6c234cbfd
Change-Id: Ia615ac07d0c559deb65e307bb6254127e989794d
changes/01/620601/16
Cédric Jeanneret 3 years ago
parent
commit
0576e26234
  1. 8
      common/deploy-steps-tasks.yaml
  2. 28
      docker/services/haproxy.yaml
  3. 38
      docker/services/pacemaker/haproxy.yaml
  4. 5
      puppet/services/haproxy.yaml
  5. 10
      puppet/services/pacemaker/haproxy.yaml
  6. 4
      releasenotes/notes/haproxy-log-2805e3697cbadf49.yaml

8
common/deploy-steps-tasks.yaml

@ -21,6 +21,14 @@
- name: Write config data at the start of step 1
when: step == "1"
block:
- name: Create and ensure setype for /var/log/containers directory
file:
path: /var/log/containers
state: directory
setype: var_log_t
selevel: s0
tags:
- host_config
- name: Create /var/lib/tripleo-config directory
file:
path: /var/lib/tripleo-config

28
docker/services/haproxy.yaml

@ -40,6 +40,10 @@ parameters:
default: /dev/log
description: Syslog address where HAproxy will send its log
type: string
HAProxySyslogFacility:
default: local0
description: Syslog facility HAProxy will use for its logs
type: string
SSLCertificate:
default: ''
description: >
@ -121,6 +125,8 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
HAProxySyslogAddress: {get_param: HAProxySyslogAddress}
HAProxySyslogFacility: {get_param: HAProxySyslogFacility}
HAProxyLogging:
type: OS::TripleO::Services::Logging::HAProxy
@ -279,13 +285,33 @@ outputs:
- haproxy
host_prep_tasks:
- {get_attr: [HAProxyBase, role_data, host_prep_tasks]}
- name: Check if rsyslog exists
shell: systemctl is-active rsyslog
register: rsyslog_config
- when: rsyslog_config.rc == 0
block:
- name: Forward logging to haproxy.log file
blockinfile:
content: |
if $syslogfacility-text == '{{facility}}' and $programname == 'haproxy' then -/var/log/containers/haproxy/haproxy.log
& stop
create: yes
path: /etc/rsyslog.d/openstack-haproxy.conf
vars:
facility: {get_param: HAProxySyslogFacility}
register: logconfig
- name: restart rsyslog service after logging conf change
service:
name: rsyslog
state: restarted
when: logconfig is changed
- name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/haproxy, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/containers/haproxy, 'setype': var_log_t }
- { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t }
- name: haproxy logs readme
copy:

38
docker/services/pacemaker/haproxy.yaml

@ -75,6 +75,14 @@ parameters:
HAProxyInternalTLSKeysDirectory:
default: '/etc/pki/tls/private/haproxy'
type: string
HAProxySyslogAddress:
default: /dev/log
description: Syslog address where HAproxy will send its log
type: string
HAProxySyslogFacility:
default: local0
description: Syslog facility HAProxy will use for its logs
type: string
ConfigDebug:
default: false
description: Whether to run config management (e.g. Puppet) in debug mode.
@ -126,6 +134,8 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
HAProxySyslogAddress: {get_param: HAProxySyslogAddress}
HAProxySyslogFacility: {get_param: HAProxySyslogFacility}
outputs:
role_data:
@ -279,13 +289,41 @@ outputs:
- {get_param: DeployIdentifier}
host_prep_tasks:
- {get_attr: [HAProxyBase, role_data, host_prep_tasks]}
- name: Check if rsyslog exists
shell: systemctl is-active rsyslog
register: rsyslog_config
- when: rsyslog_config.rc == 0
block:
- name: Forward logging to haproxy.log file
blockinfile:
content: |
if $syslogfacility-text == '{{facility}}' and $programname == 'haproxy' then -/var/log/containers/haproxy/haproxy.log
& stop
create: yes
path: /etc/rsyslog.d/openstack-haproxy.conf
vars:
facility: {get_param: HAProxySyslogFacility}
register: logconfig
- name: restart rsyslog service after logging conf change
service:
name: rsyslog
state: restarted
when: logconfig is changed
- name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/haproxy, 'setype': var_log_t }
- { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t }
- name: haproxy logs readme
copy:
dest: /var/log/haproxy/readme.txt
content: |
Log files from the haproxy containers can be found under
/var/log/containers/haproxy.
ignore_errors: true
metadata_settings:
get_attr: [HAProxyBase, role_data, metadata_settings]
deploy_steps_tasks:

5
puppet/services/haproxy.yaml

@ -46,6 +46,10 @@ parameters:
default: /dev/log
description: Syslog address where HAproxy will send its log
type: string
HAProxySyslogFacility:
default: local0
description: Syslog facility HAProxy will use for its logs
type: string
HAProxyStatsEnabled:
default: true
description: Whether or not to enable the HAProxy stats interface.
@ -140,6 +144,7 @@ outputs:
'107 haproxy stats':
dport: 1993
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility}
tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
tripleo::haproxy::redis_password: {get_param: RedisPassword}

10
puppet/services/pacemaker/haproxy.yaml

@ -30,6 +30,14 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
HAProxySyslogFacility:
default: local0
description: Syslog facility HAProxy will use for its logs
type: string
HAProxySyslogAddress:
default: /dev/log
description: Syslog address where HAproxy will send its log
type: string
resources:
LoadbalancerServiceBase:
@ -53,6 +61,8 @@ outputs:
- get_attr: [LoadbalancerServiceBase, role_data, config_settings]
- tripleo::haproxy::haproxy_service_manage: false
tripleo::haproxy::mysql_clustercheck: true
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility}
step_config: |
include ::tripleo::profile::pacemaker::haproxy
host_prep_tasks: {get_attr: [LoadbalancerServiceBase, role_data, host_prep_tasks]}

4
releasenotes/notes/haproxy-log-2805e3697cbadf49.yaml

@ -0,0 +1,4 @@
---
features:
- Allow to output HAProxy in a dedicated file
- Adds new HAProxySyslogFacility param
Loading…
Cancel
Save