From 0576e26234206ab36b161cd43e6b2b69daf49948 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= Date: Wed, 28 Nov 2018 13:56:13 +0100 Subject: [PATCH] Ensure we get dedicated logging file for HAProxy With the current configuration, HAProxy logs are in the host journal. This isn't really friendly when you want to debug issues with this service. This patches ensures HAProxy logs are in a dedicated file, using the syslog facility set in its configuration. Depends-On: I8fee040287940188f6bc6bc35bdbdaf6c234cbfd Change-Id: Ia615ac07d0c559deb65e307bb6254127e989794d --- common/deploy-steps-tasks.yaml | 8 ++++ docker/services/haproxy.yaml | 28 +++++++++++++- docker/services/pacemaker/haproxy.yaml | 38 +++++++++++++++++++ puppet/services/haproxy.yaml | 5 +++ puppet/services/pacemaker/haproxy.yaml | 10 +++++ .../notes/haproxy-log-2805e3697cbadf49.yaml | 4 ++ 6 files changed, 92 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/haproxy-log-2805e3697cbadf49.yaml diff --git a/common/deploy-steps-tasks.yaml b/common/deploy-steps-tasks.yaml index c0fb410c0a..4eb557c66d 100644 --- a/common/deploy-steps-tasks.yaml +++ b/common/deploy-steps-tasks.yaml @@ -21,6 +21,14 @@ - name: Write config data at the start of step 1 when: step == "1" block: + - name: Create and ensure setype for /var/log/containers directory + file: + path: /var/log/containers + state: directory + setype: var_log_t + selevel: s0 + tags: + - host_config - name: Create /var/lib/tripleo-config directory file: path: /var/lib/tripleo-config diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml index 429d5960bf..7ced5afed1 100644 --- a/docker/services/haproxy.yaml +++ b/docker/services/haproxy.yaml @@ -40,6 +40,10 @@ parameters: default: /dev/log description: Syslog address where HAproxy will send its log type: string + HAProxySyslogFacility: + default: local0 + description: Syslog facility HAProxy will use for its logs + type: string SSLCertificate: default: '' description: > @@ -121,6 +125,8 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + HAProxySyslogAddress: {get_param: HAProxySyslogAddress} + HAProxySyslogFacility: {get_param: HAProxySyslogFacility} HAProxyLogging: type: OS::TripleO::Services::Logging::HAProxy @@ -279,13 +285,33 @@ outputs: - haproxy host_prep_tasks: - {get_attr: [HAProxyBase, role_data, host_prep_tasks]} + - name: Check if rsyslog exists + shell: systemctl is-active rsyslog + register: rsyslog_config + - when: rsyslog_config.rc == 0 + block: + - name: Forward logging to haproxy.log file + blockinfile: + content: | + if $syslogfacility-text == '{{facility}}' and $programname == 'haproxy' then -/var/log/containers/haproxy/haproxy.log + & stop + create: yes + path: /etc/rsyslog.d/openstack-haproxy.conf + vars: + facility: {get_param: HAProxySyslogFacility} + register: logconfig + - name: restart rsyslog service after logging conf change + service: + name: rsyslog + state: restarted + when: logconfig is changed - name: create persistent directories file: path: "{{ item.path }}" state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/haproxy, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/haproxy, 'setype': var_log_t } - { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t } - name: haproxy logs readme copy: diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml index c143d3b7e6..d8e1c40ad9 100644 --- a/docker/services/pacemaker/haproxy.yaml +++ b/docker/services/pacemaker/haproxy.yaml @@ -75,6 +75,14 @@ parameters: HAProxyInternalTLSKeysDirectory: default: '/etc/pki/tls/private/haproxy' type: string + HAProxySyslogAddress: + default: /dev/log + description: Syslog address where HAproxy will send its log + type: string + HAProxySyslogFacility: + default: local0 + description: Syslog facility HAProxy will use for its logs + type: string ConfigDebug: default: false description: Whether to run config management (e.g. Puppet) in debug mode. @@ -126,6 +134,8 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + HAProxySyslogAddress: {get_param: HAProxySyslogAddress} + HAProxySyslogFacility: {get_param: HAProxySyslogFacility} outputs: role_data: @@ -279,13 +289,41 @@ outputs: - {get_param: DeployIdentifier} host_prep_tasks: - {get_attr: [HAProxyBase, role_data, host_prep_tasks]} + - name: Check if rsyslog exists + shell: systemctl is-active rsyslog + register: rsyslog_config + - when: rsyslog_config.rc == 0 + block: + - name: Forward logging to haproxy.log file + blockinfile: + content: | + if $syslogfacility-text == '{{facility}}' and $programname == 'haproxy' then -/var/log/containers/haproxy/haproxy.log + & stop + create: yes + path: /etc/rsyslog.d/openstack-haproxy.conf + vars: + facility: {get_param: HAProxySyslogFacility} + register: logconfig + - name: restart rsyslog service after logging conf change + service: + name: rsyslog + state: restarted + when: logconfig is changed - name: create persistent directories file: path: "{{ item.path }}" state: directory setype: "{{ item.setype }}" with_items: + - { 'path': /var/log/containers/haproxy, 'setype': var_log_t } - { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t } + - name: haproxy logs readme + copy: + dest: /var/log/haproxy/readme.txt + content: | + Log files from the haproxy containers can be found under + /var/log/containers/haproxy. + ignore_errors: true metadata_settings: get_attr: [HAProxyBase, role_data, metadata_settings] deploy_steps_tasks: diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index b763c13758..caa41cd6c2 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -46,6 +46,10 @@ parameters: default: /dev/log description: Syslog address where HAproxy will send its log type: string + HAProxySyslogFacility: + default: local0 + description: Syslog facility HAProxy will use for its logs + type: string HAProxyStatsEnabled: default: true description: Whether or not to enable the HAProxy stats interface. @@ -140,6 +144,7 @@ outputs: '107 haproxy stats': dport: 1993 tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress} + tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility} tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser} tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword} tripleo::haproxy::redis_password: {get_param: RedisPassword} diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml index b91e570b56..9c65179e8f 100644 --- a/puppet/services/pacemaker/haproxy.yaml +++ b/puppet/services/pacemaker/haproxy.yaml @@ -30,6 +30,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + HAProxySyslogFacility: + default: local0 + description: Syslog facility HAProxy will use for its logs + type: string + HAProxySyslogAddress: + default: /dev/log + description: Syslog address where HAproxy will send its log + type: string resources: LoadbalancerServiceBase: @@ -53,6 +61,8 @@ outputs: - get_attr: [LoadbalancerServiceBase, role_data, config_settings] - tripleo::haproxy::haproxy_service_manage: false tripleo::haproxy::mysql_clustercheck: true + tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress} + tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility} step_config: | include ::tripleo::profile::pacemaker::haproxy host_prep_tasks: {get_attr: [LoadbalancerServiceBase, role_data, host_prep_tasks]} diff --git a/releasenotes/notes/haproxy-log-2805e3697cbadf49.yaml b/releasenotes/notes/haproxy-log-2805e3697cbadf49.yaml new file mode 100644 index 0000000000..e3cf3515d2 --- /dev/null +++ b/releasenotes/notes/haproxy-log-2805e3697cbadf49.yaml @@ -0,0 +1,4 @@ +--- +features: + - Allow to output HAProxy in a dedicated file + - Adds new HAProxySyslogFacility param