From 3d510d7700c92e50733fac5c00feb7db139b7375 Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Tue, 31 Oct 2017 12:15:18 -0400 Subject: [PATCH] Add option for barbican API container to log to stdout/stderr This adds the option to get the barbican API container to log to stdout. The option is disabled by default. If enabled, It also adds a sidecar container that reads the apache access logs. bp logging-stdout-rsyslog Co-Authored-By: Juan Antonio Osorio Robles Change-Id: Ia06fee2826062330a4377ca5fda7e3ba68534af6 --- docker/services/barbican-api.yaml | 43 ++++++------- .../services/logging/files/barbican-api.yaml | 48 ++++++++++++++ .../services/logging/stdout/barbican-api.yaml | 64 +++++++++++++++++++ environments/stdout-logging.yaml | 1 + overcloud-resource-registry-puppet.j2.yaml | 1 + 5 files changed, 134 insertions(+), 23 deletions(-) create mode 100644 docker/services/logging/files/barbican-api.yaml create mode 100644 docker/services/logging/stdout/barbican-api.yaml diff --git a/docker/services/barbican-api.yaml b/docker/services/barbican-api.yaml index 44c03f3c7d..6e2d7f3ec8 100644 --- a/docker/services/barbican-api.yaml +++ b/docker/services/barbican-api.yaml @@ -66,6 +66,10 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + BarbicanApiLogging: + type: OS::TripleO::Services::Logging::BarbicanApi + + outputs: role_data: description: Role data for the Barbican API role. @@ -74,6 +78,7 @@ outputs: config_settings: map_merge: - get_attr: [BarbicanApiBase, role_data, config_settings] + - get_attr: [BarbicanApiLogging, config_settings] - apache::default_vhost: false logging_source: {get_attr: [BarbicanApiBase, role_data, logging_source]} logging_groups: {get_attr: [BarbicanApiBase, role_data, logging_groups]} @@ -99,27 +104,30 @@ outputs: docker_config: # db sync runs before permissions set by kolla_config step_2: - barbican_init_logs: - image: &barbican_api_image {get_param: DockerBarbicanApiImage} - privileged: false - user: root - volumes: - - /var/log/containers/barbican:/var/log/barbican - command: ['/bin/bash', '-c', 'chown -R barbican:barbican /var/log/barbican'] + get_attr: [BarbicanApiLogging, docker_config, step_2] step_3: barbican_api_db_sync: start_order: 0 - image: *barbican_api_image + image: &barbican_api_image {get_param: DockerBarbicanApiImage} net: host detach: false user: root volumes: &barbican_api_volumes list_concat: - {get_attr: [ContainersCommon, volumes]} + - {get_attr: [BarbicanApiLogging, volumes]} - - /var/lib/config-data/barbican/etc/barbican/:/etc/barbican/:ro - - /var/log/containers/barbican:/var/log/barbican - command: "/usr/bin/bootstrap_host_exec barbican_api su barbican -s /bin/bash -c '/usr/bin/barbican-manage db upgrade'" + command: + # NOTE(jaosorior): When providing extra arguments, we need to make sure that they're part + # of the bash -c invocation, so we include them in the quoted db sync command. Hence the + # final single quote that's part of the list_join. + list_join: + - ' ' + - - "/usr/bin/bootstrap_host_exec barbican_api su barbican -s /bin/bash -c '/usr/bin/barbican-manage" + - {get_attr: [BarbicanApiLogging, cmd_extra_args]} + - "db upgrade" + - "'" step_4: barbican_api: image: *barbican_api_image @@ -130,9 +138,9 @@ outputs: volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} + - {get_attr: [BarbicanApiLogging, volumes]} - - /var/lib/kolla/config_files/barbican_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/log/containers/barbican:/var/log/barbican - /var/lib/config-data/puppet-generated/barbican/:/var/lib/kolla/config_files/src:ro - if: @@ -146,18 +154,7 @@ outputs: - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - host_prep_tasks: - - name: create persistent logs directory - file: - path: /var/log/containers/barbican - state: directory - - name: barbican logs readme - copy: - dest: /var/log/barbican/readme.txt - content: | - Log files from barbican containers can be found under - /var/log/containers/barbican. - ignore_errors: true + host_prep_tasks: {get_attr: [BarbicanApiLogging, host_prep_tasks]} upgrade_tasks: - name: Stop and disable barbican_api service tags: step2 diff --git a/docker/services/logging/files/barbican-api.yaml b/docker/services/logging/files/barbican-api.yaml new file mode 100644 index 0000000000..798ca40d79 --- /dev/null +++ b/docker/services/logging/files/barbican-api.yaml @@ -0,0 +1,48 @@ +heat_template_version: pike + +description: > + OpenStack containerized Barbican API service + +parameters: + DockerBarbicanApiImage: + description: image + type: string + +outputs: + cmd_extra_args: + description: Extra command line arguments for running the service in the container. + value: '' + config_settings: + description: Extra hieradata needed to log to files in the host. + value: null + volumes: + description: The volumes needed to log to files in the host. + value: &barbican_api_volumes + - /var/log/containers/barbican:/var/log/barbican + - /var/log/containers/httpd/barbican-api:/var/log/httpd + docker_config: + description: Extra containers needed for logging to files in the host. + value: + step_2: + barbican_init_log: + image: {get_param: DockerBarbicanApiImage} + user: root + volumes: *barbican_api_volumes + command: ['/bin/bash', '-c', 'chown -R barbican:barbican /var/log/barbican'] + host_prep_tasks: + description: Extra ansible tasks needed for logging to files in the host. + value: + - name: create persistent logs directory + file: + path: "{{ item }}" + state: directory + with_items: + - /var/log/containers/barbican + - /var/log/containers/httpd/barbican-api + - name: barbican logs readme + copy: + dest: /var/log/barbican/readme.txt + content: | + Log files from barbican containers can be found under + /var/log/containers/barbican. + ignore_errors: true diff --git a/docker/services/logging/stdout/barbican-api.yaml b/docker/services/logging/stdout/barbican-api.yaml new file mode 100644 index 0000000000..c152b358e7 --- /dev/null +++ b/docker/services/logging/stdout/barbican-api.yaml @@ -0,0 +1,64 @@ +heat_template_version: pike + +description: > + OpenStack containerized Barbican service + +parameters: + DockerBarbicanApiImage: + description: image + type: string + +outputs: + cmd_extra_args: + description: Extra command line arguments for running the service in the container. + value: "--log-dir= --log-file=" + config_settings: + description: Extra hieradata needed to log to stdout. + value: + barbican::wsgi::apache::access_log_file: /var/log/httpd/access.log + barbican::wsgi::apache::error_log_file: /var/log/httpd/error_log + docker_config: + description: Extra containers needed for logging to stdout or a sidecar container. + value: + step_2: + barbican_api_apache_error_logs: + start_order: 1 + image: {get_param: DockerBarbicanApiImage} + user: root + privileged: false + restart: always + healthcheck: + test: '[ -p /var/log/httpd/error_log ]' + command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd && rm -f /var/log/httpd/error_log && mkfifo /var/log/httpd/error_log && while true; do cat /var/log/httpd/error_log; done'] + volumes: + - BarbicanApiLogs:/var/log/ + barbican_api_apache_access_logs: + start_order: 1 + image: {get_param: DockerBarbicanApiImage} + user: root + privileged: false + restart: always + healthcheck: + test: '[ -p /var/log/httpd/access.log ]' + command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd && rm -f /var/log/httpd/access.log && mkfifo /var/log/httpd/access.log && while true; do cat /var/log/httpd/access.log; done'] + volumes: + - BarbicanApiLogs:/var/log/ + barbican_api_logs: + start_order: 2 + image: {get_param: DockerBarbicanApiImage} + user: barbican + privileged: false + restart: always + healthcheck: + test: '[ -p /var/log/barbican/main.log ]' + command: ['/bin/bash', '-c', 'mkdir -p /var/log/barbican && rm -f /var/log/barbican/main.log && mkfifo /var/log/barbican/main.log && while true; do cat /var/log/barbican/main.log; done'] + volumes: + - BarbicanApiLogs:/var/log/ + volumes: + description: The volumes needed to log to stdout or a sidecar container. + value: + - BarbicanApiLogs:/var/log/ + host_prep_tasks: + description: Extra ansible tasks needed for logging to files in the host. + value: null + diff --git a/environments/stdout-logging.yaml b/environments/stdout-logging.yaml index ae1f047806..732c69b246 100644 --- a/environments/stdout-logging.yaml +++ b/environments/stdout-logging.yaml @@ -1,5 +1,6 @@ resource_registry: + OS::TripleO::Services::Logging::BarbicanApi: ../docker/services/logging/stdout/barbican-api.yaml OS::TripleO::Services::Logging::GlanceApi: ../docker/services/logging/stdout/glance-api.yaml OS::TripleO::Services::Logging::HeatApi: ../docker/services/logging/stdout/heat-api.yaml OS::TripleO::Services::Logging::HeatApiCfn: ../docker/services/logging/stdout/heat-api-cfn.yaml diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 73462e6b0b..2789518788 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -303,6 +303,7 @@ resource_registry: OS::TripleO::Services::SkydiveAnalyzer: OS::Heat::None # Logging + OS::TripleO::Services::Logging::BarbicanApi: docker/services/logging/files/barbican-api.yaml OS::TripleO::Services::Logging::GlanceApi: docker/services/logging/files/glance-api.yaml OS::TripleO::Services::Logging::HeatApi: docker/services/logging/files/heat-api.yaml OS::TripleO::Services::Logging::HeatApiCfn: docker/services/logging/files/heat-api-cfn.yaml