diff --git a/common/deploy-steps-tasks.yaml b/common/deploy-steps-tasks.yaml index 668ac78a09..4a6d8d0b5d 100644 --- a/common/deploy-steps-tasks.yaml +++ b/common/deploy-steps-tasks.yaml @@ -8,6 +8,14 @@ when: step == "1" become: true block: + - name: Create and ensure setype for /var/log/containers directory + file: + path: /var/log/containers + state: directory + setype: var_log_t + selevel: s0 + tags: + - host_config - name: Create /var/lib/tripleo-config directory file: path=/var/lib/tripleo-config state=directory setype=svirt_sandbox_file_t selevel=s0 recurse=true diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml index 5f08d39c7b..bd6dfd441d 100644 --- a/docker/services/haproxy.yaml +++ b/docker/services/haproxy.yaml @@ -40,6 +40,10 @@ parameters: default: /dev/log description: Syslog address where HAproxy will send its log type: string + HAProxySyslogFacility: + default: local0 + description: Syslog facility HAProxy will use for its logs + type: string SSLCertificate: default: '' description: > @@ -110,6 +114,8 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + HAProxySyslogAddress: {get_param: HAProxySyslogAddress} + HAProxySyslogFacility: {get_param: HAProxySyslogFacility} HAProxyLogging: type: OS::TripleO::Services::Logging::HAProxy @@ -248,13 +254,33 @@ outputs: environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: + - name: Check if rsyslog exists + shell: systemctl is-active rsyslog + register: rsyslog_config + - when: rsyslog_config.rc == 0 + block: + - name: Forward logging to haproxy.log file + blockinfile: + content: | + if $syslogfacility-text == '{{facility}}' and $programname == 'haproxy' then -/var/log/containers/haproxy/haproxy.log + & stop + create: yes + path: /etc/rsyslog.d/openstack-haproxy.conf + vars: + facility: {get_param: HAProxySyslogFacility} + register: logconfig + - name: restart rsyslog service after logging conf change + service: + name: rsyslog + state: restarted + when: logconfig is changed - name: create persistent directories file: path: "{{ item.path }}" state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/haproxy, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/haproxy, 'setype': var_log_t } - { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/haproxy, 'setype': svirt_sandbox_file_t } - name: haproxy logs readme diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml index 1981a531c3..eb94fa6e00 100644 --- a/docker/services/pacemaker/haproxy.yaml +++ b/docker/services/pacemaker/haproxy.yaml @@ -67,6 +67,14 @@ parameters: HAProxyInternalTLSKeysDirectory: default: '/etc/pki/tls/private/haproxy' type: string + HAProxySyslogAddress: + default: /dev/log + description: Syslog address where HAproxy will send its log + type: string + HAProxySyslogFacility: + default: local0 + description: Syslog facility HAProxy will use for its logs + type: string ConfigDebug: default: false description: Whether to run config management (e.g. Puppet) in debug mode. @@ -109,6 +117,8 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + HAProxySyslogAddress: {get_param: HAProxySyslogAddress} + HAProxySyslogFacility: {get_param: HAProxySyslogFacility} outputs: role_data: @@ -279,12 +289,41 @@ outputs: - - 'TRIPLEO_DEPLOY_IDENTIFIER=' - {get_param: DeployIdentifier} host_prep_tasks: + - name: Check if rsyslog exists + shell: systemctl is-active rsyslog + register: rsyslog_config + - when: rsyslog_config.rc == 0 + block: + - name: Forward logging to haproxy.log file + blockinfile: + content: | + if $syslogfacility-text == '{{facility}}' and $programname == 'haproxy' then -/var/log/containers/haproxy/haproxy.log + & stop + create: yes + path: /etc/rsyslog.d/openstack-haproxy.conf + vars: + facility: {get_param: HAProxySyslogFacility} + register: logconfig + - name: restart rsyslog service after logging conf change + service: + name: rsyslog + state: restarted + when: logconfig is changed - name: create persistent directories file: - path: "{{ item }}" + path: "{{ item.path }}" state: directory + setype: "{{ item.setype }}" with_items: - - /var/lib/haproxy + - { 'path': /var/log/containers/haproxy, 'setype': var_log_t } + - { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t } + - name: haproxy logs readme + copy: + dest: /var/log/haproxy/readme.txt + content: | + Log files from the haproxy containers can be found under + /var/log/containers/haproxy. + ignore_errors: true metadata_settings: get_attr: [HAProxyBase, role_data, metadata_settings] update_tasks: diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 04a06c9c5a..578416afd6 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -46,6 +46,10 @@ parameters: default: /dev/log description: Syslog address where HAproxy will send its log type: string + HAProxySyslogFacility: + default: local0 + description: Syslog facility HAProxy will use for its logs + type: string HAProxyStatsEnabled: default: true description: Whether or not to enable the HAProxy stats interface. @@ -129,6 +133,7 @@ outputs: '107 haproxy stats': dport: 1993 tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress} + tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility} tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser} tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword} tripleo::haproxy::redis_password: {get_param: RedisPassword} diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml index 2fddca9664..9529f9c805 100644 --- a/puppet/services/pacemaker/haproxy.yaml +++ b/puppet/services/pacemaker/haproxy.yaml @@ -30,6 +30,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + HAProxySyslogFacility: + default: local0 + description: Syslog facility HAProxy will use for its logs + type: string + HAProxySyslogAddress: + default: /dev/log + description: Syslog address where HAproxy will send its log + type: string resources: LoadbalancerServiceBase: @@ -53,6 +61,8 @@ outputs: - get_attr: [LoadbalancerServiceBase, role_data, config_settings] - tripleo::haproxy::haproxy_service_manage: false tripleo::haproxy::mysql_clustercheck: true + tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress} + tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility} step_config: | include ::tripleo::profile::pacemaker::haproxy metadata_settings: diff --git a/releasenotes/notes/haproxy-log-2805e3697cbadf49.yaml b/releasenotes/notes/haproxy-log-2805e3697cbadf49.yaml new file mode 100644 index 0000000000..e3cf3515d2 --- /dev/null +++ b/releasenotes/notes/haproxy-log-2805e3697cbadf49.yaml @@ -0,0 +1,4 @@ +--- +features: + - Allow to output HAProxy in a dedicated file + - Adds new HAProxySyslogFacility param