Ensure we get dedicated logging file for HAProxy

With the current configuration, HAProxy logs are in the host journal.
This isn't really friendly when you want to debug issues with this service.

This patches ensures HAProxy logs are in a dedicated file, using the syslog
facility set in its configuration.

Closes-Bug: #1814880
Depends-On: I8fee040287940188f6bc6bc35bdbdaf6c234cbfd
Change-Id: Ia615ac07d0c559deb65e307bb6254127e989794d
(cherry picked from commit 0576e26234)
This commit is contained in:
Cédric Jeanneret 2018-11-28 13:56:13 +01:00 committed by Damien Ciabrini
parent 851b1e94ac
commit 31ab969ed9
6 changed files with 95 additions and 3 deletions

View File

@ -8,6 +8,14 @@
when: step == "1" when: step == "1"
become: true become: true
block: block:
- name: Create and ensure setype for /var/log/containers directory
file:
path: /var/log/containers
state: directory
setype: var_log_t
selevel: s0
tags:
- host_config
- name: Create /var/lib/tripleo-config directory - name: Create /var/lib/tripleo-config directory
file: path=/var/lib/tripleo-config state=directory setype=svirt_sandbox_file_t selevel=s0 recurse=true file: path=/var/lib/tripleo-config state=directory setype=svirt_sandbox_file_t selevel=s0 recurse=true

View File

@ -40,6 +40,10 @@ parameters:
default: /dev/log default: /dev/log
description: Syslog address where HAproxy will send its log description: Syslog address where HAproxy will send its log
type: string type: string
HAProxySyslogFacility:
default: local0
description: Syslog facility HAProxy will use for its logs
type: string
SSLCertificate: SSLCertificate:
default: '' default: ''
description: > description: >
@ -110,6 +114,8 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords} DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName} RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters} RoleParameters: {get_param: RoleParameters}
HAProxySyslogAddress: {get_param: HAProxySyslogAddress}
HAProxySyslogFacility: {get_param: HAProxySyslogFacility}
HAProxyLogging: HAProxyLogging:
type: OS::TripleO::Services::Logging::HAProxy type: OS::TripleO::Services::Logging::HAProxy
@ -248,13 +254,33 @@ outputs:
environment: environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks: host_prep_tasks:
- name: Check if rsyslog exists
shell: systemctl is-active rsyslog
register: rsyslog_config
- when: rsyslog_config.rc == 0
block:
- name: Forward logging to haproxy.log file
blockinfile:
content: |
if $syslogfacility-text == '{{facility}}' and $programname == 'haproxy' then -/var/log/containers/haproxy/haproxy.log
& stop
create: yes
path: /etc/rsyslog.d/openstack-haproxy.conf
vars:
facility: {get_param: HAProxySyslogFacility}
register: logconfig
- name: restart rsyslog service after logging conf change
service:
name: rsyslog
state: restarted
when: logconfig is changed
- name: create persistent directories - name: create persistent directories
file: file:
path: "{{ item.path }}" path: "{{ item.path }}"
state: directory state: directory
setype: "{{ item.setype }}" setype: "{{ item.setype }}"
with_items: with_items:
- { 'path': /var/log/containers/haproxy, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/containers/haproxy, 'setype': var_log_t }
- { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t } - { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t }
- { 'path': /var/log/haproxy, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/haproxy, 'setype': svirt_sandbox_file_t }
- name: haproxy logs readme - name: haproxy logs readme

View File

@ -67,6 +67,14 @@ parameters:
HAProxyInternalTLSKeysDirectory: HAProxyInternalTLSKeysDirectory:
default: '/etc/pki/tls/private/haproxy' default: '/etc/pki/tls/private/haproxy'
type: string type: string
HAProxySyslogAddress:
default: /dev/log
description: Syslog address where HAproxy will send its log
type: string
HAProxySyslogFacility:
default: local0
description: Syslog facility HAProxy will use for its logs
type: string
ConfigDebug: ConfigDebug:
default: false default: false
description: Whether to run config management (e.g. Puppet) in debug mode. description: Whether to run config management (e.g. Puppet) in debug mode.
@ -109,6 +117,8 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords} DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName} RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters} RoleParameters: {get_param: RoleParameters}
HAProxySyslogAddress: {get_param: HAProxySyslogAddress}
HAProxySyslogFacility: {get_param: HAProxySyslogFacility}
outputs: outputs:
role_data: role_data:
@ -279,12 +289,41 @@ outputs:
- - 'TRIPLEO_DEPLOY_IDENTIFIER=' - - 'TRIPLEO_DEPLOY_IDENTIFIER='
- {get_param: DeployIdentifier} - {get_param: DeployIdentifier}
host_prep_tasks: host_prep_tasks:
- name: Check if rsyslog exists
shell: systemctl is-active rsyslog
register: rsyslog_config
- when: rsyslog_config.rc == 0
block:
- name: Forward logging to haproxy.log file
blockinfile:
content: |
if $syslogfacility-text == '{{facility}}' and $programname == 'haproxy' then -/var/log/containers/haproxy/haproxy.log
& stop
create: yes
path: /etc/rsyslog.d/openstack-haproxy.conf
vars:
facility: {get_param: HAProxySyslogFacility}
register: logconfig
- name: restart rsyslog service after logging conf change
service:
name: rsyslog
state: restarted
when: logconfig is changed
- name: create persistent directories - name: create persistent directories
file: file:
path: "{{ item }}" path: "{{ item.path }}"
state: directory state: directory
setype: "{{ item.setype }}"
with_items: with_items:
- /var/lib/haproxy - { 'path': /var/log/containers/haproxy, 'setype': var_log_t }
- { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t }
- name: haproxy logs readme
copy:
dest: /var/log/haproxy/readme.txt
content: |
Log files from the haproxy containers can be found under
/var/log/containers/haproxy.
ignore_errors: true
metadata_settings: metadata_settings:
get_attr: [HAProxyBase, role_data, metadata_settings] get_attr: [HAProxyBase, role_data, metadata_settings]
update_tasks: update_tasks:

View File

@ -46,6 +46,10 @@ parameters:
default: /dev/log default: /dev/log
description: Syslog address where HAproxy will send its log description: Syslog address where HAproxy will send its log
type: string type: string
HAProxySyslogFacility:
default: local0
description: Syslog facility HAProxy will use for its logs
type: string
HAProxyStatsEnabled: HAProxyStatsEnabled:
default: true default: true
description: Whether or not to enable the HAProxy stats interface. description: Whether or not to enable the HAProxy stats interface.
@ -129,6 +133,7 @@ outputs:
'107 haproxy stats': '107 haproxy stats':
dport: 1993 dport: 1993
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress} tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility}
tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser} tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword} tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
tripleo::haproxy::redis_password: {get_param: RedisPassword} tripleo::haproxy::redis_password: {get_param: RedisPassword}

View File

@ -30,6 +30,14 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry. via parameter_defaults in the resource registry.
type: json type: json
HAProxySyslogFacility:
default: local0
description: Syslog facility HAProxy will use for its logs
type: string
HAProxySyslogAddress:
default: /dev/log
description: Syslog address where HAproxy will send its log
type: string
resources: resources:
LoadbalancerServiceBase: LoadbalancerServiceBase:
@ -53,6 +61,8 @@ outputs:
- get_attr: [LoadbalancerServiceBase, role_data, config_settings] - get_attr: [LoadbalancerServiceBase, role_data, config_settings]
- tripleo::haproxy::haproxy_service_manage: false - tripleo::haproxy::haproxy_service_manage: false
tripleo::haproxy::mysql_clustercheck: true tripleo::haproxy::mysql_clustercheck: true
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility}
step_config: | step_config: |
include ::tripleo::profile::pacemaker::haproxy include ::tripleo::profile::pacemaker::haproxy
metadata_settings: metadata_settings:

View File

@ -0,0 +1,4 @@
---
features:
- Allow to output HAProxy in a dedicated file
- Adds new HAProxySyslogFacility param