From 32d5e0cd77ce8435f24ff8412bb8e55869bacea2 Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Mon, 13 Nov 2017 13:44:55 +0000 Subject: [PATCH] Add option for HAProxy (non-HA) container to log to stdout/stderr This adds the option to get the HAProxy container to log to stdout. The option is disabled by default. If enabled, It also adds a sidecar container that reads from syslog and outputs what it gets to stdout. bp logging-stdout-rsyslog Change-Id: Ica819713aa50352ba04a748c463534d982e00538 --- docker/services/haproxy.yaml | 139 +++++++++++--------- docker/services/logging/files/haproxy.yaml | 23 ++++ docker/services/logging/stdout/haproxy.yaml | 37 ++++++ environments/stdout-logging.yaml | 1 + overcloud-resource-registry-puppet.j2.yaml | 1 + 5 files changed, 136 insertions(+), 65 deletions(-) create mode 100644 docker/services/logging/files/haproxy.yaml create mode 100644 docker/services/logging/stdout/haproxy.yaml diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml index 98f93369a6..662cdb81ab 100644 --- a/docker/services/haproxy.yaml +++ b/docker/services/haproxy.yaml @@ -107,6 +107,9 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + HAProxyLogging: + type: OS::TripleO::Services::Logging::HAProxy + outputs: role_data: description: Role data for the HAproxy role. @@ -115,6 +118,7 @@ outputs: config_settings: map_merge: - get_attr: [HAProxyBase, role_data, config_settings] + - get_attr: [HAProxyLogging, config_settings] - tripleo::haproxy::haproxy_service_manage: false # NOTE(jaosorior): We disable the CRL since we have no way to restart haproxy # when this is updated @@ -169,71 +173,76 @@ outputs: optional: true docker_config: step_1: - haproxy_firewall: - detach: false - image: {get_param: DockerHAProxyImage} - net: host - user: root - privileged: true - command: - - '/bin/bash' - - '-c' - - str_replace: - template: - list_join: - - '; ' - - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 1}' > /etc/puppet/hieradata/docker.json" - - "FACTER_uuid=docker puppet apply --tags TAGS -v -e 'CONFIG'" - params: - TAGS: 'tripleo::firewall::rule' - CONFIG: - get_attr: [HAProxyBase, role_data, step_config] - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro - # puppet saves iptables rules in /etc/sysconfig - - /etc/sysconfig:/etc/sysconfig:rw - # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount - # the necessary bit and prevent systemd to try to reload the service in the container - - /usr/libexec/iptables:/usr/libexec/iptables:ro - - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro - - /etc/puppet:/tmp/puppet-etc:ro - - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - haproxy: - image: {get_param: DockerHAProxyImage} - net: host - restart: always - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro - - if: - - public_tls_enabled - - - list_join: - - ':' - - - {get_param: DeployedSSLCertificatePath} - - {get_param: DeployedSSLCertificatePath} - - 'ro' - - null - - - if: - - internal_tls_enabled - - - /etc/pki/tls/certs/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/haproxy:ro - - /etc/pki/tls/private/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/haproxy:ro - - list_join: - - ':' - - - {get_param: InternalTLSCAFile} - - {get_param: InternalTLSCAFile} - - 'ro' + map_merge: + - get_attr: [HAProxyLogging, docker_config, step_1] + - haproxy_firewall: + start_order: 0 + detach: false + image: {get_param: DockerHAProxyImage} + net: host + user: root + privileged: true + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 1}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags TAGS -v -e 'CONFIG'" + params: + TAGS: 'tripleo::firewall::rule' + CONFIG: + get_attr: [HAProxyBase, role_data, step_config] + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro + # puppet saves iptables rules in /etc/sysconfig + - /etc/sysconfig:/etc/sysconfig:rw + # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount + # the necessary bit and prevent systemd to try to reload the service in the container + - /usr/libexec/iptables:/usr/libexec/iptables:ro + - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + haproxy: + start_order: 1 + image: {get_param: DockerHAProxyImage} + net: host + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - {get_attr: [HAProxyLogging, volumes]} + - + - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro + - if: + - public_tls_enabled + - - list_join: + - ':' + - - {get_param: DeployedSSLCertificatePath} + - {get_param: DeployedSSLCertificatePath} + - 'ro' - null - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - + if: + - internal_tls_enabled + - - /etc/pki/tls/certs/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/haproxy:ro + - /etc/pki/tls/private/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/haproxy:ro + - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - null + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS metadata_settings: get_attr: [HAProxyBase, role_data, metadata_settings] diff --git a/docker/services/logging/files/haproxy.yaml b/docker/services/logging/files/haproxy.yaml new file mode 100644 index 0000000000..44e876fd02 --- /dev/null +++ b/docker/services/logging/files/haproxy.yaml @@ -0,0 +1,23 @@ +heat_template_version: pike + +description: > + OpenStack containerized HAProxy API service + +outputs: + config_settings: + description: Extra hieradata needed to log to files in the host. + value: null + volumes: + description: The volumes needed to log to files in the host. + # NOTE(jaosorior): Currently all containers mount /dev/log. Once we + # have a more complete proportion of containers using the pluggable + # interface. we'll remove that and mount it explicitly here. + # - /dev/log:/dev/log + value: null + docker_config: + description: Extra containers needed for logging to files in the host. + value: + step_1: {} + host_prep_tasks: + description: Extra ansible tasks needed for logging to files in the host. + value: null diff --git a/docker/services/logging/stdout/haproxy.yaml b/docker/services/logging/stdout/haproxy.yaml new file mode 100644 index 0000000000..8c8ef0f0d7 --- /dev/null +++ b/docker/services/logging/stdout/haproxy.yaml @@ -0,0 +1,37 @@ +heat_template_version: pike + +description: > + OpenStack containerized HAProxy API service + +parameters: + DockerRsyslogSidecarImage: + description: image + type: string + +outputs: + config_settings: + description: Extra hieradata needed to log to stdout. + value: + tripleo::haproxy::haproxy_log_address: '/sockets/log' + docker_config: + description: Extra containers needed for logging to stdout or a sidecar container. + value: + step_1: + haproxy_logs: + start_order: 0 + image: {get_param: DockerRsyslogSidecarImage} + user: root + restart: always + volumes: + - /var/lib/kolla/config_files/rsyslog_sidecar.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/rsyslog_sidecar/:/var/lib/kolla/config_files/src:ro + - HAProxyLogs:/sockets/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + volumes: + description: The volumes needed to log to stdout or a sidecar container. + value: + - HAProxyLogs:/sockets/ + host_prep_tasks: + description: Extra ansible tasks needed for logging to files in the host. + value: null diff --git a/environments/stdout-logging.yaml b/environments/stdout-logging.yaml index ea646ea159..e01abb129a 100644 --- a/environments/stdout-logging.yaml +++ b/environments/stdout-logging.yaml @@ -2,6 +2,7 @@ resource_registry: OS::TripleO::Services::RsyslogSidecar: ../docker/services/rsyslog-sidecar.yaml OS::TripleO::Services::Logging::GlanceApi: ../docker/services/logging/stdout/glance-api.yaml + OS::TripleO::Services::Logging::HAProxy: ../docker/services/logging/stdout/haproxy.yaml OS::TripleO::Services::Logging::HeatApi: ../docker/services/logging/stdout/heat-api.yaml OS::TripleO::Services::Logging::HeatApiCfn: ../docker/services/logging/stdout/heat-api-cfn.yaml OS::TripleO::Services::Logging::HeatEngine: ../docker/services/logging/stdout/heat-engine.yaml diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 0d503a24d4..f82734a4b6 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -305,6 +305,7 @@ resource_registry: # Logging OS::TripleO::Services::Logging::GlanceApi: docker/services/logging/files/glance-api.yaml + OS::TripleO::Services::Logging::HAProxy: docker/services/logging/files/haproxy.yaml OS::TripleO::Services::Logging::HeatApi: docker/services/logging/files/heat-api.yaml OS::TripleO::Services::Logging::HeatApiCfn: docker/services/logging/files/heat-api-cfn.yaml OS::TripleO::Services::Logging::HeatEngine: docker/services/logging/files/heat-engine.yaml