Use Octavia's own default user_log_format value

The HAProxy tenant flow logs are showing "[ssl_c_s_dn]" instead of
the client certificate DN string because of a bug in the default
value in THT. By using Octavia's own default we avoid this.

Change-Id: Ice012188654cfef7ebdb95630015b656d6fa0032
This commit is contained in:
Tom Weininger 2022-04-21 16:59:02 +02:00
parent 10707e9768
commit 7acb4f490a
2 changed files with 13 additions and 2 deletions

View File

@ -194,7 +194,7 @@ parameters:
- range: { min: 0, max: 7 }
description: Facility must be between 0 and 7.
OctaviaUserLogFormat:
default: "{{ '{{' }} project_id {{ '}}' }} {{ '{{' }} lb_id {{ '}}' }} %f %ci %cp %t %{+Q}r %ST %B %U %[ssl_c_verify] %{+Q}[ssl_c_s_dn] %b %s %Tt %tsc"
default: ""
description: The tenant traffic flow log format string.
type: string
OctaviaDisableLocalLogStorage:
@ -220,6 +220,8 @@ conditions:
not: {equals: [{get_param: OctaviaClientCert}, '']}
octavia_topology_set:
not: {equals : [{get_param: OctaviaLoadBalancerTopology}, '']}
octavia_user_log_format_set:
not: {equals : [{get_param: OctaviaUserLogFormat}, '']}
outputs:
role_data:
@ -291,7 +293,10 @@ outputs:
octavia::controller::forward_all_logs: {get_param: OctaviaForwardAllLogs}
octavia::controller::tenant_log_targets: {get_param: OctaviaTenantLogTargets}
octavia::controller::user_log_facility: {get_param: OctaviaTenantLogFacility}
octavia::controller::user_log_format: {get_param: OctaviaUserLogFormat}
octavia::controller::user_log_format:
if:
- octavia_user_log_format_set
- {get_param: OctaviaUserLogFormat}
octavia::controller::disable_local_log_storage: {get_param: OctaviaDisableLocalLogStorage}
octavia::networking::port_detach_timeout: {get_param: OctaviaPortDetachTimeout}
octavia::nova::enable_anti_affinity: {get_param: OctaviaAntiAffinity}

View File

@ -0,0 +1,6 @@
---
fixes:
- |
Avoid Octavia HAProxy logs showing "[ssl_c_s_dn]" instead of the
client certificate DN string. TripleO uses Octavia's own default
user_log_format setting now if possible.