Use Octavia's own default user_log_format value
The HAProxy tenant flow logs are showing "[ssl_c_s_dn]" instead of the client certificate DN string because of a bug in the default value in THT. By using Octavia's own default we avoid this. Change-Id: Ice012188654cfef7ebdb95630015b656d6fa0032
This commit is contained in:
parent
10707e9768
commit
7acb4f490a
@ -194,7 +194,7 @@ parameters:
|
||||
- range: { min: 0, max: 7 }
|
||||
description: Facility must be between 0 and 7.
|
||||
OctaviaUserLogFormat:
|
||||
default: "{{ '{{' }} project_id {{ '}}' }} {{ '{{' }} lb_id {{ '}}' }} %f %ci %cp %t %{+Q}r %ST %B %U %[ssl_c_verify] %{+Q}[ssl_c_s_dn] %b %s %Tt %tsc"
|
||||
default: ""
|
||||
description: The tenant traffic flow log format string.
|
||||
type: string
|
||||
OctaviaDisableLocalLogStorage:
|
||||
@ -220,6 +220,8 @@ conditions:
|
||||
not: {equals: [{get_param: OctaviaClientCert}, '']}
|
||||
octavia_topology_set:
|
||||
not: {equals : [{get_param: OctaviaLoadBalancerTopology}, '']}
|
||||
octavia_user_log_format_set:
|
||||
not: {equals : [{get_param: OctaviaUserLogFormat}, '']}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
@ -291,7 +293,10 @@ outputs:
|
||||
octavia::controller::forward_all_logs: {get_param: OctaviaForwardAllLogs}
|
||||
octavia::controller::tenant_log_targets: {get_param: OctaviaTenantLogTargets}
|
||||
octavia::controller::user_log_facility: {get_param: OctaviaTenantLogFacility}
|
||||
octavia::controller::user_log_format: {get_param: OctaviaUserLogFormat}
|
||||
octavia::controller::user_log_format:
|
||||
if:
|
||||
- octavia_user_log_format_set
|
||||
- {get_param: OctaviaUserLogFormat}
|
||||
octavia::controller::disable_local_log_storage: {get_param: OctaviaDisableLocalLogStorage}
|
||||
octavia::networking::port_detach_timeout: {get_param: OctaviaPortDetachTimeout}
|
||||
octavia::nova::enable_anti_affinity: {get_param: OctaviaAntiAffinity}
|
||||
|
@ -0,0 +1,6 @@
|
||||
---
|
||||
fixes:
|
||||
- |
|
||||
Avoid Octavia HAProxy logs showing "[ssl_c_s_dn]" instead of the
|
||||
client certificate DN string. TripleO uses Octavia's own default
|
||||
user_log_format setting now if possible.
|
Loading…
Reference in New Issue
Block a user