From 7acb4f490abd1ad58cf6850d6c301322f96cf31a Mon Sep 17 00:00:00 2001
From: Tom Weininger <tweining@redhat.com>
Date: Thu, 21 Apr 2022 16:59:02 +0200
Subject: [PATCH] Use Octavia's own default user_log_format value

The HAProxy tenant flow logs are showing "[ssl_c_s_dn]" instead of
the client certificate DN string because of a bug in the default
value in THT. By using Octavia's own default we avoid this.

Change-Id: Ice012188654cfef7ebdb95630015b656d6fa0032
---
 deployment/octavia/octavia-base.yaml                     | 9 +++++++--
 ...ias-own-user-log-format-default-3e9bb40c678388fc.yaml | 6 ++++++
 2 files changed, 13 insertions(+), 2 deletions(-)
 create mode 100644 releasenotes/notes/use-octavias-own-user-log-format-default-3e9bb40c678388fc.yaml

diff --git a/deployment/octavia/octavia-base.yaml b/deployment/octavia/octavia-base.yaml
index 1297992b6c..c339ceebd8 100644
--- a/deployment/octavia/octavia-base.yaml
+++ b/deployment/octavia/octavia-base.yaml
@@ -194,7 +194,7 @@ parameters:
       - range: { min: 0, max: 7 }
         description: Facility must be between 0 and 7.
   OctaviaUserLogFormat:
-    default: "{{ '{{' }} project_id {{ '}}' }} {{ '{{' }} lb_id {{ '}}' }} %f %ci %cp %t %{+Q}r %ST %B %U %[ssl_c_verify] %{+Q}[ssl_c_s_dn] %b %s %Tt %tsc"
+    default: ""
     description: The tenant traffic flow log format string.
     type: string
   OctaviaDisableLocalLogStorage:
@@ -220,6 +220,8 @@ conditions:
     not: {equals: [{get_param: OctaviaClientCert}, '']}
   octavia_topology_set:
     not: {equals : [{get_param: OctaviaLoadBalancerTopology}, '']}
+  octavia_user_log_format_set:
+    not: {equals : [{get_param: OctaviaUserLogFormat}, '']}
 
 outputs:
   role_data:
@@ -291,7 +293,10 @@ outputs:
         octavia::controller::forward_all_logs: {get_param: OctaviaForwardAllLogs}
         octavia::controller::tenant_log_targets: {get_param: OctaviaTenantLogTargets}
         octavia::controller::user_log_facility: {get_param: OctaviaTenantLogFacility}
-        octavia::controller::user_log_format: {get_param: OctaviaUserLogFormat}
+        octavia::controller::user_log_format:
+          if:
+            - octavia_user_log_format_set
+            - {get_param: OctaviaUserLogFormat}
         octavia::controller::disable_local_log_storage: {get_param: OctaviaDisableLocalLogStorage}
         octavia::networking::port_detach_timeout: {get_param: OctaviaPortDetachTimeout}
         octavia::nova::enable_anti_affinity: {get_param: OctaviaAntiAffinity}
diff --git a/releasenotes/notes/use-octavias-own-user-log-format-default-3e9bb40c678388fc.yaml b/releasenotes/notes/use-octavias-own-user-log-format-default-3e9bb40c678388fc.yaml
new file mode 100644
index 0000000000..55382126fe
--- /dev/null
+++ b/releasenotes/notes/use-octavias-own-user-log-format-default-3e9bb40c678388fc.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Avoid Octavia HAProxy logs showing "[ssl_c_s_dn]" instead of the
+    client certificate DN string. TripleO uses Octavia's own default
+    user_log_format setting now if possible.