tripleo-heat-templates/deployment/logging/rsyslog-container-puppet.yaml
Takashi Kajinami a1b967fafe Add support for additional log sources for rsyslog
This change introduces the new RsyslogExtraLoggingSources parameter
which allows users to transfer additional log files using rsyslog.

Change-Id: Ic6339945690339b6fb50dbfbb21026195d6a5421
2022-02-23 18:17:40 +09:00

333 lines
12 KiB
YAML

heat_template_version: wallaby
description: >
Containerized rsyslogd service for purposes of centralized log collection
of OpenStack services' logs.
parameters:
ContainerRsyslogImage:
description: The container image to use for container
type: string
tags:
- role_specific
ContainerRsyslogConfigImage:
description: The container image to use for the rsyslog config_volume
type: string
tags:
- role_specific
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. Use
parameter_merge_strategies to merge it with the defaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
RsyslogReopenOnTruncate:
default: false
description: Rsyslog imfile reopenOnTruncate parameter
type: boolean
RsyslogElasticsearchSetting:
default: {}
description: Configuration for rsyslog-elasticsearch plugin
type: json
RsyslogElasticsearchTlsCACert:
default: ''
description: Contains content of the CA cert for the CA that issued Elasticsearch server cert.
type: string
RsyslogElasticsearchTlsClientCert:
default: ''
description: Contains content of the client cert for doing client cert auth against Elasticsearch.
type: string
RsyslogElasticsearchTlsClientKey:
default: ''
description: Contains content of the private key corresponding to the cert RsyslogElasticsearchTlsClientCert.
type: string
RsyslogExtraLoggingSource:
type: json
default: []
description: Additional source log file(s) loaded by the rsyslog service
tags:
- role_specific
CloudName:
default: overcloud.localdomain
description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
type: string
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
RsyslogAmqp1Setting:
default: {}
description: Configuration for rsyslog-omamqp1 plugin
type: json
RsyslogAmqp1Local:
default: true
description: Set to false to disable prefilling host connection value to local QDR in RsyslogAmqp1Setting.
type: boolean
MetricsQdrPort:
default: 5666
description: Service name or port number on which the qdrouterd will accept
connections.
type: number
resources:
ContainersCommon:
type: ../containers-common.yaml
# Merging role-specific parameters (RoleParameters) with the default parameters.
# RoleParameters will have the precedence over the default parameters.
RoleParametersValue:
type: OS::Heat::Value
properties:
type: json
value:
map_replace:
- map_replace:
- ContainerRsyslogImage: ContainerRsyslogImage
ContainerRsyslogConfigImage: ContainerRsyslogConfigImage
extra_logging_sources: RsyslogExtraLoggingSources
- values: {get_param: [RoleParameters]}
- values:
ContainerRsyslogImage: {get_param: ContainerRsyslogImage}
ContainerRsyslogConfigImage: {get_param: ContainerRsyslogConfigImage}
RsyslogExtraLoggingSource: {get_param: RsyslogExtraLoggingSource}
conditions:
use_tls:
not:
and:
- equals: [{get_param: RsyslogElasticsearchSetting}, {}]
- equals: [{get_param: RsyslogElasticsearchTlsCACert}, '']
- equals: [{get_param: RsyslogElasticsearchTlsClientCert}, '']
- equals: [{get_param: RsyslogElasticsearchTlsClientKey}, '']
use_elasticsearch:
not:
equals: [{get_param: RsyslogElasticsearchSetting}, {}]
use_amqp1:
not:
equals: [{get_param: RsyslogAmqp1Setting}, {}]
outputs:
role_data:
description: Role data for the rsyslog role.
value:
service_name: rsyslog
config_settings:
map_merge:
# puppet-rsyslog does not have params.pp with deault values for parameters
# so we need to add those here or include module's data/common.yaml in hiera
- rsyslog::confdir: /etc/rsyslog.d
rsyslog::package_name: rsyslog
rsyslog::package_version: installed
rsyslog::manage_package: true
rsyslog::manage_confdir: true
rsyslog::purge_config_files: true
rsyslog::override_default_config: true
rsyslog::config_file: /etc/rsyslog.conf
rsyslog::manage_service: true
rsyslog::service_name: rsyslog
rsyslog::service_status: running
rsyslog::service_enabled: true
rsyslog::external_service: false
rsyslog::use_upstream_repo: false
rsyslog::feature_packages:
- rsyslog-elasticsearch
- rsyslog-mmnormalize
rsyslog::global_config_priority: 10
rsyslog::module_load_priority: 20
rsyslog::input_priority: 30
rsyslog::main_queue_priority: 40
rsyslog::parser_priority: 45
rsyslog::template_priority: 50
rsyslog::filter_priority: 55
rsyslog::action_priority: 60
rsyslog::ruleset_priority: 65
rsyslog::lookup_table_priority: 70
rsyslog::legacy_config_priority: 80
rsyslog::custom_priority: 90
rsyslog::target_file: 50_openstack_logs.conf
rsyslog::server::modules:
imfile: {}
omelasticsearch: {}
omamqp1: {}
# output setting
rsyslog::server::templates:
rsyslog-node-index:
type: list
list_descriptions:
- constant:
value: "%{hiera('fqdn_canonical')}-"
- property:
name: timereported
dateFormat: year
- constant:
value: '.'
- property:
name: timereported
dateFormat: month
- constant:
value: '.'
- property:
name: timereported
dateFormat: day
rsyslog-record:
type: list
options:
jsonf: 'on'
list_descriptions:
- property:
outname: '@timestamp'
name: timereported
dateFormat: 'rfc3339'
format: jsonf
- property:
outname: host
name: hostname
format: jsonf
- property:
outname: severity
name: syslogseverity
format: jsonf
- property:
outname: facility
name: syslogfacility-text
format: jsonf
- property:
outname: tag
name: syslogtag
format: jsonf
- property:
outname: source
name: app-name
format: jsonf
- property:
outname: message
name: msg
format: jsonf
- property:
outname: file
name: '$!metadata!filename'
format: jsonf
- constant:
outname: cloud
value: {get_param: CloudName}
format: jsonf
- constant:
outname: region
value: {get_param: KeystoneRegion}
format: jsonf
- if:
- use_elasticsearch
- tripleo::profile::base::logging::rsyslog::elasticsearch:
map_merge:
- {get_param: RsyslogElasticsearchSetting}
- template: rsyslog-record
searchIndex: rsyslog-node-index
dynSearchIndex: "on"
errorfile: '/var/log/rsyslog/omelasticsearch.log'
- {}
- if:
- {get_param: RsyslogReopenOnTruncate}
- tripleo::profile::base::logging::rsyslog::reopen_on_truncate: "on"
- {}
- if:
- use_amqp1
- tripleo::profile::base::logging::rsyslog::amqp1:
map_merge:
- {get_param: RsyslogAmqp1Setting}
- template: rsyslog-record
- if:
- {get_param: RsyslogAmqp1Local}
- host:
str_replace:
template:
"%{hiera('$NETWORK')}:$PORT"
params:
$PORT:
get_param: MetricsQdrPort
$NETWORK:
get_param:
- ServiceNetMap
- str_replace:
template: "ROLENAMEMetricsQdrNetwork"
params:
ROLENAME: {get_param: RoleName}
- {}
- if:
- use_tls
- tripleo::profile::base::logging::rsyslog::elasticsearch_tls_ca_cert: {get_param: RsyslogElasticsearchTlsCACert}
tripleo::profile::base::logging::rsyslog::elasticsearch_tls_client_cert: {get_param: RsyslogElasticsearchTlsClientCert}
tripleo::profile::base::logging::rsyslog::elasticsearch_tls_client_key: {get_param: RsyslogElasticsearchTlsClientKey}
service_config_settings:
tripleo_logging_sources_rsyslog: {get_attr: [RoleParametersValue, value, extra_logging_sources]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: rsyslog
puppet_tags: 'rsyslog::generate_concat,concat::fragment'
step_config: include tripleo::profile::base::logging::rsyslog
config_image: {get_attr: [RoleParametersValue, value, ContainerRsyslogConfigImage]}
kolla_config:
/var/lib/kolla/config_files/rsyslog.json:
command: /usr/sbin/rsyslogd -n
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/lib/rsyslog
owner: root:root
recurse: true
- path: /var/log/rsyslog
owner: root:root
recurse: true
docker_config:
step_3:
rsyslog:
image: {get_attr: [RoleParametersValue, value, ContainerRsyslogImage]}
net: host
privileged: true
user: root
restart: always
security_opt:
- label=disable
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- - /var/lib/kolla/config_files/rsyslog.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/rsyslog:/var/lib/kolla/config_files/src:ro
- /var/log/containers:/var/log/containers:ro
- /var/log/containers/rsyslog:/var/log/rsyslog:rw,z
- /var/log:/var/log/host:ro
- /var/lib/rsyslog.container:/var/lib/rsyslog:rw,z
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
host_prep_tasks:
- name: create persistent logs directory for rsyslog
file:
path: /var/log/containers/rsyslog
state: directory
setype: container_file_t
mode: '0750'
- name: create persistent state directory for rsyslog
file:
path: /var/lib/rsyslog.container
state: directory
setype: container_file_t