diff --git a/ansible/roles/common/defaults/main.yml b/ansible/roles/common/defaults/main.yml index 81b457cf89..a10e55f466 100644 --- a/ansible/roles/common/defaults/main.yml +++ b/ansible/roles/common/defaults/main.yml @@ -17,3 +17,7 @@ heka_image_full: "{{ heka_image }}:{{ heka_tag }}" cron_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-cron" cron_tag: "{{ openstack_release }}" cron_image_full: "{{ cron_image }}:{{ cron_tag }}" + +fluentd_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-fluentd" +fluentd_tag: "{{ openstack_release }}" +fluentd_image_full: "{{ fluentd_image }}:{{ fluentd_tag }}" diff --git a/docker/fluentd/Dockerfile.j2 b/docker/fluentd/Dockerfile.j2 new file mode 100644 index 0000000000..bc20b8ff38 --- /dev/null +++ b/docker/fluentd/Dockerfile.j2 @@ -0,0 +1,54 @@ +FROM {{ namespace }}/{{ image_prefix }}base:{{ tag }} +MAINTAINER {{ maintainer }} + +{% block fluentd_header %}{% endblock %} + +{% import "macros.j2" as macros with context %} + +{% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %} + +RUN rpm --import https://packages.treasuredata.com/GPG-KEY-td-agent + +COPY td.repo /etc/yum.repos.d/td.repo + + {% set fluentd_packages = [ + 'td-agent', + 'gcc-c++', + 'make' + ] %} + +{% elif base_distro in ['ubuntu', 'debian'] %} + +RUN curl https://packages.treasuredata.com/GPG-KEY-td-agent | apt-key add - \ + && echo "deb http://packages.treasuredata.com/2/ubuntu/xenial/ xenial contrib" > /etc/apt/sources.list.d/treasure-data.list \ + && apt-get update + + {% set fluentd_packages = [ + 'td-agent', + 'make', + 'g++' + ] %} +{% endif %} + +{{ macros.install_packages(fluentd_packages | customizable("packages")) }} + +RUN ulimit -n 65536 \ + && sed -i -e "s/USER=td-agent/USER=root/" -e "s/GROUP=td-agent/GROUP=root/" /etc/init.d/td-agent \ + && td-agent-gem install fluent-plugin-kubernetes_metadata_filter fluent-plugin-elasticsearch fluent-plugin-grep \ + && rm -f /etc/td-agent/td-agent.conf + +COPY fluentd_sudoers /etc/sudoers.d/kolla_fluentd_sudoers +COPY extend_start.sh /usr/local/bin/kolla_extend_start + +RUN usermod -a -G kolla td-agent \ + && chmod 440 /etc/sudoers.d/kolla_fluentd_sudoers \ + && chmod 755 /usr/local/bin/kolla_extend_start \ + && chown -R td-agent: /etc/td-agent \ + && mkdir /var/lib/td-agent \ + && chown -R td-agent: /var/lib/td-agent + +{% block fluentd_footer %}{% endblock %} +{% block footer %}{% endblock %} +{{ include_footer }} + +USER td-agent diff --git a/docker/fluentd/extend_start.sh b/docker/fluentd/extend_start.sh new file mode 100644 index 0000000000..bcdbed09df --- /dev/null +++ b/docker/fluentd/extend_start.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +# Give processes executed with the "kolla" group the permission to create files +# and sub-directories in the /var/log/kolla directory. +# +# Also set the setgid permission on the /var/log/kolla directory so that new +# files and sub-directories in that directory inherit its group id ("kolla"). +if [[ $(stat -c %U:%G /var/log/kolla) != "td-agent:kolla" ]]; then + sudo chown td-agent:kolla /var/log/kolla +fi +if [[ $(stat -c %a /var/log/kolla) != "2775" ]]; then + sudo chmod 2775 /var/log/kolla +fi +if [[ $(stat -c %U:%G /var/lib/td-agent) != "td-agent:kolla" ]]; then + sudo chown td-agent:kolla /var/lib/td-agent +fi diff --git a/docker/fluentd/fluentd_sudoers b/docker/fluentd/fluentd_sudoers new file mode 100644 index 0000000000..0111a26c48 --- /dev/null +++ b/docker/fluentd/fluentd_sudoers @@ -0,0 +1,4 @@ +%kolla ALL=(root) NOPASSWD: /bin/chown td-agent\:kolla /var/log/kolla, /usr/bin/chown td-agent\:kolla /var/log/kolla +%kolla ALL=(root) NOPASSWD: /bin/chown td-agent\:kolla /var/lib/td-agent, /usr/bin/chown td-agent\:kolla /var/lib/td-agent +%kolla ALL=(root) NOPASSWD: /bin/chmod 2775 /var/log/kolla, /usr/bin/chmod 2775 /var/log/kolla +%kolla ALL=(root) NOPASSWD: /bin/chmod 2775 /var/lib/td-agent, /usr/bin/chmod 2775 /var/lib/td-agent diff --git a/docker/fluentd/td.repo b/docker/fluentd/td.repo new file mode 100644 index 0000000000..abecf7e2c2 --- /dev/null +++ b/docker/fluentd/td.repo @@ -0,0 +1,5 @@ +[treasuredata] +name=TreasureData +baseurl=http://packages.treasuredata.com/2/redhat/\$releasever/\$basearch +gpgcheck=1 +gpgkey=https://packages.treasuredata.com/GPG-KEY-td-agent