fluentd: Split out to a separate role

Change-Id: Ia4be3c25148be1b6455073b3bf6929bc31fe695c
Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>

ansible/roles/common/defaults/main.yml

@@ -1,14 +1,5 @@
 ---
 common_services:
-  fluentd:
-    container_name: fluentd
-    group: fluentd
-    enabled: "{{ enable_fluentd | bool }}"
-    image: "{{ fluentd_image_full }}"
-    environment:
-      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
-    volumes: "{{ fluentd_default_volumes + fluentd_extra_volumes }}"
-    dimensions: "{{ fluentd_dimensions }}"
   kolla-toolbox:
     container_name: kolla_toolbox
     group: kolla-toolbox
@@ -31,28 +22,6 @@ common_services:
     volumes: "{{ cron_default_volumes + cron_extra_volumes }}"
     dimensions: "{{ cron_dimensions }}"
 
-########################
-# TLS and authentication
-########################
-
-fluentd_elasticsearch_path: ""
-fluentd_elasticsearch_scheme: "{{ internal_protocol }}"
-fluentd_elasticsearch_user: ""
-fluentd_elasticsearch_password: ""
-fluentd_elasticsearch_ssl_version: "TLSv1_2"
-fluentd_elasticsearch_ssl_verify: "true"
-fluentd_elasticsearch_cacert: "{{ openstack_cacert }}"
-fluentd_elasticsearch_request_timeout: "60s"
-
-fluentd_opensearch_path: ""
-fluentd_opensearch_scheme: "{{ internal_protocol }}"
-fluentd_opensearch_user: ""
-fluentd_opensearch_password: ""
-fluentd_opensearch_ssl_version: "TLSv1_2"
-fluentd_opensearch_ssl_verify: "true"
-fluentd_opensearch_cacert: "{{ openstack_cacert }}"
-fluentd_opensearch_request_timeout: "60s"
-
 ####################
 # Docker
 ####################
@@ -60,7 +29,6 @@ common_tag: "{{ openstack_tag }}"
 
 cron_dimensions: "{{ default_container_dimensions }}"
 kolla_toolbox_dimensions: "{{ default_container_dimensions }}"
-fluentd_dimensions: "{{ default_container_dimensions }}"
 
 kolla_toolbox_image: "{{ docker_image_url }}kolla-toolbox"
 kolla_toolbox_tag: "{{ common_tag }}"
@@ -70,31 +38,6 @@ cron_image: "{{ docker_image_url }}cron"
 cron_tag: "{{ common_tag }}"
 cron_image_full: "{{ cron_image }}:{{ cron_tag }}"
 
-fluentd_image: "{{ docker_image_url }}fluentd"
-fluentd_tag: "{{ common_tag }}"
-fluentd_image_full: "{{ fluentd_image }}:{{ fluentd_tag }}"
-
-syslog_haproxy_facility: "local1"
-syslog_glance_tls_proxy_facility: "local2"
-syslog_neutron_tls_proxy_facility: "local4"
-
-syslog_facilities:
-  - name: "haproxy"
-    enabled: "{{ enable_haproxy | bool and inventory_hostname in groups['loadbalancer'] }}"
-    facility: "{{ syslog_haproxy_facility }}"
-    logdir: "haproxy"
-    logfile: "haproxy_latest"
-  - name: "glance_tls_proxy"
-    enabled: "{{ glance_enable_tls_backend | bool and inventory_hostname in groups['glance-api'] }}"
-    facility: "{{ syslog_glance_tls_proxy_facility }}"
-    logdir: "glance-tls-proxy"
-    logfile: "glance-tls-proxy"
-  - name: "neutron_tls_proxy"
-    enabled: "{{ neutron_enable_tls_backend | bool and inventory_hostname in groups['neutron-server'] }}"
-    facility: "{{ syslog_neutron_tls_proxy_facility }}"
-    logdir: "neutron-tls-proxy"
-    logfile: "neutron-tls-proxy"
-
 kolla_toolbox_default_volumes:
   - "{{ node_config_directory }}/kolla-toolbox/:{{ container_config_directory }}/:ro"
   - "/etc/localtime:/etc/localtime:ro"
@@ -107,16 +50,8 @@ cron_default_volumes:
   - "/etc/localtime:/etc/localtime:ro"
   - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
   - "kolla_logs:/var/log/kolla/"
-fluentd_default_volumes:
-  - "{{ node_config_directory }}/fluentd/:{{ container_config_directory }}/:ro"
-  - "/etc/localtime:/etc/localtime:ro"
-  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
-  - "kolla_logs:/var/log/kolla/"
-  - "fluentd_data:/var/lib/fluentd/data/"
-  - "/var/log/journal:/var/log/journal:ro"
 kolla_toolbox_extra_volumes: "{{ default_extra_volumes }}"
 cron_extra_volumes: "{{ default_extra_volumes }}"
-fluentd_extra_volumes: "{{ default_extra_volumes }}"
 
 cron_logrotate_log_maxsize: "100M"
 cron_logrotate_log_minsize: "30M"
@@ -124,81 +59,6 @@ cron_logrotate_rotation_interval: "weekly"
 cron_logrotate_rotation_count: 6
 cron_logrotate_schedule: "daily"
 
-####################
-# Fluentd
-####################
-
-# Enable the additional watch timer
-fluentd_enable_watch_timer: "false"
-
-# Set limits for queue size and chunk size
-# We need to ensure that the bulk_message_request_threshold is set below the
-# default maximum content length for the OpenSearch bulk API (100MB). By
-# default the bulk_message_request_threshold is unlimited, which can lead to
-# large payloads being sent and subsequently rejected by the OpenSearch API.
-fluentd_bulk_message_request_threshold: "20M"
-
-# The fluentd buffer chunk limit size is the maximum size of a single chunk in
-# the buffer. This should be set to a value that is less than the maximum size
-# of the bulk_message_request_threshold.
-fluentd_buffer_chunk_limit_size: "8M"
-
-fluentd_input_openstack_services:
-  - name: aodh
-    enabled: "{{ enable_aodh | bool }}"
-  - name: barbican
-    enabled: "{{ enable_barbican | bool }}"
-  - name: blazar
-    enabled: "{{ enable_blazar | bool }}"
-  - name: ceilometer
-    enabled: "{{ enable_ceilometer | bool }}"
-  - name: cinder
-    enabled: "{{ enable_cinder | bool }}"
-  - name: cloudkitty
-    enabled: "{{ enable_cloudkitty | bool }}"
-  - name: cyborg
-    enabled: "{{ enable_cyborg | bool }}"
-  - name: designate
-    enabled: "{{ enable_designate | bool }}"
-  - name: glance
-    enabled: "{{ enable_glance | bool }}"
-  - name: heat
-    enabled: "{{ enable_heat | bool }}"
-  - name: horizon
-    enabled: "{{ enable_horizon | bool }}"
-  - name: ironic
-    enabled: "{{ enable_ironic | bool }}"
-  - name: ironic-inspector
-    enabled: "{{ enable_ironic | bool }}"
-  - name: keystone
-    enabled: "{{ enable_keystone | bool }}"
-  - name: kuryr
-    enabled: "{{ enable_kuryr | bool }}"
-  - name: magnum
-    enabled: "{{ enable_magnum | bool }}"
-  - name: manila
-    enabled: "{{ enable_manila | bool }}"
-  - name: masakari
-    enabled: "{{ enable_masakari | bool }}"
-  - name: mistral
-    enabled: "{{ enable_mistral | bool }}"
-  - name: neutron
-    enabled: "{{ enable_neutron | bool }}"
-  - name: nova
-    enabled: "{{ enable_nova | bool }}"
-  - name: octavia
-    enabled: "{{ enable_octavia | bool }}"
-  - name: placement
-    enabled: "{{ enable_placement | bool }}"
-  - name: tacker
-    enabled: "{{ enable_tacker | bool }}"
-  - name: trove
-    enabled: "{{ enable_trove | bool }}"
-  - name: watcher
-    enabled: "{{ enable_watcher | bool }}"
-
-fluentd_enabled_input_openstack_services: "{{ fluentd_input_openstack_services | selectattr('enabled', 'equalto', true) | map(attribute='name') | list }}"
-
 ###################
 # Copy certificates
 ###################

ansible/roles/common/handlers/main.yml

@@ -1,18 +1,4 @@
 ---
-- name: Restart fluentd container
-  vars:
-    service_name: "fluentd"
-    service: "{{ common_services[service_name] }}"
-  become: true
-  kolla_container:
-    action: "recreate_or_restart_container"
-    common_options: "{{ docker_common_options }}"
-    name: "{{ service.container_name }}"
-    image: "{{ service.image }}"
-    volumes: "{{ service.volumes }}"
-    environment: "{{ service.environment }}"
-    dimensions: "{{ service.dimensions }}"
-
 - name: Restart kolla-toolbox container
   vars:
     service_name: "kolla-toolbox"

ansible/roles/common/tasks/config.yml

@@ -14,9 +14,6 @@
     - - service_name: "cron"
         paths:
           - "cron"
-      - service_name: "fluentd"
-        paths:
-          - "fluentd"
       - service_name: "kolla-toolbox"
         paths:
           - "kolla-toolbox"
@@ -53,107 +50,6 @@
   become: true
   with_dict: "{{ common_services | select_services_enabled_and_mapped_to_host }}"
 
-- name: Find custom fluentd input config files
-  find:
-    path: "{{ node_custom_config }}/fluentd/input"
-    pattern: "*.conf"
-  run_once: True
-  register: find_custom_fluentd_inputs
-  delegate_to: localhost
-  when: common_services.fluentd.enabled | bool
-
-- name: Find custom fluentd filter config files
-  find:
-    path: "{{ node_custom_config }}/fluentd/filter"
-    pattern: "*.conf"
-  run_once: True
-  register: find_custom_fluentd_filters
-  delegate_to: localhost
-  when: common_services.fluentd.enabled | bool
-
-- name: Find custom fluentd format config files
-  find:
-    path: "{{ node_custom_config }}/fluentd/format"
-    pattern: "*.conf"
-  run_once: True
-  register: find_custom_fluentd_formats
-  delegate_to: localhost
-  when: common_services.fluentd.enabled | bool
-
-- name: Find custom fluentd output config files
-  find:
-    path: "{{ node_custom_config }}/fluentd/output"
-    pattern: "*.conf"
-  run_once: True
-  register: find_custom_fluentd_outputs
-  delegate_to: localhost
-  when: common_services.fluentd.enabled | bool
-
-- name: Copying over fluentd.conf
-  vars:
-    log_direct_to_elasticsearch: "{{ elasticsearch_address is defined }}"
-    log_direct_to_opensearch: >-
-      {{ enable_opensearch | bool or
-           ( opensearch_address != kolla_internal_fqdn ) }}
-    # Inputs
-    fluentd_input_files: "{{ default_input_files_enabled | customise_fluentd(customised_input_files) }}"
-    default_input_files_enabled: "{{ default_input_files | selectattr('enabled') | map(attribute='name') | list }}"
-    default_input_files:
-      - name: "conf/input/00-global.conf.j2"
-        enabled: true
-      - name: "conf/input/01-syslog.conf.j2"
-        enabled: true
-      - name: "conf/input/02-mariadb.conf.j2"
-        enabled: true
-      - name: "conf/input/03-rabbitmq.conf.j2"
-        enabled: true
-      - name: "conf/input/04-openstack-wsgi.conf.j2"
-        enabled: true
-      - name: "conf/input/05-libvirt.conf.j2"
-        enabled: "{{ enable_nova | bool and enable_nova_libvirt_container | bool }}"
-      - name: "conf/input/08-prometheus.conf.j2"
-        enabled: "{{ enable_prometheus_fluentd_integration | bool }}"
-      - name: "conf/input/10-openvswitch.conf.j2"
-        enabled: true
-      - name: "conf/input/11-letsencrypt.conf.j2"
-        enabled: "{{ enable_letsencrypt | bool }}"
-      - name: "conf/input/12-systemd.conf.j2"
-        enabled: "{{ enable_fluentd_systemd | bool }}"
-      - name: "conf/input/13-uwsgi.conf.j2"
-        enabled: true
-    customised_input_files: "{{ find_custom_fluentd_inputs.files | map(attribute='path') | list }}"
-    # Filters
-    fluentd_filter_files: "{{ default_filter_files | customise_fluentd(customised_filter_files) }}"
-    default_filter_files:
-      - "conf/filter/00-record_transformer.conf.j2"
-      - "conf/filter/01-rewrite.conf.j2"
-      - "conf/filter/02-parser.conf.j2"
-    customised_filter_files: "{{ find_custom_fluentd_filters.files | map(attribute='path') | list }}"
-    # Formats
-    fluentd_format_files: "{{ default_format_files | customise_fluentd(customised_format_files) }}"
-    default_format_files:
-      - "conf/format/apache_access.conf.j2"
-      - "conf/format/wsgi_access.conf.j2"
-    customised_format_files: "{{ find_custom_fluentd_formats.files | map(attribute='path') | list }}"
-    # Outputs
-    fluentd_output_files: "{{ default_output_files_enabled | customise_fluentd(customised_output_files) }}"
-    default_output_files_enabled: "{{ default_output_files | selectattr('enabled') | map(attribute='name') | list }}"
-    default_output_files:
-      - name: "conf/output/00-local.conf.j2"
-        enabled: true
-      - name: "conf/output/01-es.conf.j2"
-        enabled: "{{ log_direct_to_elasticsearch }}"
-      - name: "conf/output/03-opensearch.conf.j2"
-        enabled: "{{ log_direct_to_opensearch }}"
-    customised_output_files: "{{ find_custom_fluentd_outputs.files | map(attribute='path') | list }}"
-  template:
-    src: "fluentd.conf.j2"
-    dest: "{{ node_config_directory }}/fluentd/fluentd.conf"
-    mode: "0660"
-  become: true
-  when:
-    - common_services.fluentd | service_enabled_and_mapped_to_host
-
 - name: Copying over cron logrotate config file
   vars:
     cron_logrotate_enabled_services: >-

ansible/roles/fluentd/defaults/main.yml

@@ -0,0 +1,147 @@
+---
+fluentd_services:
+  fluentd:
+    container_name: fluentd
+    group: fluentd
+    enabled: "{{ enable_fluentd | bool }}"
+    image: "{{ fluentd_image_full }}"
+    environment:
+      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+    volumes: "{{ fluentd_default_volumes + fluentd_extra_volumes }}"
+    dimensions: "{{ fluentd_dimensions }}"
+
+########################
+# TLS and authentication
+########################
+
+fluentd_elasticsearch_path: ""
+fluentd_elasticsearch_scheme: "{{ internal_protocol }}"
+fluentd_elasticsearch_user: ""
+fluentd_elasticsearch_password: ""
+fluentd_elasticsearch_ssl_version: "TLSv1_2"
+fluentd_elasticsearch_ssl_verify: "true"
+fluentd_elasticsearch_cacert: "{{ openstack_cacert }}"
+fluentd_elasticsearch_request_timeout: "60s"
+
+fluentd_opensearch_path: ""
+fluentd_opensearch_scheme: "{{ internal_protocol }}"
+fluentd_opensearch_user: ""
+fluentd_opensearch_password: ""
+fluentd_opensearch_ssl_version: "TLSv1_2"
+fluentd_opensearch_ssl_verify: "true"
+fluentd_opensearch_cacert: "{{ openstack_cacert }}"
+fluentd_opensearch_request_timeout: "60s"
+
+####################
+# Docker
+####################
+fluentd_tag: "{{ openstack_tag }}"
+fluentd_dimensions: "{{ default_container_dimensions }}"
+
+fluentd_image: "{{ docker_image_url }}fluentd"
+fluentd_image_full: "{{ fluentd_image }}:{{ fluentd_tag }}"
+
+syslog_haproxy_facility: "local1"
+syslog_glance_tls_proxy_facility: "local2"
+syslog_neutron_tls_proxy_facility: "local4"
+
+syslog_facilities:
+  - name: "haproxy"
+    enabled: "{{ enable_haproxy | bool and inventory_hostname in groups['loadbalancer'] }}"
+    facility: "{{ syslog_haproxy_facility }}"
+    logdir: "haproxy"
+    logfile: "haproxy_latest"
+  - name: "glance_tls_proxy"
+    enabled: "{{ glance_enable_tls_backend | bool and inventory_hostname in groups['glance-api'] }}"
+    facility: "{{ syslog_glance_tls_proxy_facility }}"
+    logdir: "glance-tls-proxy"
+    logfile: "glance-tls-proxy"
+  - name: "neutron_tls_proxy"
+    enabled: "{{ neutron_enable_tls_backend | bool and inventory_hostname in groups['neutron-server'] }}"
+    facility: "{{ syslog_neutron_tls_proxy_facility }}"
+    logdir: "neutron-tls-proxy"
+    logfile: "neutron-tls-proxy"
+
+fluentd_default_volumes:
+  - "{{ node_config_directory }}/fluentd/:{{ container_config_directory }}/:ro"
+  - "/etc/localtime:/etc/localtime:ro"
+  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
+  - "kolla_logs:/var/log/kolla/"
+  - "fluentd_data:/var/lib/fluentd/data/"
+  - "/var/log/journal:/var/log/journal:ro"
+fluentd_extra_volumes: "{{ default_extra_volumes }}"
+
+####################
+# Fluentd
+####################
+
+# Enable the additional watch timer
+fluentd_enable_watch_timer: "false"
+
+# Set limits for queue size and chunk size
+# We need to ensure that the bulk_message_request_threshold is set below the
+# default maximum content length for the OpenSearch bulk API (100MB). By
+# default the bulk_message_request_threshold is unlimited, which can lead to
+# large payloads being sent and subsequently rejected by the OpenSearch API.
+fluentd_bulk_message_request_threshold: "20M"
+
+# The fluentd buffer chunk limit size is the maximum size of a single chunk in
+# the buffer. This should be set to a value that is less than the maximum size
+# of the bulk_message_request_threshold.
+fluentd_buffer_chunk_limit_size: "8M"
+
+fluentd_input_openstack_services:
+  - name: aodh
+    enabled: "{{ enable_aodh | bool }}"
+  - name: barbican
+    enabled: "{{ enable_barbican | bool }}"
+  - name: blazar
+    enabled: "{{ enable_blazar | bool }}"
+  - name: ceilometer
+    enabled: "{{ enable_ceilometer | bool }}"
+  - name: cinder
+    enabled: "{{ enable_cinder | bool }}"
+  - name: cloudkitty
+    enabled: "{{ enable_cloudkitty | bool }}"
+  - name: cyborg
+    enabled: "{{ enable_cyborg | bool }}"
+  - name: designate
+    enabled: "{{ enable_designate | bool }}"
+  - name: glance
+    enabled: "{{ enable_glance | bool }}"
+  - name: heat
+    enabled: "{{ enable_heat | bool }}"
+  - name: horizon
+    enabled: "{{ enable_horizon | bool }}"
+  - name: ironic
+    enabled: "{{ enable_ironic | bool }}"
+  - name: ironic-inspector
+    enabled: "{{ enable_ironic | bool }}"
+  - name: keystone
+    enabled: "{{ enable_keystone | bool }}"
+  - name: kuryr
+    enabled: "{{ enable_kuryr | bool }}"
+  - name: magnum
+    enabled: "{{ enable_magnum | bool }}"
+  - name: manila
+    enabled: "{{ enable_manila | bool }}"
+  - name: masakari
+    enabled: "{{ enable_masakari | bool }}"
+  - name: mistral
+    enabled: "{{ enable_mistral | bool }}"
+  - name: neutron
+    enabled: "{{ enable_neutron | bool }}"
+  - name: nova
+    enabled: "{{ enable_nova | bool }}"
+  - name: octavia
+    enabled: "{{ enable_octavia | bool }}"
+  - name: placement
+    enabled: "{{ enable_placement | bool }}"
+  - name: tacker
+    enabled: "{{ enable_tacker | bool }}"
+  - name: trove
+    enabled: "{{ enable_trove | bool }}"
+  - name: watcher
+    enabled: "{{ enable_watcher | bool }}"
+
+fluentd_enabled_input_openstack_services: "{{ fluentd_input_openstack_services | selectattr('enabled', 'equalto', true) | map(attribute='name') | list }}"

ansible/roles/fluentd/handlers/main.yml

@@ -0,0 +1,14 @@
+---
+- name: Restart fluentd container
+  vars:
+    service_name: "fluentd"
+    service: "{{ fluentd_services[service_name] }}"
+  become: true
+  kolla_container:
+    action: "recreate_or_restart_container"
+    common_options: "{{ docker_common_options }}"
+    name: "{{ service.container_name }}"
+    image: "{{ service.image }}"
+    volumes: "{{ service.volumes }}"
+    environment: "{{ service.environment }}"
+    dimensions: "{{ service.dimensions }}"

ansible/roles/fluentd/tasks/bootstrap.yml

@@ -0,0 +1 @@
+---

ansible/roles/fluentd/tasks/check-containers.yml

@@ -0,0 +1,3 @@
+---
+- import_role:
+    name: service-check-containers

ansible/roles/fluentd/tasks/check.yml

@@ -0,0 +1,4 @@
+---
+- name: Checking fluentd containers
+  import_role:
+    role: service-check

ansible/roles/fluentd/tasks/config.yml

@@ -0,0 +1,130 @@
+---
+- name: Ensuring config directories exist
+  vars:
+    service_name: "fluentd"
+    service: "{{ fluentd_services[service_name] }}"
+  file:
+    path: "{{ node_config_directory }}/{{ service_name }}"
+    state: "directory"
+    owner: "{{ config_owner_user }}"
+    group: "{{ config_owner_group }}"
+    mode: "0770"
+  become: true
+  when: service | service_enabled_and_mapped_to_host
+
+- include_tasks: copy-certs.yml
+  when:
+    - kolla_copy_ca_into_containers | bool
+
+- name: Copying over config.json files for services
+  template:
+    src: "{{ item.key }}.json.j2"
+    dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
+    mode: "0660"
+  become: true
+  with_dict: "{{ fluentd_services | select_services_enabled_and_mapped_to_host }}"
+
+- name: Find custom fluentd input config files
+  find:
+    path: "{{ node_custom_config }}/fluentd/input"
+    pattern: "*.conf"
+  run_once: True
+  register: find_custom_fluentd_inputs
+  delegate_to: localhost
+
+- name: Find custom fluentd filter config files
+  find:
+    path: "{{ node_custom_config }}/fluentd/filter"
+    pattern: "*.conf"
+  run_once: True
+  register: find_custom_fluentd_filters
+  delegate_to: localhost
+
+- name: Find custom fluentd format config files
+  find:
+    path: "{{ node_custom_config }}/fluentd/format"
+    pattern: "*.conf"
+  run_once: True
+  register: find_custom_fluentd_formats
+  delegate_to: localhost
+
+- name: Find custom fluentd output config files
+  find:
+    path: "{{ node_custom_config }}/fluentd/output"
+    pattern: "*.conf"
+  run_once: True
+  register: find_custom_fluentd_outputs
+  delegate_to: localhost
+
+- name: Copying over fluentd.conf
+  vars:
+    log_direct_to_elasticsearch: "{{ elasticsearch_address is defined }}"
+    log_direct_to_opensearch: >-
+      {{ enable_opensearch | bool or
+           ( opensearch_address != kolla_internal_fqdn ) }}
+    # Inputs
+    fluentd_input_files: "{{ default_input_files_enabled | customise_fluentd(customised_input_files) }}"
+    default_input_files_enabled: "{{ default_input_files | selectattr('enabled') | map(attribute='name') | list }}"
+    default_input_files:
+      - name: "conf/input/00-global.conf.j2"
+        enabled: true
+      - name: "conf/input/01-syslog.conf.j2"
+        enabled: true
+      - name: "conf/input/02-mariadb.conf.j2"
+        enabled: true
+      - name: "conf/input/03-rabbitmq.conf.j2"
+        enabled: true
+      - name: "conf/input/04-openstack-wsgi.conf.j2"
+        enabled: true
+      - name: "conf/input/05-libvirt.conf.j2"
+        enabled: "{{ enable_nova | bool and enable_nova_libvirt_container | bool }}"
+      - name: "conf/input/08-prometheus.conf.j2"
+        enabled: "{{ enable_prometheus_fluentd_integration | bool }}"
+      - name: "conf/input/10-openvswitch.conf.j2"
+        enabled: true
+      - name: "conf/input/11-letsencrypt.conf.j2"
+        enabled: "{{ enable_letsencrypt | bool }}"
+      - name: "conf/input/12-systemd.conf.j2"
+        enabled: "{{ enable_fluentd_systemd | bool }}"
+      - name: "conf/input/13-uwsgi.conf.j2"
+        enabled: true
+    customised_input_files: "{{ find_custom_fluentd_inputs.files | map(attribute='path') | list }}"
+    # Filters
+    fluentd_filter_files: "{{ default_filter_files | customise_fluentd(customised_filter_files) }}"
+    default_filter_files:
+      - "conf/filter/00-record_transformer.conf.j2"
+      - "conf/filter/01-rewrite.conf.j2"
+      - "conf/filter/02-parser.conf.j2"
+    customised_filter_files: "{{ find_custom_fluentd_filters.files | map(attribute='path') | list }}"
+    # Formats
+    fluentd_format_files: "{{ default_format_files | customise_fluentd(customised_format_files) }}"
+    default_format_files:
+      - "conf/format/apache_access.conf.j2"
+      - "conf/format/wsgi_access.conf.j2"
+    customised_format_files: "{{ find_custom_fluentd_formats.files | map(attribute='path') | list }}"
+    # Outputs
+    fluentd_output_files: "{{ default_output_files_enabled | customise_fluentd(customised_output_files) }}"
+    default_output_files_enabled: "{{ default_output_files | selectattr('enabled') | map(attribute='name') | list }}"
+    default_output_files:
+      - name: "conf/output/00-local.conf.j2"
+        enabled: true
+      - name: "conf/output/01-es.conf.j2"
+        enabled: "{{ log_direct_to_elasticsearch }}"
+      - name: "conf/output/03-opensearch.conf.j2"
+        enabled: "{{ log_direct_to_opensearch }}"
+    customised_output_files: "{{ find_custom_fluentd_outputs.files | map(attribute='path') | list }}"
+  template:
+    src: "fluentd.conf.j2"
+    dest: "{{ node_config_directory }}/fluentd/fluentd.conf"
+    mode: "0660"
+  become: true
+
+- name: Ensuring config directories have correct owner and permission
+  become: true
+  file:
+    path: "{{ node_config_directory }}/{{ item.key }}"
+    owner: "{{ config_owner_user }}"
+    group: "{{ config_owner_group }}"
+    mode: "0770"
+  ignore_errors: "{{ ansible_check_mode }}"
+  with_dict: "{{ fluentd_services | select_services_enabled_and_mapped_to_host }}"

ansible/roles/fluentd/tasks/config_validate.yml

@@ -0,0 +1 @@
+---

ansible/roles/fluentd/tasks/copy-certs.yml

@@ -0,0 +1,6 @@
+---
+- name: "Copy certificates and keys for {{ project_name }}"
+  import_role:
+    role: service-cert-copy
+  vars:
+    project_services: "{{ fluentd_services }}"

ansible/roles/fluentd/tasks/deploy-containers.yml

@@ -0,0 +1,2 @@
+---
+- import_tasks: check-containers.yml

ansible/roles/fluentd/tasks/deploy.yml

@@ -0,0 +1,9 @@
+---
+- import_tasks: config.yml
+
+- import_tasks: check-containers.yml
+
+- import_tasks: bootstrap.yml
+
+- name: Flush handlers
+  meta: flush_handlers

ansible/roles/fluentd/tasks/main.yml

@@ -0,0 +1,2 @@
+---
+- include_tasks: "{{ kolla_action }}.yml"

ansible/roles/fluentd/tasks/precheck.yml

@@ -0,0 +1,6 @@
+---
+- import_role:
+    name: service-precheck
+  vars:
+    service_precheck_services: "{{ fluentd_services }}"
+    service_name: "{{ project_name }}"

ansible/roles/fluentd/tasks/pull.yml

@@ -0,0 +1,3 @@
+---
+- import_role:
+    role: service-images-pull

ansible/roles/fluentd/tasks/reconfigure.yml

@@ -0,0 +1,2 @@
+---
+- import_tasks: deploy.yml

ansible/roles/fluentd/tasks/stop.yml

@@ -0,0 +1,6 @@
+---
+- import_role:
+    name: service-stop
+  vars:
+    project_services: "{{ fluentd_services }}"
+    service_name: "{{ project_name }}"

ansible/roles/fluentd/tasks/upgrade.yml

@@ -0,0 +1,7 @@
+---
+- import_tasks: config.yml
+
+- import_tasks: check-containers.yml
+
+- name: Flush handlers
+  meta: flush_handlers

ansible/roles/fluentd/templates/conf/filter/01-rewrite.conf.j2

@@ -111,6 +111,11 @@
     pattern ^(kuryr-server)$
     tag openstack_python
   </rule>
+  <rule>
+    key     programname
+    pattern ^(gnocchi-api|gnocchi-statsd|gnocchi-metricd|gnocchi-upgrade)$
+    tag openstack_python
+  </rule>
   <rule>
     key     programname
     pattern ^(ironic-api|ironic-conductor|ironic-inspector)$

ansible/roles/fluentd/templates/conf/input/10-openvswitch.conf.j2

@@ -47,7 +47,6 @@
 {% endif %}
 {% for ovn_service in ['ovn-nb-db', 'ovn-northd', 'ovn-sb-db'] %}
 {% if inventory_hostname in groups.get(ovn_service, []) %}
-
 <source>
   @type tail
   path /var/log/kolla/openvswitch/{{ ovn_service }}.log

ansible/roles/fluentd/vars/main.yml

@@ -0,0 +1,2 @@
+---
+project_name: "fluentd"

ansible/site.yml

@@ -88,7 +88,6 @@
   gather_facts: false
   hosts:
     - cron
-    - fluentd
     - kolla-logs
     - kolla-toolbox
   serial: '{{ kolla_serial|default("0") }}'
@@ -101,6 +100,20 @@
   roles:
     - role: common
 
+- name: Apply role fluentd
+  gather_facts: false
+  hosts:
+    - fluentd
+  serial: '{{ kolla_serial|default("0") }}'
+  max_fail_percentage: >-
+    {{ fluentd_max_fail_percentage |
+       default(kolla_max_fail_percentage) |
+       default(100) }}
+  tags:
+    - fluentd
+  roles:
+    - role: fluentd
+
 - name: Apply role loadbalancer
   gather_facts: false
   hosts:

releasenotes/notes/fluentd-break-out-role-1e5306dac1c41583.yaml

@@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    A ``fluentd`` Ansible role has been created and its deployment is not part
+    of the ``common`` role anymore.