From aed9f84fe9a486c4acc975458fe4693c714d408f Mon Sep 17 00:00:00 2001
From: Michal Nasiadka <mnasiadka@gmail.com>
Date: Wed, 5 Aug 2020 14:49:48 +0200
Subject: [PATCH] Fix glance-tls-proxy logrotate and fluentd log permissions
Change-Id: Iabc0115d3476a626df134cc70cb473bf6e72487e
Closes-Bug: #1890439
---
ansible/group_vars/all.yml | 2 ++
ansible/roles/common/tasks/config.yml | 2 +-
.../roles/common/templates/conf/output/00-local.conf.j2 | 2 ++
ansible/roles/common/templates/fluentd.json.j2 | 7 +++++++
ansible/roles/glance/defaults/main.yml | 5 -----
5 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index f04a5bd7e0..766665de9e 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -842,6 +842,8 @@ glance_enable_rolling_upgrade: "no"
glance_enable_property_protection: "no"
glance_enable_interoperable_image_import: "no"
glance_api_hosts: "{{ [groups['glance-api']|first] if glance_backend_file | bool and glance_file_datadir_volume == 'glance' else groups['glance-api'] }}"
+# NOTE(mnasiadka): For use in common role
+glance_enable_tls_backend: "{{ kolla_enable_tls_backend }}"
glance_admin_endpoint: "{{ admin_protocol }}://{{ glance_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}"
glance_internal_endpoint: "{{ internal_protocol }}://{{ glance_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}"
diff --git a/ansible/roles/common/tasks/config.yml b/ansible/roles/common/tasks/config.yml
index 0957bbabba..0a0125578d 100644
--- a/ansible/roles/common/tasks/config.yml
+++ b/ansible/roles/common/tasks/config.yml
@@ -181,7 +181,7 @@
- { name: "fluentd", enabled: "{{ enable_fluentd | bool }}" }
- { name: "freezer", enabled: "{{ enable_freezer | bool }}" }
- { name: "glance", enabled: "{{ enable_glance | bool }}" }
- - { name: "glance-tls-proxy", enabled: "{{ enable_glance | bool }}" }
+ - { name: "glance-tls-proxy", enabled: "{{ glance_enable_tls_backend | bool }}" }
- { name: "gnocchi", enabled: "{{ enable_gnocchi | bool }}" }
- { name: "grafana", enabled: "{{ enable_grafana | bool }}" }
- { name: "haproxy", enabled: "{{ enable_haproxy | bool }}" }
diff --git a/ansible/roles/common/templates/conf/output/00-local.conf.j2 b/ansible/roles/common/templates/conf/output/00-local.conf.j2
index 13514dfa31..1638aaf814 100644
--- a/ansible/roles/common/templates/conf/output/00-local.conf.j2
+++ b/ansible/roles/common/templates/conf/output/00-local.conf.j2
@@ -120,6 +120,7 @@
{% endif %}
</match>
+{% if glance_enable_tls_backend | bool %}
<match syslog.{{ syslog_glance_tls_proxy_facility }}.**>
@type copy
<store>
@@ -178,3 +179,4 @@
</store>
{% endif %}
</match>
+{% endif %}
diff --git a/ansible/roles/common/templates/fluentd.json.j2 b/ansible/roles/common/templates/fluentd.json.j2
index bd98438fc6..5e5f305e90 100644
--- a/ansible/roles/common/templates/fluentd.json.j2
+++ b/ansible/roles/common/templates/fluentd.json.j2
@@ -34,6 +34,13 @@
"owner": "{{ fluentd_user }}:{{ fluentd_user }}",
"recurse": true
},
+{% if glance_enable_tls_backend | bool %}
+ {
+ "path": "/var/log/kolla/glance-tls-proxy",
+ "owner": "{{ fluentd_user }}:{{ fluentd_user }}",
+ "recurse": true
+ },
+{% endif %}
{
"path": "/var/log/kolla/swift",
"owner": "{{ fluentd_user }}:{{ fluentd_user }}",
diff --git a/ansible/roles/glance/defaults/main.yml b/ansible/roles/glance/defaults/main.yml
index 98c0fb8da4..79765d37ed 100644
--- a/ansible/roles/glance/defaults/main.yml
+++ b/ansible/roles/glance/defaults/main.yml
@@ -209,11 +209,6 @@ vmware_datastore_name:
# Default maximum size of 10Gb
glance_cache_max_size: "10737418240"
-####################
-# TLS
-####################
-glance_enable_tls_backend: "{{ kolla_enable_tls_backend }}"
-
####################
# Backend TLS proxy
####################