Add systemd journal logging to the service config

The systemd journal would normally be populated with the standard out of
a service however with the use of uwsgi this is not actually happening
resulting in us only capturing the logs from the uwsgi process instead
of the service itself. This change implements journal logging in the
service config, which is part of OSLO logging.

OSLO logging docs found here: <https://docs.openstack.org/oslo.log/3.28.1/journal.html>

Change-Id: I943bd5f1ac767f83d853cee09a5857f6f9f0efff
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>

defaults/main.yml

@@ -432,6 +432,7 @@ keystone_pip_packages:
   - PyMySQL
   - python-memcached
   - python-openstackclient
+  - systemd-python
   - uWSGI
 
 # This variable is used by the repo_build process to determine

releasenotes/notes/journal-log-ccbb504642b49611.yaml

@@ -0,0 +1,9 @@
+---
+deprecations:
+  - The log path, ``/var/log/keystone`` is no longer used to capture service
+    logs. All logging for the Keystone service will now be sent directly to the
+    systmed journal.
+other:
+  - When running keystone with apache(httpd) all apache logs will be stored in
+    the standard apache log directory which is controlled by the distro specific
+    variable ``keystone_apache_default_log_folder``.

tasks/keystone_pre_install.yml

@@ -84,24 +84,3 @@
       - { path: "/etc/ansible/facts.d", owner: root, group: root }
   delegate_to: "{{ item[0] }}"
   when: "inventory_hostname == ansible_play_hosts[0]"
-
-- name: Test for log directory or link
-  shell: |
-    if [ -h "/var/log/keystone"  ]; then
-      chown -h {{ keystone_system_user_name }}:{{ keystone_system_group_name }} "/var/log/keystone"
-      chown -R {{ keystone_system_user_name }}:{{ keystone_system_group_name }} "$(readlink /var/log/keystone)"
-    else
-      exit 1
-    fi
-  register: log_dir
-  failed_when: false
-  changed_when: log_dir.rc != 0
-
-- name: Create keystone log dir
-  file:
-    path: "/var/log/keystone"
-    state: directory
-    owner: "{{ keystone_system_user_name }}"
-    group: "{{ keystone_system_group_name }}"
-    mode: "0755"
-  when: log_dir.rc != 0

templates/keystone-httpd.conf.j2

@@ -8,8 +8,9 @@ Listen {{ keystone_service_port }}
     </IfVersion>
 
     LogLevel  {{  keystone_apache_log_level }}
-    ErrorLog  /var/log/keystone/keystone-apache-error.log
+    # NOTE(Cloudnull): Log files can changed to use "mod_journal" when Apache 2.5 is released
-    CustomLog /var/log/keystone/ssl_access.log {{ keystone_apache_custom_log_format }}
+    ErrorLog  {{ keystone_apache_default_log_folder }}/keystone-apache-error.log
+    CustomLog {{ keystone_apache_default_log_folder }}/ssl_access.log {{ keystone_apache_custom_log_format }}
     Options +FollowSymLinks
 
     Header set X-Content-Type-Options "nosniff"
@@ -76,8 +77,9 @@ Listen {{ keystone_admin_port }}
     </IfVersion>
 
     LogLevel  {{  keystone_apache_log_level }}
-    ErrorLog  /var/log/keystone/keystone-apache-error.log
+    # NOTE(Cloudnull): Log files can changed to use "mod_journal" when Apache 2.5 is released
-    CustomLog /var/log/keystone/ssl_access.log {{ keystone_apache_custom_log_format }}
+    ErrorLog  {{ keystone_apache_default_log_folder }}/keystone-apache-error.log
+    CustomLog {{ keystone_apache_default_log_folder }}/ssl_access.log {{ keystone_apache_custom_log_format }}
     Options +FollowSymLinks
 
 

templates/keystone.conf.j2

@@ -1,6 +1,7 @@
 # {{ ansible_managed }}
 
 [DEFAULT]
+use_journal = True
 # Disable stderr logging
 use_stderr = False
 debug = {{ debug }}
@@ -15,9 +16,6 @@ member_role_name = {{ keystone_default_role_name }}
 secure_proxy_ssl_header = {{ keystone_secure_proxy_ssl_header }}
 {% endif %}
 
-log_file = keystone.log
-log_dir = /var/log/keystone
-
 ## Oslo.Messaging RPC
 {% if keystone_messaging_enabled | bool %}
 transport_url = {{ keystone_oslomsg_rpc_transport }}://{% for host in keystone_oslomsg_rpc_servers.split(',') %}{{ keystone_oslomsg_rpc_userid }}:{{ keystone_oslomsg_rpc_password }}@{{ host }}:{{ keystone_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ keystone_oslomsg_rpc_vhost }}{% if keystone_oslomsg_rpc_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}

templates/keystone_nginx.conf.j2

@@ -19,8 +19,8 @@ server {
     {{ line }}
     {%- endfor %}
 
-    access_log  /var/log/nginx/{{ item }}-access.log custom;
+    error_log   syslog:server=unix:/dev/log;
-    error_log   /var/log/nginx/{{ item }}-error.log info;
+    access_log  syslog:server=unix:/dev/log;
 
     add_header X-Content-Type-Options nosniff;
     add_header X-XSS-Protection "1; mode=block";

vars/redhat-7.yml

@@ -28,10 +28,13 @@ keystone_devel_distro_packages:
   - libxslt-devel
   - openldap-devel
   - python-devel
+  - systemd-devel
   - which
 
 keystone_service_distro_packages:
   - openstack-keystone
+  - python-systemd
+  - python3-systemd
   - uwsgi
   - uwsgi-plugin-python
 

vars/suse-42.yml

@@ -27,11 +27,14 @@ keystone_devel_distro_packages:
   - libxml2-devel
   - libxslt-devel
   - openldap2-devel
+  - systemd-devel
+  - pkg-config
   - python-devel
   - which
 
 keystone_service_distro_packages:
   - openstack-keystone
+  - python-systemd
   - uwsgi
   - uwsgi-python
 
@@ -92,6 +95,9 @@ keystone_apache_modules:
     state: "present"
   - name: "headers"
     state: "present"
+# This can be enabled when Apache2.5+ is available
+#  - name: "mod_journald"
+#    state: "present"
 
 keystone_nginx_conf_path: 'conf.d'
 

vars/ubuntu-16.04.yml

@@ -25,13 +25,17 @@ keystone_devel_distro_packages:
   - libjs-underscore
   - libldap2-dev
   - libsasl2-dev
+  - libsystemd-dev
   - libxslt1.1
   - libxslt1-dev
   - libxml2-dev
+  - pkg-config
   - python-dev
 
 keystone_service_distro_packages:
   - keystone
+  - python-systemd
+  - python3-systemd
   - uwsgi
   - uwsgi-plugin-python
 
@@ -78,6 +82,9 @@ keystone_apache_modules:
     state: "present"
   - name: "headers"
     state: "present"
+# This can be enabled when Apache2.5+ is available
+#  - name: "mod_journald"
+#    state: "present
 
 keystone_nginx_conf_path: "sites-available"
 

vars/ubuntu-18.04.yml

@@ -25,13 +25,17 @@ keystone_devel_distro_packages:
   - libjs-underscore
   - libldap2-dev
   - libsasl2-dev
+  - libsystemd-dev
   - libxslt1.1
   - libxslt1-dev
   - libxml2-dev
+  - pkg-config
   - python-dev
 
 keystone_service_distro_packages:
   - keystone
+  - python-systemd
+  - python3-systemd
   - uwsgi
   - uwsgi-plugin-python
 
@@ -78,6 +82,9 @@ keystone_apache_modules:
     state: "present"
   - name: "headers"
     state: "present"
+# This can be enabled when Apache2.5+ is available
+#  - name: "mod_journald"
+#    state: "present
 
 keystone_nginx_conf_path: "sites-available"