Ensure we get dedicated logging file for HAProxy

With the current configuration, HAProxy logs are in the host journal.
This isn't really friendly when you want to debug issues with this service.

This patches ensures HAProxy logs are in a dedicated file, using the syslog
facility set in its configuration.

Depends-On: I8fee040287940188f6bc6bc35bdbdaf6c234cbfd
Change-Id: Ia615ac07d0c559deb65e307bb6254127e989794d
This commit is contained in:
Cédric Jeanneret 2018-11-28 13:56:13 +01:00
parent 1201d46ee3
commit 0576e26234
6 changed files with 92 additions and 1 deletions

View File

@ -21,6 +21,14 @@
- name: Write config data at the start of step 1 - name: Write config data at the start of step 1
when: step == "1" when: step == "1"
block: block:
- name: Create and ensure setype for /var/log/containers directory
file:
path: /var/log/containers
state: directory
setype: var_log_t
selevel: s0
tags:
- host_config
- name: Create /var/lib/tripleo-config directory - name: Create /var/lib/tripleo-config directory
file: file:
path: /var/lib/tripleo-config path: /var/lib/tripleo-config

View File

@ -40,6 +40,10 @@ parameters:
default: /dev/log default: /dev/log
description: Syslog address where HAproxy will send its log description: Syslog address where HAproxy will send its log
type: string type: string
HAProxySyslogFacility:
default: local0
description: Syslog facility HAProxy will use for its logs
type: string
SSLCertificate: SSLCertificate:
default: '' default: ''
description: > description: >
@ -121,6 +125,8 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords} DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName} RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters} RoleParameters: {get_param: RoleParameters}
HAProxySyslogAddress: {get_param: HAProxySyslogAddress}
HAProxySyslogFacility: {get_param: HAProxySyslogFacility}
HAProxyLogging: HAProxyLogging:
type: OS::TripleO::Services::Logging::HAProxy type: OS::TripleO::Services::Logging::HAProxy
@ -279,13 +285,33 @@ outputs:
- haproxy - haproxy
host_prep_tasks: host_prep_tasks:
- {get_attr: [HAProxyBase, role_data, host_prep_tasks]} - {get_attr: [HAProxyBase, role_data, host_prep_tasks]}
- name: Check if rsyslog exists
shell: systemctl is-active rsyslog
register: rsyslog_config
- when: rsyslog_config.rc == 0
block:
- name: Forward logging to haproxy.log file
blockinfile:
content: |
if $syslogfacility-text == '{{facility}}' and $programname == 'haproxy' then -/var/log/containers/haproxy/haproxy.log
& stop
create: yes
path: /etc/rsyslog.d/openstack-haproxy.conf
vars:
facility: {get_param: HAProxySyslogFacility}
register: logconfig
- name: restart rsyslog service after logging conf change
service:
name: rsyslog
state: restarted
when: logconfig is changed
- name: create persistent directories - name: create persistent directories
file: file:
path: "{{ item.path }}" path: "{{ item.path }}"
state: directory state: directory
setype: "{{ item.setype }}" setype: "{{ item.setype }}"
with_items: with_items:
- { 'path': /var/log/containers/haproxy, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/containers/haproxy, 'setype': var_log_t }
- { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t } - { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t }
- name: haproxy logs readme - name: haproxy logs readme
copy: copy:

View File

@ -75,6 +75,14 @@ parameters:
HAProxyInternalTLSKeysDirectory: HAProxyInternalTLSKeysDirectory:
default: '/etc/pki/tls/private/haproxy' default: '/etc/pki/tls/private/haproxy'
type: string type: string
HAProxySyslogAddress:
default: /dev/log
description: Syslog address where HAproxy will send its log
type: string
HAProxySyslogFacility:
default: local0
description: Syslog facility HAProxy will use for its logs
type: string
ConfigDebug: ConfigDebug:
default: false default: false
description: Whether to run config management (e.g. Puppet) in debug mode. description: Whether to run config management (e.g. Puppet) in debug mode.
@ -126,6 +134,8 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords} DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName} RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters} RoleParameters: {get_param: RoleParameters}
HAProxySyslogAddress: {get_param: HAProxySyslogAddress}
HAProxySyslogFacility: {get_param: HAProxySyslogFacility}
outputs: outputs:
role_data: role_data:
@ -279,13 +289,41 @@ outputs:
- {get_param: DeployIdentifier} - {get_param: DeployIdentifier}
host_prep_tasks: host_prep_tasks:
- {get_attr: [HAProxyBase, role_data, host_prep_tasks]} - {get_attr: [HAProxyBase, role_data, host_prep_tasks]}
- name: Check if rsyslog exists
shell: systemctl is-active rsyslog
register: rsyslog_config
- when: rsyslog_config.rc == 0
block:
- name: Forward logging to haproxy.log file
blockinfile:
content: |
if $syslogfacility-text == '{{facility}}' and $programname == 'haproxy' then -/var/log/containers/haproxy/haproxy.log
& stop
create: yes
path: /etc/rsyslog.d/openstack-haproxy.conf
vars:
facility: {get_param: HAProxySyslogFacility}
register: logconfig
- name: restart rsyslog service after logging conf change
service:
name: rsyslog
state: restarted
when: logconfig is changed
- name: create persistent directories - name: create persistent directories
file: file:
path: "{{ item.path }}" path: "{{ item.path }}"
state: directory state: directory
setype: "{{ item.setype }}" setype: "{{ item.setype }}"
with_items: with_items:
- { 'path': /var/log/containers/haproxy, 'setype': var_log_t }
- { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t } - { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t }
- name: haproxy logs readme
copy:
dest: /var/log/haproxy/readme.txt
content: |
Log files from the haproxy containers can be found under
/var/log/containers/haproxy.
ignore_errors: true
metadata_settings: metadata_settings:
get_attr: [HAProxyBase, role_data, metadata_settings] get_attr: [HAProxyBase, role_data, metadata_settings]
deploy_steps_tasks: deploy_steps_tasks:

View File

@ -46,6 +46,10 @@ parameters:
default: /dev/log default: /dev/log
description: Syslog address where HAproxy will send its log description: Syslog address where HAproxy will send its log
type: string type: string
HAProxySyslogFacility:
default: local0
description: Syslog facility HAProxy will use for its logs
type: string
HAProxyStatsEnabled: HAProxyStatsEnabled:
default: true default: true
description: Whether or not to enable the HAProxy stats interface. description: Whether or not to enable the HAProxy stats interface.
@ -140,6 +144,7 @@ outputs:
'107 haproxy stats': '107 haproxy stats':
dport: 1993 dport: 1993
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress} tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility}
tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser} tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword} tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
tripleo::haproxy::redis_password: {get_param: RedisPassword} tripleo::haproxy::redis_password: {get_param: RedisPassword}

View File

@ -30,6 +30,14 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry. via parameter_defaults in the resource registry.
type: json type: json
HAProxySyslogFacility:
default: local0
description: Syslog facility HAProxy will use for its logs
type: string
HAProxySyslogAddress:
default: /dev/log
description: Syslog address where HAproxy will send its log
type: string
resources: resources:
LoadbalancerServiceBase: LoadbalancerServiceBase:
@ -53,6 +61,8 @@ outputs:
- get_attr: [LoadbalancerServiceBase, role_data, config_settings] - get_attr: [LoadbalancerServiceBase, role_data, config_settings]
- tripleo::haproxy::haproxy_service_manage: false - tripleo::haproxy::haproxy_service_manage: false
tripleo::haproxy::mysql_clustercheck: true tripleo::haproxy::mysql_clustercheck: true
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility}
step_config: | step_config: |
include ::tripleo::profile::pacemaker::haproxy include ::tripleo::profile::pacemaker::haproxy
host_prep_tasks: {get_attr: [LoadbalancerServiceBase, role_data, host_prep_tasks]} host_prep_tasks: {get_attr: [LoadbalancerServiceBase, role_data, host_prep_tasks]}

View File

@ -0,0 +1,4 @@
---
features:
- Allow to output HAProxy in a dedicated file
- Adds new HAProxySyslogFacility param