Allow rsyslog to log HAProxy locally

* Install haproxy-logging.cfg numerically before Ubuntu's /etc/rsyslog.d/49-haproxy.conf so its logging directives see HAProxy logs before they are discarded by 49-haproxy.conf. * Set owner of /var/log/haproxy to rsyslog's `syslog` user so rsyslog can write to it on Ubuntu. * Limit HAProxy-related rsyslog processing to HAProxy log messages instead of any/all log messages with the local0 or local1 facility and assuming HAProxy is the only application using those facilities. Change-Id: Ic259abc281619ba5ee8f020ac68373858a06e94d Closes-Bug: #1783886
2018-07-31 04:47:01 -05:00 · 2018-07-31 04:47:01 -05:00 · 1e0aa6bf47
parent 7015fc3dbb
commit 1e0aa6bf47
5 changed files with 30 additions and 5 deletions
--- a/files/haproxy-logging.cfg
+++ b/files/haproxy-logging.cfg
@ -1,6 +1,15 @@
 $ModLoad imudp
 $UDPServerRun 514
 $template Haproxy,"%msg%\n"
-local0.=info    -/var/log/haproxy/haproxy.log
-local1.notice   -/var/log/haproxy/haproxy-status.log
-local0.* ~
+if $programname startswith 'haproxy' then {
+  # Connections are logged at level "info".
+  # See https://www.haproxy.org/download/1.6/doc/configuration.txt.
+  local0.=info    -/var/log/haproxy/haproxy.log
+  # Level "notice" will be used to indicate a server going up,
+  # "warning" will be used for termination signals and definitive service
+  # termination, and "alert" will be used for when a server goes down.
+  # See https://www.haproxy.org/download/1.6/doc/configuration.txt.
+  local1.notice   -/var/log/haproxy/haproxy-status.log
+  # Discard HAProxy messages to prevent further processing/logging.
+  local0.*;local1.* ~
+}
--- a/tasks/haproxy_post_install.yml
+++ b/tasks/haproxy_post_install.yml
@ -31,10 +31,19 @@
  tags:
    - haproxy-base-config

+# remove config file from old location (ie releases 14-18)
+- name: Delete prior haproxy logging config
+  file:
+    path: "/etc/rsyslog.d/99-haproxy-local-logging.conf"
+    state: absent
+  notify: Restart rsyslog
+  tags:
+    - haproxy-logging-config
+
 - name: Drop haproxy logging config
  copy:
    src: "haproxy-logging.cfg"
-    dest: "/etc/rsyslog.d/99-haproxy-local-logging.conf"
+    dest: "/etc/rsyslog.d/10-haproxy-local-logging.conf"
  notify: Restart rsyslog
  tags:
    - haproxy-logging-config
--- a/tasks/haproxy_pre_install.yml
+++ b/tasks/haproxy_pre_install.yml
@ -47,7 +47,7 @@
  file:
    path: "{{ '/var/log/haproxy' | realpath }}"
    state: directory
-    owner: haproxy
+    owner: "{{ haproxy_log_directory_owner }}"
    group: adm
    mode: "0755"
  tags:
--- a/vars/main.yml
+++ b/vars/main.yml
@ -14,3 +14,5 @@
 # limitations under the License.

 haproxy_distro_packages_remove: []
+
+haproxy_log_directory_owner: haproxy
--- a/vars/ubuntu.yml
+++ b/vars/ubuntu.yml
@ -36,3 +36,8 @@ haproxy_remove_files:
  - "/etc/apt/preferences.d/haproxy_pin.pref"
  - "/etc/apt/sources.list.d/haproxy.list"
  - "/etc/apt/sources.list.d/ppa_launchpad_net_vbernat_haproxy_1_5_ubuntu.list"
+
+# On Ubuntu 16.04 and 18.04 rsyslog runs as the "syslog" user, so have the
+# HAProxy log directory be owned by the same user so that rsyslog can write
+# HAProxy's logs to that directory.
+haproxy_log_directory_owner: syslog