diff --git a/defaults/main.yml b/defaults/main.yml index 916a6be1..1476ff23 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -432,6 +432,7 @@ keystone_pip_packages: - PyMySQL - python-memcached - python-openstackclient + - systemd-python - uWSGI # This variable is used by the repo_build process to determine diff --git a/releasenotes/notes/journal-log-ccbb504642b49611.yaml b/releasenotes/notes/journal-log-ccbb504642b49611.yaml new file mode 100644 index 00000000..c97b7c97 --- /dev/null +++ b/releasenotes/notes/journal-log-ccbb504642b49611.yaml @@ -0,0 +1,9 @@ +--- +deprecations: + - The log path, ``/var/log/keystone`` is no longer used to capture service + logs. All logging for the Keystone service will now be sent directly to the + systmed journal. +other: + - When running keystone with apache(httpd) all apache logs will be stored in + the standard apache log directory which is controlled by the distro specific + variable ``keystone_apache_default_log_folder``. diff --git a/tasks/keystone_pre_install.yml b/tasks/keystone_pre_install.yml index 119de80f..c2f765b8 100644 --- a/tasks/keystone_pre_install.yml +++ b/tasks/keystone_pre_install.yml @@ -84,24 +84,3 @@ - { path: "/etc/ansible/facts.d", owner: root, group: root } delegate_to: "{{ item[0] }}" when: "inventory_hostname == ansible_play_hosts[0]" - -- name: Test for log directory or link - shell: | - if [ -h "/var/log/keystone" ]; then - chown -h {{ keystone_system_user_name }}:{{ keystone_system_group_name }} "/var/log/keystone" - chown -R {{ keystone_system_user_name }}:{{ keystone_system_group_name }} "$(readlink /var/log/keystone)" - else - exit 1 - fi - register: log_dir - failed_when: false - changed_when: log_dir.rc != 0 - -- name: Create keystone log dir - file: - path: "/var/log/keystone" - state: directory - owner: "{{ keystone_system_user_name }}" - group: "{{ keystone_system_group_name }}" - mode: "0755" - when: log_dir.rc != 0 diff --git a/templates/keystone-httpd.conf.j2 b/templates/keystone-httpd.conf.j2 index a04037b1..9b563a30 100644 --- a/templates/keystone-httpd.conf.j2 +++ b/templates/keystone-httpd.conf.j2 @@ -8,8 +8,9 @@ Listen {{ keystone_service_port }} LogLevel {{ keystone_apache_log_level }} - ErrorLog /var/log/keystone/keystone-apache-error.log - CustomLog /var/log/keystone/ssl_access.log {{ keystone_apache_custom_log_format }} + # NOTE(Cloudnull): Log files can changed to use "mod_journal" when Apache 2.5 is released + ErrorLog {{ keystone_apache_default_log_folder }}/keystone-apache-error.log + CustomLog {{ keystone_apache_default_log_folder }}/ssl_access.log {{ keystone_apache_custom_log_format }} Options +FollowSymLinks Header set X-Content-Type-Options "nosniff" @@ -76,8 +77,9 @@ Listen {{ keystone_admin_port }} LogLevel {{ keystone_apache_log_level }} - ErrorLog /var/log/keystone/keystone-apache-error.log - CustomLog /var/log/keystone/ssl_access.log {{ keystone_apache_custom_log_format }} + # NOTE(Cloudnull): Log files can changed to use "mod_journal" when Apache 2.5 is released + ErrorLog {{ keystone_apache_default_log_folder }}/keystone-apache-error.log + CustomLog {{ keystone_apache_default_log_folder }}/ssl_access.log {{ keystone_apache_custom_log_format }} Options +FollowSymLinks diff --git a/templates/keystone.conf.j2 b/templates/keystone.conf.j2 index 2a4bcbe2..320ee480 100644 --- a/templates/keystone.conf.j2 +++ b/templates/keystone.conf.j2 @@ -1,6 +1,7 @@ # {{ ansible_managed }} [DEFAULT] +use_journal = True # Disable stderr logging use_stderr = False debug = {{ debug }} @@ -15,9 +16,6 @@ member_role_name = {{ keystone_default_role_name }} secure_proxy_ssl_header = {{ keystone_secure_proxy_ssl_header }} {% endif %} -log_file = keystone.log -log_dir = /var/log/keystone - ## Oslo.Messaging RPC {% if keystone_messaging_enabled | bool %} transport_url = {{ keystone_oslomsg_rpc_transport }}://{% for host in keystone_oslomsg_rpc_servers.split(',') %}{{ keystone_oslomsg_rpc_userid }}:{{ keystone_oslomsg_rpc_password }}@{{ host }}:{{ keystone_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ keystone_oslomsg_rpc_vhost }}{% if keystone_oslomsg_rpc_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} diff --git a/templates/keystone_nginx.conf.j2 b/templates/keystone_nginx.conf.j2 index 7c3a12cb..13f85821 100644 --- a/templates/keystone_nginx.conf.j2 +++ b/templates/keystone_nginx.conf.j2 @@ -19,8 +19,8 @@ server { {{ line }} {%- endfor %} - access_log /var/log/nginx/{{ item }}-access.log custom; - error_log /var/log/nginx/{{ item }}-error.log info; + error_log syslog:server=unix:/dev/log; + access_log syslog:server=unix:/dev/log; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml index adf744ec..695d6ba8 100644 --- a/vars/redhat-7.yml +++ b/vars/redhat-7.yml @@ -28,10 +28,13 @@ keystone_devel_distro_packages: - libxslt-devel - openldap-devel - python-devel + - systemd-devel - which keystone_service_distro_packages: - openstack-keystone + - python-systemd + - python3-systemd - uwsgi - uwsgi-plugin-python diff --git a/vars/suse-42.yml b/vars/suse-42.yml index 99fe70b6..80b3f1e4 100644 --- a/vars/suse-42.yml +++ b/vars/suse-42.yml @@ -27,11 +27,14 @@ keystone_devel_distro_packages: - libxml2-devel - libxslt-devel - openldap2-devel + - systemd-devel + - pkg-config - python-devel - which keystone_service_distro_packages: - openstack-keystone + - python-systemd - uwsgi - uwsgi-python @@ -92,6 +95,9 @@ keystone_apache_modules: state: "present" - name: "headers" state: "present" +# This can be enabled when Apache2.5+ is available +# - name: "mod_journald" +# state: "present" keystone_nginx_conf_path: 'conf.d' diff --git a/vars/ubuntu-16.04.yml b/vars/ubuntu-16.04.yml index fcad02fe..c4220721 100644 --- a/vars/ubuntu-16.04.yml +++ b/vars/ubuntu-16.04.yml @@ -25,13 +25,17 @@ keystone_devel_distro_packages: - libjs-underscore - libldap2-dev - libsasl2-dev + - libsystemd-dev - libxslt1.1 - libxslt1-dev - libxml2-dev + - pkg-config - python-dev keystone_service_distro_packages: - keystone + - python-systemd + - python3-systemd - uwsgi - uwsgi-plugin-python @@ -78,6 +82,9 @@ keystone_apache_modules: state: "present" - name: "headers" state: "present" +# This can be enabled when Apache2.5+ is available +# - name: "mod_journald" +# state: "present keystone_nginx_conf_path: "sites-available" diff --git a/vars/ubuntu-18.04.yml b/vars/ubuntu-18.04.yml index e9a10206..76f5a610 100644 --- a/vars/ubuntu-18.04.yml +++ b/vars/ubuntu-18.04.yml @@ -25,13 +25,17 @@ keystone_devel_distro_packages: - libjs-underscore - libldap2-dev - libsasl2-dev + - libsystemd-dev - libxslt1.1 - libxslt1-dev - libxml2-dev + - pkg-config - python-dev keystone_service_distro_packages: - keystone + - python-systemd + - python3-systemd - uwsgi - uwsgi-plugin-python @@ -78,6 +82,9 @@ keystone_apache_modules: state: "present" - name: "headers" state: "present" +# This can be enabled when Apache2.5+ is available +# - name: "mod_journald" +# state: "present keystone_nginx_conf_path: "sites-available"