diff --git a/common/deploy-steps-tasks.yaml b/common/deploy-steps-tasks.yaml index 6a79ebf5b0..8d380a2cc1 100644 --- a/common/deploy-steps-tasks.yaml +++ b/common/deploy-steps-tasks.yaml @@ -7,6 +7,14 @@ - name: Write config data at the start of step 1 when: step == "1" block: + - name: Create and ensure setype for /var/log/containers directory + file: + path: /var/log/containers + state: directory + setype: var_log_t + selevel: s0 + tags: + - host_config - name: Create /var/lib/tripleo-config directory file: path: /var/lib/tripleo-config diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml index b95e1bdd3a..66929ced4e 100644 --- a/docker/services/haproxy.yaml +++ b/docker/services/haproxy.yaml @@ -40,6 +40,10 @@ parameters: default: /dev/log description: Syslog address where HAproxy will send its log type: string + HAProxySyslogFacility: + default: local0 + description: Syslog facility HAProxy will use for its logs + type: string SSLCertificate: default: '' description: > @@ -121,6 +125,8 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + HAProxySyslogAddress: {get_param: HAProxySyslogAddress} + HAProxySyslogFacility: {get_param: HAProxySyslogFacility} HAProxyLogging: type: OS::TripleO::Services::Logging::HAProxy @@ -293,13 +299,33 @@ outputs: when: remove_haproxy_package|bool host_prep_tasks: - {get_attr: [HAProxyBase, role_data, host_prep_tasks]} + - name: Check if rsyslog exists + shell: systemctl is-active rsyslog + register: rsyslog_config + - when: rsyslog_config.rc == 0 + block: + - name: Forward logging to haproxy.log file + blockinfile: + content: | + if $syslogfacility-text == '{{facility}}' and $programname == 'haproxy' then -/var/log/containers/haproxy/haproxy.log + & stop + create: yes + path: /etc/rsyslog.d/openstack-haproxy.conf + vars: + facility: {get_param: HAProxySyslogFacility} + register: logconfig + - name: restart rsyslog service after logging conf change + service: + name: rsyslog + state: restarted + when: logconfig is changed - name: create persistent directories file: path: "{{ item.path }}" state: directory setype: "{{ item.setype }}" with_items: - - { 'path': /var/log/containers/haproxy, 'setype': svirt_sandbox_file_t } + - { 'path': /var/log/containers/haproxy, 'setype': var_log_t } - { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t } - { 'path': /var/log/haproxy, 'setype': svirt_sandbox_file_t } - name: haproxy logs readme diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml index e3bbe7236d..79d77a9d7f 100644 --- a/docker/services/pacemaker/haproxy.yaml +++ b/docker/services/pacemaker/haproxy.yaml @@ -72,6 +72,14 @@ parameters: HAProxyInternalTLSKeysDirectory: default: '/etc/pki/tls/private/haproxy' type: string + HAProxySyslogAddress: + default: /dev/log + description: Syslog address where HAproxy will send its log + type: string + HAProxySyslogFacility: + default: local0 + description: Syslog facility HAProxy will use for its logs + type: string ConfigDebug: default: false description: Whether to run config management (e.g. Puppet) in debug mode. @@ -116,6 +124,8 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + HAProxySyslogAddress: {get_param: HAProxySyslogAddress} + HAProxySyslogFacility: {get_param: HAProxySyslogFacility} outputs: role_data: @@ -287,12 +297,41 @@ outputs: - {get_param: DeployIdentifier} host_prep_tasks: - {get_attr: [HAProxyBase, role_data, host_prep_tasks]} + - name: Check if rsyslog exists + shell: systemctl is-active rsyslog + register: rsyslog_config + - when: rsyslog_config.rc == 0 + block: + - name: Forward logging to haproxy.log file + blockinfile: + content: | + if $syslogfacility-text == '{{facility}}' and $programname == 'haproxy' then -/var/log/containers/haproxy/haproxy.log + & stop + create: yes + path: /etc/rsyslog.d/openstack-haproxy.conf + vars: + facility: {get_param: HAProxySyslogFacility} + register: logconfig + - name: restart rsyslog service after logging conf change + service: + name: rsyslog + state: restarted + when: logconfig is changed - name: create persistent directories file: - path: "{{ item }}" + path: "{{ item.path }}" state: directory + setype: "{{ item.setype }}" with_items: - - /var/lib/haproxy + - { 'path': /var/log/containers/haproxy, 'setype': var_log_t } + - { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t } + - name: haproxy logs readme + copy: + dest: /var/log/haproxy/readme.txt + content: | + Log files from the haproxy containers can be found under + /var/log/containers/haproxy. + ignore_errors: true metadata_settings: get_attr: [HAProxyBase, role_data, metadata_settings] update_tasks: diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 6f8bdb386e..ac90cac0e7 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -46,6 +46,10 @@ parameters: default: /dev/log description: Syslog address where HAproxy will send its log type: string + HAProxySyslogFacility: + default: local0 + description: Syslog facility HAProxy will use for its logs + type: string HAProxyStatsEnabled: default: true description: Whether or not to enable the HAProxy stats interface. @@ -136,6 +140,7 @@ outputs: '107 haproxy stats': dport: 1993 tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress} + tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility} tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser} tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword} tripleo::haproxy::redis_password: {get_param: RedisPassword} diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml index b91e570b56..9c65179e8f 100644 --- a/puppet/services/pacemaker/haproxy.yaml +++ b/puppet/services/pacemaker/haproxy.yaml @@ -30,6 +30,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + HAProxySyslogFacility: + default: local0 + description: Syslog facility HAProxy will use for its logs + type: string + HAProxySyslogAddress: + default: /dev/log + description: Syslog address where HAproxy will send its log + type: string resources: LoadbalancerServiceBase: @@ -53,6 +61,8 @@ outputs: - get_attr: [LoadbalancerServiceBase, role_data, config_settings] - tripleo::haproxy::haproxy_service_manage: false tripleo::haproxy::mysql_clustercheck: true + tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress} + tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility} step_config: | include ::tripleo::profile::pacemaker::haproxy host_prep_tasks: {get_attr: [LoadbalancerServiceBase, role_data, host_prep_tasks]} diff --git a/releasenotes/notes/haproxy-log-2805e3697cbadf49.yaml b/releasenotes/notes/haproxy-log-2805e3697cbadf49.yaml new file mode 100644 index 0000000000..e3cf3515d2 --- /dev/null +++ b/releasenotes/notes/haproxy-log-2805e3697cbadf49.yaml @@ -0,0 +1,4 @@ +--- +features: + - Allow to output HAProxy in a dedicated file + - Adds new HAProxySyslogFacility param