From 80f48f131049b4f04a68bd07b56773510cadbafd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= <cjeanner@redhat.com>
Date: Wed, 28 Nov 2018 13:56:13 +0100
Subject: [PATCH] Ensure we get dedicated logging file for HAProxy

With the current configuration, HAProxy logs are in the host journal.
This isn't really friendly when you want to debug issues with this service.

This patches ensures HAProxy logs are in a dedicated file, using the syslog
facility set in its configuration.

Closes-Bug: #1814880
Depends-On: I8fee040287940188f6bc6bc35bdbdaf6c234cbfd
Change-Id: Ia615ac07d0c559deb65e307bb6254127e989794d
(cherry picked from commit 0576e26234206ab36b161cd43e6b2b69daf49948)
---
 common/deploy-steps-tasks.yaml                |  8 ++++
 docker/services/haproxy.yaml                  | 28 +++++++++++-
 docker/services/pacemaker/haproxy.yaml        | 43 ++++++++++++++++++-
 puppet/services/haproxy.yaml                  |  5 +++
 puppet/services/pacemaker/haproxy.yaml        | 10 +++++
 .../notes/haproxy-log-2805e3697cbadf49.yaml   |  4 ++
 6 files changed, 95 insertions(+), 3 deletions(-)
 create mode 100644 releasenotes/notes/haproxy-log-2805e3697cbadf49.yaml

diff --git a/common/deploy-steps-tasks.yaml b/common/deploy-steps-tasks.yaml
index 6a79ebf5b0..8d380a2cc1 100644
--- a/common/deploy-steps-tasks.yaml
+++ b/common/deploy-steps-tasks.yaml
@@ -7,6 +7,14 @@
     - name: Write config data at the start of step 1
       when: step == "1"
       block:
+        - name: Create and ensure setype for /var/log/containers directory
+          file:
+            path: /var/log/containers
+            state: directory
+            setype: var_log_t
+            selevel: s0
+          tags:
+            - host_config
         - name: Create /var/lib/tripleo-config directory
           file:
             path: /var/lib/tripleo-config
diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml
index b95e1bdd3a..66929ced4e 100644
--- a/docker/services/haproxy.yaml
+++ b/docker/services/haproxy.yaml
@@ -40,6 +40,10 @@ parameters:
     default: /dev/log
     description: Syslog address where HAproxy will send its log
     type: string
+  HAProxySyslogFacility:
+    default: local0
+    description: Syslog facility HAProxy will use for its logs
+    type: string
   SSLCertificate:
     default: ''
     description: >
@@ -121,6 +125,8 @@ resources:
       DefaultPasswords: {get_param: DefaultPasswords}
       RoleName: {get_param: RoleName}
       RoleParameters: {get_param: RoleParameters}
+      HAProxySyslogAddress: {get_param: HAProxySyslogAddress}
+      HAProxySyslogFacility: {get_param: HAProxySyslogFacility}
 
   HAProxyLogging:
     type: OS::TripleO::Services::Logging::HAProxy
@@ -293,13 +299,33 @@ outputs:
               when: remove_haproxy_package|bool
       host_prep_tasks:
         - {get_attr: [HAProxyBase, role_data, host_prep_tasks]}
+        - name: Check if rsyslog exists
+          shell: systemctl is-active rsyslog
+          register: rsyslog_config
+        - when: rsyslog_config.rc == 0
+          block:
+            - name: Forward logging to haproxy.log file
+              blockinfile:
+                content: |
+                  if $syslogfacility-text == '{{facility}}' and $programname == 'haproxy' then -/var/log/containers/haproxy/haproxy.log
+                  & stop
+                create: yes
+                path: /etc/rsyslog.d/openstack-haproxy.conf
+              vars:
+                facility: {get_param: HAProxySyslogFacility}
+              register: logconfig
+            - name: restart rsyslog service after logging conf change
+              service:
+                name: rsyslog
+                state: restarted
+              when: logconfig is changed
         - name: create persistent directories
           file:
             path: "{{ item.path }}"
             state: directory
             setype: "{{ item.setype }}"
           with_items:
-            - { 'path': /var/log/containers/haproxy, 'setype': svirt_sandbox_file_t }
+            - { 'path': /var/log/containers/haproxy, 'setype': var_log_t }
             - { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t }
             - { 'path': /var/log/haproxy, 'setype': svirt_sandbox_file_t }
         - name: haproxy logs readme
diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml
index e3bbe7236d..79d77a9d7f 100644
--- a/docker/services/pacemaker/haproxy.yaml
+++ b/docker/services/pacemaker/haproxy.yaml
@@ -72,6 +72,14 @@ parameters:
   HAProxyInternalTLSKeysDirectory:
     default: '/etc/pki/tls/private/haproxy'
     type: string
+  HAProxySyslogAddress:
+    default: /dev/log
+    description: Syslog address where HAproxy will send its log
+    type: string
+  HAProxySyslogFacility:
+    default: local0
+    description: Syslog facility HAProxy will use for its logs
+    type: string
   ConfigDebug:
     default: false
     description: Whether to run config management (e.g. Puppet) in debug mode.
@@ -116,6 +124,8 @@ resources:
       DefaultPasswords: {get_param: DefaultPasswords}
       RoleName: {get_param: RoleName}
       RoleParameters: {get_param: RoleParameters}
+      HAProxySyslogAddress: {get_param: HAProxySyslogAddress}
+      HAProxySyslogFacility: {get_param: HAProxySyslogFacility}
 
 outputs:
   role_data:
@@ -287,12 +297,41 @@ outputs:
                     - {get_param: DeployIdentifier}
       host_prep_tasks:
         - {get_attr: [HAProxyBase, role_data, host_prep_tasks]}
+        - name: Check if rsyslog exists
+          shell: systemctl is-active rsyslog
+          register: rsyslog_config
+        - when: rsyslog_config.rc == 0
+          block:
+            - name: Forward logging to haproxy.log file
+              blockinfile:
+                content: |
+                  if $syslogfacility-text == '{{facility}}' and $programname == 'haproxy' then -/var/log/containers/haproxy/haproxy.log
+                  & stop
+                create: yes
+                path: /etc/rsyslog.d/openstack-haproxy.conf
+              vars:
+                facility: {get_param: HAProxySyslogFacility}
+              register: logconfig
+            - name: restart rsyslog service after logging conf change
+              service:
+                name: rsyslog
+                state: restarted
+              when: logconfig is changed
         - name: create persistent directories
           file:
-            path: "{{ item }}"
+            path: "{{ item.path }}"
             state: directory
+            setype: "{{ item.setype }}"
           with_items:
-            - /var/lib/haproxy
+            - { 'path': /var/log/containers/haproxy, 'setype': var_log_t }
+            - { 'path': /var/lib/haproxy, 'setype': svirt_sandbox_file_t }
+        - name: haproxy logs readme
+          copy:
+            dest: /var/log/haproxy/readme.txt
+            content: |
+              Log files from the haproxy containers can be found under
+              /var/log/containers/haproxy.
+          ignore_errors: true
       metadata_settings:
         get_attr: [HAProxyBase, role_data, metadata_settings]
       update_tasks:
diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml
index 6f8bdb386e..ac90cac0e7 100644
--- a/puppet/services/haproxy.yaml
+++ b/puppet/services/haproxy.yaml
@@ -46,6 +46,10 @@ parameters:
     default: /dev/log
     description: Syslog address where HAproxy will send its log
     type: string
+  HAProxySyslogFacility:
+    default: local0
+    description: Syslog facility HAProxy will use for its logs
+    type: string
   HAProxyStatsEnabled:
     default: true
     description: Whether or not to enable the HAProxy stats interface.
@@ -136,6 +140,7 @@ outputs:
               '107 haproxy stats':
                 dport: 1993
             tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
+            tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility}
             tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
             tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
             tripleo::haproxy::redis_password: {get_param: RedisPassword}
diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml
index b91e570b56..9c65179e8f 100644
--- a/puppet/services/pacemaker/haproxy.yaml
+++ b/puppet/services/pacemaker/haproxy.yaml
@@ -30,6 +30,14 @@ parameters:
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
+  HAProxySyslogFacility:
+    default: local0
+    description: Syslog facility HAProxy will use for its logs
+    type: string
+  HAProxySyslogAddress:
+    default: /dev/log
+    description: Syslog address where HAproxy will send its log
+    type: string
 
 resources:
   LoadbalancerServiceBase:
@@ -53,6 +61,8 @@ outputs:
           - get_attr: [LoadbalancerServiceBase, role_data, config_settings]
           - tripleo::haproxy::haproxy_service_manage: false
             tripleo::haproxy::mysql_clustercheck: true
+            tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
+            tripleo::haproxy::haproxy_log_facility: {get_param: HAProxySyslogFacility}
       step_config: |
         include ::tripleo::profile::pacemaker::haproxy
       host_prep_tasks: {get_attr: [LoadbalancerServiceBase, role_data, host_prep_tasks]}
diff --git a/releasenotes/notes/haproxy-log-2805e3697cbadf49.yaml b/releasenotes/notes/haproxy-log-2805e3697cbadf49.yaml
new file mode 100644
index 0000000000..e3cf3515d2
--- /dev/null
+++ b/releasenotes/notes/haproxy-log-2805e3697cbadf49.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - Allow to output HAProxy in a dedicated file
+  - Adds new HAProxySyslogFacility param