Make Heka collect Keystone logs

Partially implements: blueprint heka Change-Id: I940143876981a04464af67aff65c09a06926701d
2016-02-11 15:34:45 +01:00 · 2016-02-11 15:34:45 +01:00 · 684873b89b
commit 684873b89b
parent b16724e09a
11 changed files with 60 additions and 17 deletions
--- a/ansible/roles/common/tasks/config.yml
+++ b/ansible/roles/common/tasks/config.yml
@ -33,3 +33,4 @@
    - "rabbitmq"
    - "openstack"
    - "mariadb"
+    - "keystone"
--- a/ansible/roles/common/templates/heka-keystone.toml.j2
+++ b/ansible/roles/common/templates/heka-keystone.toml.j2
@ -0,0 +1,13 @@
+{% set apache_dir = 'apache2' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd' %}
+[keystone_apache_log_decoder]
+type = "SandboxDecoder"
+filename = "lua_decoders/os_keystone_apache_log.lua"
+    [keystone_apache_log_decoder.config]
+    apache_log_pattern = '%h %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"'
+
+[keystone_apache_logstreamer_input]
+type = "LogstreamerInput"
+decoder = "keystone_apache_log_decoder"
+log_directory = "/var/log/kolla"
+file_match = '{{ apache_dir }}/keystone-apache-(?P<Service>.+)-access\.log'
+differentiator = ["keystone-apache-", "Service"]
--- a/ansible/roles/common/templates/heka-openstack.toml.j2
+++ b/ansible/roles/common/templates/heka-openstack.toml.j2
@ -6,5 +6,5 @@ filename = "lua_decoders/os_openstack_log.lua"
 type = "LogstreamerInput"
 decoder = "openstack_log_decoder"
 log_directory = "/var/log/kolla"
-file_match = '(?P<Service>nova|glance)/(?P<Program>.*)\.log'
+file_match = '(?P<Service>nova|glance|keystone)/(?P<Program>.*)\.log'
 differentiator = ["Service", "_", "Program"]
--- a/ansible/roles/common/templates/heka.json.j2
+++ b/ansible/roles/common/templates/heka.json.j2
@ -30,6 +30,12 @@
            "dest": "/etc/heka/heka-mariadb.toml",
            "owner": "heka",
            "perm": "0600"
+        },
+        {
+            "source": "{{ container_config_directory }}/heka-keystone.toml",
+            "dest": "/etc/heka/heka-keystone.toml",
+            "owner": "heka",
+            "perm": "0600"
        }
    ]
 }
--- a/ansible/roles/common/templates/rsyslog.conf.j2
+++ b/ansible/roles/common/templates/rsyslog.conf.j2
@ -34,13 +34,6 @@ $template NeutronMetadataAgentFile,"/var/log/neutron/neutron-metadata-agent.log"
 $template NeutronL3AgentFile,"/var/log/neutron/neutron-l3-agent.log"
 :syslogtag,contains,"neutron-l3-agent" ?NeutronL3AgentFile

-$template KeystoneErrorFile,"/var/log/keystone/keystone-error.log"
-if ($syslogtag contains "keystone-error") \
-or ($syslogtag contains "keystone" and $syslogseverity <=4) then ?KeystoneErrorFile
-
-$template KeystoneAccessFile,"/var/log/keystone/keystone-access.log"
-:syslogtag,contains,"keystone-access" ?KeystoneAccessFile
-
 $template CinderApiFile,"/var/log/cinder/cinder-api.log"
 :syslogtag,contains,"cinder-api" ?CinderApiFile

--- a/ansible/roles/keystone/tasks/bootstrap_service.yml
+++ b/ansible/roles/keystone/tasks/bootstrap_service.yml
@ -12,6 +12,8 @@
      BOOTSTRAP:
    name: "bootstrap_keystone"
    restart_policy: "never"
-    volumes: "{{ node_config_directory }}/keystone/:{{ container_config_directory }}/:ro"
+    volumes:
+      - "{{ node_config_directory }}/keystone/:{{ container_config_directory }}/:ro"
+      - "kolla_logs:/var/log/kolla/"
  run_once: True
  delegate_to: "{{ groups['keystone'][0] }}"
--- a/ansible/roles/keystone/tasks/start.yml
+++ b/ansible/roles/keystone/tasks/start.yml
@ -7,7 +7,7 @@
    name: "keystone"
    volumes:
      - "{{ node_config_directory }}/keystone/:{{ container_config_directory }}/:ro"
-      - "rsyslog_socket:/var/lib/kolla/rsyslog/"
+      - "kolla_logs:/var/log/kolla/"

 - name: Wait for keystone startup
  wait_for: host={{ keystone_admin_address }} port={{ keystone_admin_port }}
--- a/ansible/roles/keystone/templates/keystone.conf.j2
+++ b/ansible/roles/keystone/templates/keystone.conf.j2
@ -1,7 +1,8 @@
 [DEFAULT]
 debug = {{ keystone_logging_debug }}
-syslog_log_facility=LOG_LOCAL0
-use_syslog = True
+
+# NOTE(elemoine) log_dir alone does not work for Keystone
+log_file = /var/log/kolla/keystone/keystone.log

 admin_token = {{ keystone_admin_token }}

--- a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
+++ b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
@ -12,8 +12,9 @@ Listen {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['addr
    <IfVersion >= 2.4>
      ErrorLogFormat "%{cu}t %M"
    </IfVersion>
-    ErrorLog "|/usr/bin/logger -t keystone-error"
-    CustomLog "|/usr/bin/logger -t keystone-access" combined
+    ErrorLog "/var/log/kolla/{{ apache_dir }}/keystone-apache-public-error.log"
+    LogFormat "%h %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" logformat
+    CustomLog "/var/log/kolla/{{ apache_dir }}/keystone-apache-public-access.log" logformat
 </VirtualHost>

 <VirtualHost *:{{ keystone_admin_port }}>
@ -25,6 +26,7 @@ Listen {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['addr
    <IfVersion >= 2.4>
      ErrorLogFormat "%{cu}t %M"
    </IfVersion>
-    ErrorLog "|/usr/bin/logger -t keystone-error"
-    CustomLog "|/usr/bin/logger -t keystone-access" combined
+    ErrorLog "/var/log/kolla/{{ apache_dir }}/keystone-apache-admin-error.log"
+    LogFormat "%h %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" logformat
+    CustomLog "/var/log/kolla/{{ apache_dir }}/keystone-apache-admin-access.log" logformat
 </VirtualHost>
--- a/docker/keystone/Dockerfile.j2
+++ b/docker/keystone/Dockerfile.j2
@ -66,7 +66,8 @@ RUN ln -s keystone-source/* keystone \
 # TODO(SamYaple): Replace this with `keystone-manage bootstrap`
 RUN sed -i 's|token_auth json_body|token_auth admin_token_auth json_body|g' /etc/keystone/keystone-paste.ini

-RUN chown -R keystone: /var/www/cgi-bin/keystone \
+RUN usermod -a -G kolla keystone \
+    && chown -R keystone: /var/www/cgi-bin/keystone \
    && chmod 755 /var/www/cgi-bin/keystone/*

 COPY extend_start.sh /usr/local/bin/kolla_extend_start
--- a/docker/keystone/extend_start.sh
+++ b/docker/keystone/extend_start.sh
@ -4,6 +4,9 @@ if [[ "${KOLLA_BASE_DISTRO}" == "ubuntu" || \
        "${KOLLA_BASE_DISTRO}" == "debian" ]]; then
    # Loading Apache2 ENV variables
    source /etc/apache2/envvars
+    APACHE_DIR="apache2"
+else
+    APACHE_DIR="httpd"
 fi

 # NOTE(pbourke): httpd will not clean up after itself in some cases which
@ -13,6 +16,27 @@ if [[ "${KOLLA_BASE_DISTRO}" =~ fedora|centos|oraclelinux|rhel ]]; then
    rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd*
 fi

+# Create log dir for Keystone logs
+KEYSTONE_LOG_DIR="/var/log/kolla/keystone"
+if [[ ! -d "${KEYSTONE_LOG_DIR}" ]]; then
+    mkdir -p ${KEYSTONE_LOG_DIR}
+fi
+if [[ $(stat -c %U:%G ${KEYSTONE_LOG_DIR}) != "keystone:kolla" ]]; then
+    chown keystone:kolla ${KEYSTONE_LOG_DIR}
+fi
+if [[ $(stat -c %a ${KEYSTONE_LOG_DIR}) != "755" ]]; then
+    chmod 755 ${KEYSTONE_LOG_DIR}
+fi
+
+# Create log dir for Apache logs
+APACHE_LOG_DIR="/var/log/kolla/${APACHE_DIR}"
+if [[ ! -d "${APACHE_LOG_DIR}" ]]; then
+    mkdir -p ${APACHE_LOG_DIR}
+fi
+if [[ $(stat -c %a ${APACHE_LOG_DIR}) != "755" ]]; then
+    chmod 755 ${APACHE_LOG_DIR}
+fi
+
 # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
 # of the KOLLA_BOOTSTRAP variable being set, including empty.
 if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then