diff --git a/ansible/roles/common/tasks/config.yml b/ansible/roles/common/tasks/config.yml index 50b46bf042..4a0705a7d9 100644 --- a/ansible/roles/common/tasks/config.yml +++ b/ansible/roles/common/tasks/config.yml @@ -33,3 +33,4 @@ - "rabbitmq" - "openstack" - "mariadb" + - "keystone" diff --git a/ansible/roles/common/templates/heka-keystone.toml.j2 b/ansible/roles/common/templates/heka-keystone.toml.j2 new file mode 100644 index 0000000000..1ece4ea025 --- /dev/null +++ b/ansible/roles/common/templates/heka-keystone.toml.j2 @@ -0,0 +1,13 @@ +{% set apache_dir = 'apache2' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd' %} +[keystone_apache_log_decoder] +type = "SandboxDecoder" +filename = "lua_decoders/os_keystone_apache_log.lua" + [keystone_apache_log_decoder.config] + apache_log_pattern = '%h %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"' + +[keystone_apache_logstreamer_input] +type = "LogstreamerInput" +decoder = "keystone_apache_log_decoder" +log_directory = "/var/log/kolla" +file_match = '{{ apache_dir }}/keystone-apache-(?P.+)-access\.log' +differentiator = ["keystone-apache-", "Service"] diff --git a/ansible/roles/common/templates/heka-openstack.toml.j2 b/ansible/roles/common/templates/heka-openstack.toml.j2 index 668b6dad2b..ace78b71f3 100644 --- a/ansible/roles/common/templates/heka-openstack.toml.j2 +++ b/ansible/roles/common/templates/heka-openstack.toml.j2 @@ -6,5 +6,5 @@ filename = "lua_decoders/os_openstack_log.lua" type = "LogstreamerInput" decoder = "openstack_log_decoder" log_directory = "/var/log/kolla" -file_match = '(?Pnova|glance)/(?P.*)\.log' +file_match = '(?Pnova|glance|keystone)/(?P.*)\.log' differentiator = ["Service", "_", "Program"] diff --git a/ansible/roles/common/templates/heka.json.j2 b/ansible/roles/common/templates/heka.json.j2 index e33982cc04..69bfc084af 100644 --- a/ansible/roles/common/templates/heka.json.j2 +++ b/ansible/roles/common/templates/heka.json.j2 @@ -30,6 +30,12 @@ "dest": "/etc/heka/heka-mariadb.toml", "owner": "heka", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/heka-keystone.toml", + "dest": "/etc/heka/heka-keystone.toml", + "owner": "heka", + "perm": "0600" } ] } diff --git a/ansible/roles/common/templates/rsyslog.conf.j2 b/ansible/roles/common/templates/rsyslog.conf.j2 index 57ae17d8ed..f7323c9d81 100644 --- a/ansible/roles/common/templates/rsyslog.conf.j2 +++ b/ansible/roles/common/templates/rsyslog.conf.j2 @@ -34,13 +34,6 @@ $template NeutronMetadataAgentFile,"/var/log/neutron/neutron-metadata-agent.log" $template NeutronL3AgentFile,"/var/log/neutron/neutron-l3-agent.log" :syslogtag,contains,"neutron-l3-agent" ?NeutronL3AgentFile -$template KeystoneErrorFile,"/var/log/keystone/keystone-error.log" -if ($syslogtag contains "keystone-error") \ -or ($syslogtag contains "keystone" and $syslogseverity <=4) then ?KeystoneErrorFile - -$template KeystoneAccessFile,"/var/log/keystone/keystone-access.log" -:syslogtag,contains,"keystone-access" ?KeystoneAccessFile - $template CinderApiFile,"/var/log/cinder/cinder-api.log" :syslogtag,contains,"cinder-api" ?CinderApiFile diff --git a/ansible/roles/keystone/tasks/bootstrap_service.yml b/ansible/roles/keystone/tasks/bootstrap_service.yml index b522ea0366..a9d005a993 100644 --- a/ansible/roles/keystone/tasks/bootstrap_service.yml +++ b/ansible/roles/keystone/tasks/bootstrap_service.yml @@ -12,6 +12,8 @@ BOOTSTRAP: name: "bootstrap_keystone" restart_policy: "never" - volumes: "{{ node_config_directory }}/keystone/:{{ container_config_directory }}/:ro" + volumes: + - "{{ node_config_directory }}/keystone/:{{ container_config_directory }}/:ro" + - "kolla_logs:/var/log/kolla/" run_once: True delegate_to: "{{ groups['keystone'][0] }}" diff --git a/ansible/roles/keystone/tasks/start.yml b/ansible/roles/keystone/tasks/start.yml index c9271ef594..103610e1ff 100644 --- a/ansible/roles/keystone/tasks/start.yml +++ b/ansible/roles/keystone/tasks/start.yml @@ -7,7 +7,7 @@ name: "keystone" volumes: - "{{ node_config_directory }}/keystone/:{{ container_config_directory }}/:ro" - - "rsyslog_socket:/var/lib/kolla/rsyslog/" + - "kolla_logs:/var/log/kolla/" - name: Wait for keystone startup wait_for: host={{ keystone_admin_address }} port={{ keystone_admin_port }} diff --git a/ansible/roles/keystone/templates/keystone.conf.j2 b/ansible/roles/keystone/templates/keystone.conf.j2 index 01f337e8f2..7d2ef7eb8c 100644 --- a/ansible/roles/keystone/templates/keystone.conf.j2 +++ b/ansible/roles/keystone/templates/keystone.conf.j2 @@ -1,7 +1,8 @@ [DEFAULT] debug = {{ keystone_logging_debug }} -syslog_log_facility=LOG_LOCAL0 -use_syslog = True + +# NOTE(elemoine) log_dir alone does not work for Keystone +log_file = /var/log/kolla/keystone/keystone.log admin_token = {{ keystone_admin_token }} diff --git a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 index 464c318236..d6286f16d9 100644 --- a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 +++ b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 @@ -12,8 +12,9 @@ Listen {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['addr = 2.4> ErrorLogFormat "%{cu}t %M" - ErrorLog "|/usr/bin/logger -t keystone-error" - CustomLog "|/usr/bin/logger -t keystone-access" combined + ErrorLog "/var/log/kolla/{{ apache_dir }}/keystone-apache-public-error.log" + LogFormat "%h %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" logformat + CustomLog "/var/log/kolla/{{ apache_dir }}/keystone-apache-public-access.log" logformat @@ -25,6 +26,7 @@ Listen {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['addr = 2.4> ErrorLogFormat "%{cu}t %M" - ErrorLog "|/usr/bin/logger -t keystone-error" - CustomLog "|/usr/bin/logger -t keystone-access" combined + ErrorLog "/var/log/kolla/{{ apache_dir }}/keystone-apache-admin-error.log" + LogFormat "%h %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" logformat + CustomLog "/var/log/kolla/{{ apache_dir }}/keystone-apache-admin-access.log" logformat diff --git a/docker/keystone/Dockerfile.j2 b/docker/keystone/Dockerfile.j2 index b00b72a5f1..7bb2801253 100644 --- a/docker/keystone/Dockerfile.j2 +++ b/docker/keystone/Dockerfile.j2 @@ -66,7 +66,8 @@ RUN ln -s keystone-source/* keystone \ # TODO(SamYaple): Replace this with `keystone-manage bootstrap` RUN sed -i 's|token_auth json_body|token_auth admin_token_auth json_body|g' /etc/keystone/keystone-paste.ini -RUN chown -R keystone: /var/www/cgi-bin/keystone \ +RUN usermod -a -G kolla keystone \ + && chown -R keystone: /var/www/cgi-bin/keystone \ && chmod 755 /var/www/cgi-bin/keystone/* COPY extend_start.sh /usr/local/bin/kolla_extend_start diff --git a/docker/keystone/extend_start.sh b/docker/keystone/extend_start.sh index c13ebfa0be..5dd166534f 100644 --- a/docker/keystone/extend_start.sh +++ b/docker/keystone/extend_start.sh @@ -4,6 +4,9 @@ if [[ "${KOLLA_BASE_DISTRO}" == "ubuntu" || \ "${KOLLA_BASE_DISTRO}" == "debian" ]]; then # Loading Apache2 ENV variables source /etc/apache2/envvars + APACHE_DIR="apache2" +else + APACHE_DIR="httpd" fi # NOTE(pbourke): httpd will not clean up after itself in some cases which @@ -13,6 +16,27 @@ if [[ "${KOLLA_BASE_DISTRO}" =~ fedora|centos|oraclelinux|rhel ]]; then rm -rf /var/run/httpd/* /run/httpd/* /tmp/httpd* fi +# Create log dir for Keystone logs +KEYSTONE_LOG_DIR="/var/log/kolla/keystone" +if [[ ! -d "${KEYSTONE_LOG_DIR}" ]]; then + mkdir -p ${KEYSTONE_LOG_DIR} +fi +if [[ $(stat -c %U:%G ${KEYSTONE_LOG_DIR}) != "keystone:kolla" ]]; then + chown keystone:kolla ${KEYSTONE_LOG_DIR} +fi +if [[ $(stat -c %a ${KEYSTONE_LOG_DIR}) != "755" ]]; then + chmod 755 ${KEYSTONE_LOG_DIR} +fi + +# Create log dir for Apache logs +APACHE_LOG_DIR="/var/log/kolla/${APACHE_DIR}" +if [[ ! -d "${APACHE_LOG_DIR}" ]]; then + mkdir -p ${APACHE_LOG_DIR} +fi +if [[ $(stat -c %a ${APACHE_LOG_DIR}) != "755" ]]; then + chmod 755 ${APACHE_LOG_DIR} +fi + # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases # of the KOLLA_BOOTSTRAP variable being set, including empty. if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then