openstack/kolla-ansible
Code Issues Proposed changes
3337e9873a
kolla-ansible/ansible/roles/barbican/templates/barbican.conf.j2
Doug Szumski 1ff4e58d70 Fix Barbican API log config 
There are a few issues fixed here:

- The Barbican API service doesn't set a log file, so all the Barbican API
  service logs go to loadwsgi.py.log by default.
- The logs in loadwsgi.py.log are not ingested properly by Fluentd.
- uWSGI logs go to barbican-api.log. This would normally be used as the log
  file for the Barbican API service logs.

This patch makes the following changes to address the above issues:

- All uWSGI logs (from the Emperor and Vassals) go to barbican_api_uwsgi_access.log
  Although these logs aren't strictly all access logs, this follows the existing
  pattern for WSGI logs.
- The Barbican API service logs are written to barbican-api.log instead of
  loadwsgi.py.log. This follows the pattern used by other OpenStack services.
- Fluentd is configured to parse the Barbican API service logs as it would with
  other OpenStack Python services.

Change-Id: I6d03fa8c81c52b6f061514a836bbd15bb6639aaf
Closes-Bug: #1891343
2021-01-27 17:24:58 +00:00

94 lines
2.8 KiB
Django/Jinja
Raw Blame History

[DEFAULT]
debug = {{ barbican_logging_debug }}
log_dir = /var/log/kolla/barbican
{% if service_name == "barbican-api" %}
log_file = barbican-api.log
{% endif %}
bind_port = {{ barbican_api_listen_port }}
bind_host = {{ api_interface_address }}
host_href = {{ barbican_public_endpoint }}
backlog = 4096
max_allowed_secret_in_bytes = 10000
max_allowed_request_size_in_bytes = 1000000
db_auto_create = False
sql_connection = mysql+pymysql://{{ barbican_database_user }}:{{ barbican_database_password }}@{{ barbican_database_address }}/{{ barbican_database_name }}
transport_url = {{ rpc_transport_url }}
# ================= Secret Store Plugin ===================
[secretstore]
namespace = barbican.secretstore.plugin
enabled_secretstore_plugins = store_crypto
# ================= Crypto plugin ===================
[crypto]
namespace = barbican.crypto.plugin
enabled_crypto_plugins = {{ barbican_crypto_plugin }}
{% if barbican_crypto_plugin == 'p11_crypto' %}
[p11_crypto_plugin]
# Path to vendor PKCS11 library
library_path = {{ barbican_library_path }}
# Password to login to PKCS11 session
login = '{{ barbican_p11_password }}'
# Label to identify master KEK in the HSM (must not be the same as HMAC label)
mkek_label = 'kolla_master_kek'
# Length in bytes of master KEK
mkek_length = 32
# Label to identify HMAC key in the HSM (must not be the same as MKEK label)
hmac_label = 'kolla_hmac'
{% endif %}
{% if barbican_crypto_plugin == 'simple_crypto' %}
[simple_crypto_plugin]
# the kek should be a 32-byte value which is base64 encoded
kek = '{{ barbican_crypto_key }}'
{% endif %}
[keystone_notifications]
enable = True
{% if enable_keystone | bool %}
topic = barbican_notifications
{% endif %}
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
project_domain_id = {{ default_project_domain_id }}
project_name = service
user_domain_id = {{ default_user_domain_id }}
username = {{ barbican_keystone_user }}
password = {{ barbican_keystone_password }}
auth_url = {{ keystone_admin_url }}
auth_type = password
cafile = {{ openstack_cacert }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
{% if barbican_enabled_notification_topics %}
driver = messagingv2
topics = {{ barbican_enabled_notification_topics | map(attribute='name') | join(',') }}
{% else %}
driver = noop
{% endif %}
{% if om_enable_rabbitmq_tls | bool %}
[oslo_messaging_rabbit]
ssl = true
ssl_ca_file = {{ om_rabbitmq_cacert }}
{% endif %}
[oslo_middleware]
enable_proxy_headers_parsing = True
{% if barbican_policy_file is defined %}
[oslo_policy]
policy_file = {{ barbican_policy_file }}
{% endif %}
View Git Blame Copy Permalink