openstack/kolla-ansible
Code Issues Proposed changes
6c2bb6b736
kolla-ansible/ansible/roles/common/templates/conf/output/00-local.conf.j2
James Kirsch 93ad57f47e Add support for encrypting backend Neutron API Server 
Add TLS support for backend Neutron API Server communication using
HAProxy to perform TLS termination. When used in conjunction with
enabling TLS for service API endpoints, network communication will be
encrypted end to end, from client through HAProxy to the Neutron
service.

Change-Id: Ib333a1f1bd12491df72a9e52d961161210e2d330
Partially-Implements: blueprint add-ssl-internal-network
2020-10-12 17:27:44 +00:00

244 lines
7.6 KiB
Django/Jinja
Raw Blame History

<match syslog.{{ syslog_swift_facility }}.**>
@type copy
<store>
@type file
path /var/log/kolla/swift/swift_latest.*.log
append true
compress gzip
<buffer>
timekey_use_utc
</buffer>
</store>
{% if log_direct_to_elasticsearch %}
<store>
type elasticsearch
host {{ elasticsearch_address }}
port {{ elasticsearch_port }}
scheme {{ fluentd_elasticsearch_scheme }}
{% if fluentd_elasticsearch_path != '' %}
path {{ fluentd_elasticsearch_path }}
{% endif %}
{% if fluentd_elasticsearch_scheme == 'https' %}
ssl_version {{ fluentd_elasticsearch_ssl_version }}
ssl_verify {{ fluentd_elasticsearch_ssl_verify }}
{% if fluentd_elasticsearch_cacert | length > 0 %}
ca_file {{ fluentd_elasticsearch_cacert }}
{% endif %}
{% endif %}
{% if fluentd_elasticsearch_user != '' and fluentd_elasticsearch_password != ''%}
user {{ fluentd_elasticsearch_user }}
password {{ fluentd_elasticsearch_password }}
{% endif %}
logstash_format true
logstash_prefix {{ kibana_log_prefix }}
flush_interval 15s
reconnect_on_error true
buffer_type file
buffer_path /var/lib/fluentd/data/elasticsearch.buffer/{{ syslog_swift_facility }}.*
</store>
{% elif enable_monasca | bool %}
<store>
@type monasca
keystone_url {{ keystone_internal_url }}
monasca_api {{ monasca_log_api_internal_endpoint }}
monasca_api_version v2.0
username {{ monasca_agent_user }}
password {{ monasca_agent_password }}
domain_id default
project_name {{ monasca_control_plane_project }}
message_field_name Payload
buffer_type file
buffer_path /var/lib/fluentd/data/monasca.buffer/{{ syslog_swift_facility }}.*
max_retry_wait 1800s
disable_retry_limit true
<buffer>
chunk_limit_size 8m
</buffer>
</store>
{% endif %}
</match>
<match syslog.{{ syslog_haproxy_facility }}.**>
@type copy
<store>
@type file
path /var/log/kolla/haproxy/haproxy_latest.*.log
output_tag false
output_time false
append true
compress gzip
<buffer>
timekey_use_utc
</buffer>
</store>
{% if log_direct_to_elasticsearch %}
<store>
type elasticsearch
host {{ elasticsearch_address }}
port {{ elasticsearch_port }}
scheme {{ fluentd_elasticsearch_scheme }}
{% if fluentd_elasticsearch_path != '' %}
path {{ fluentd_elasticsearch_path }}
{% endif %}
{% if fluentd_elasticsearch_scheme == 'https' %}
ssl_version {{ fluentd_elasticsearch_ssl_version }}
ssl_verify {{ fluentd_elasticsearch_ssl_verify }}
{% if fluentd_elasticsearch_cacert | length > 0 %}
ca_file {{ fluentd_elasticsearch_cacert }}
{% endif %}
{% endif %}
{% if fluentd_elasticsearch_user != '' and fluentd_elasticsearch_password != ''%}
user {{ fluentd_elasticsearch_user }}
password {{ fluentd_elasticsearch_password }}
{% endif %}
logstash_format true
logstash_prefix {{ kibana_log_prefix }}
flush_interval 15s
reconnect_on_error true
buffer_type file
buffer_path /var/lib/fluentd/data/elasticsearch.buffer/{{ syslog_haproxy_facility }}.*
</store>
{% elif enable_monasca | bool %}
<store>
@type monasca
keystone_url {{ keystone_internal_url }}
monasca_api {{ monasca_log_api_internal_endpoint }}
monasca_api_version v2.0
username {{ monasca_agent_user }}
password {{ monasca_agent_password }}
domain_id default
project_name {{ monasca_control_plane_project }}
message_field_name Payload
buffer_type file
buffer_path /var/lib/fluentd/data/monasca.buffer/{{ syslog_haproxy_facility }}.*
max_retry_wait 1800s
disable_retry_limit true
<buffer>
chunk_limit_size 8m
</buffer>
</store>
{% endif %}
</match>
{% if glance_enable_tls_backend | bool %}
<match syslog.{{ syslog_glance_tls_proxy_facility }}.**>
@type copy
<store>
@type file
path /var/log/kolla/glance-tls-proxy/glance-tls-proxy.*.log
output_tag false
output_time false
append true
compress gzip
<buffer>
timekey_use_utc
</buffer>
</store>
{% if log_direct_to_elasticsearch %}
<store>
type elasticsearch
host {{ elasticsearch_address }}
port {{ elasticsearch_port }}
scheme {{ fluentd_elasticsearch_scheme }}
{% if fluentd_elasticsearch_path != '' %}
path {{ fluentd_elasticsearch_path }}
{% endif %}
{% if fluentd_elasticsearch_scheme == 'https' %}
ssl_version {{ fluentd_elasticsearch_ssl_version }}
ssl_verify {{ fluentd_elasticsearch_ssl_verify }}
{% endif %}
{% if fluentd_elasticsearch_user != '' and fluentd_elasticsearch_password != ''%}
user {{ fluentd_elasticsearch_user }}
password {{ fluentd_elasticsearch_password }}
{% endif %}
logstash_format true
logstash_prefix {{ kibana_log_prefix }}
flush_interval 15s
reconnect_on_error true
buffer_type file
buffer_path /var/lib/fluentd/data/elasticsearch.buffer/{{ syslog_glance_tls_proxy_facility }}.*
</store>
{% elif enable_monasca | bool %}
<store>
@type monasca
keystone_url {{ keystone_internal_url }}
monasca_api {{ monasca_log_api_internal_endpoint }}
monasca_api_version v2.0
username {{ monasca_agent_user }}
password {{ monasca_agent_password }}
domain_id default
project_name {{ monasca_control_plane_project }}
message_field_name Payload
buffer_type file
buffer_path /var/lib/fluentd/data/monasca.buffer/{{ syslog_glance_tls_proxy_facility }}.*
max_retry_wait 1800s
disable_retry_limit true
<buffer>
chunk_limit_size 8m
</buffer>
</store>
{% endif %}
</match>
{% endif %}
{% if neutron_enable_tls_backend | bool %}
<match syslog.{{ syslog_neutron_tls_proxy_facility }}.**>
@type copy
<store>
@type file
path /var/log/kolla/neutron-tls-proxy/neutron-tls-proxy.*.log
output_tag false
output_time false
append true
compress gzip
<buffer>
timekey_use_utc
</buffer>
</store>
{% if log_direct_to_elasticsearch %}
<store>
type elasticsearch
host {{ elasticsearch_address }}
port {{ elasticsearch_port }}
scheme {{ fluentd_elasticsearch_scheme }}
{% if fluentd_elasticsearch_path != '' %}
path {{ fluentd_elasticsearch_path }}
{% endif %}
{% if fluentd_elasticsearch_scheme == 'https' %}
ssl_version {{ fluentd_elasticsearch_ssl_version }}
ssl_verify {{ fluentd_elasticsearch_ssl_verify }}
{% endif %}
{% if fluentd_elasticsearch_user != '' and fluentd_elasticsearch_password != ''%}
user {{ fluentd_elasticsearch_user }}
password {{ fluentd_elasticsearch_password }}
{% endif %}
logstash_format true
logstash_prefix {{ kibana_log_prefix }}
flush_interval 15s
reconnect_on_error true
buffer_type file
buffer_path /var/lib/fluentd/data/elasticsearch.buffer/{{ syslog_neutron_tls_proxy_facility }}.*
</store>
{% elif enable_monasca | bool %}
<store>
@type monasca
keystone_url {{ keystone_internal_url }}
monasca_api {{ monasca_log_api_internal_endpoint }}
monasca_api_version v2.0
username {{ monasca_agent_user }}
password {{ monasca_agent_password }}
domain_id default
project_name {{ monasca_control_plane_project }}
message_field_name Payload
buffer_type file
buffer_path /var/lib/fluentd/data/monasca.buffer/{{ syslog_neutron_tls_proxy_facility }}.*
max_retry_wait 1800s
disable_retry_limit true
<buffer>
chunk_limit_size 8m
</buffer>
</store>
{% endif %}
</match>
{% endif %}
View Git Blame Copy Permalink