Barbican add ability to use global logging.conf
Add ability to use global logging.conf template which can be
used in all openstack components which support oslo.log
Change-Id: I2867fcc83a54e005c65d6c5f4ed30933ba7abfa5
Related-Prod: PROD-21353
diff --git a/README.rst b/README.rst
index f933560..33aea5c 100644
--- a/README.rst
+++ b/README.rst
@@ -69,6 +69,34 @@
- host: 10.10.10.12
port: 11211
+Enhanced logging with logging.conf
+----------------------------------
+
+By default logging.conf is disabled.
+
+That is possible to enable per-binary logging.conf with new variables:
+ * openstack_log_appender - set it to true to enable log_config_append for all OpenStack services;
+ * openstack_fluentd_handler_enabled - set to true to enable FluentHandler for all Openstack services.
+ * openstack_ossyslog_handler_enabled - set to true to enable OSSysLogHandler for all Openstack services.
+
+Only WatchedFileHandler, OSSysLogHandler and FluentHandler are available.
+
+Also it is possible to configure this with pillar:
+
+.. code-block:: yaml
+
+ barbican:
+ server:
+ logging:
+ log_appender: true
+ log_handlers:
+ watchedfile:
+ enabled: true
+ fluentd:
+ enabled: true
+ ossyslog:
+ enabled: true
+
Running behind loadbalancer
If you are running behind loadbalancer, set the `host_href` to load balancer's
diff --git a/barbican/files/pike/barbican.conf.Debian b/barbican/files/pike/barbican.conf.Debian
index b3fe9aa..ad79b0f 100644
--- a/barbican/files/pike/barbican.conf.Debian
+++ b/barbican/files/pike/barbican.conf.Debian
@@ -22,6 +22,19 @@
host_href =
{%- endif %}
+# The name of a logging configuration file. This file is appended to any
+# existing logging configuration files. For details about logging configuration
+# files, see the Python logging module documentation. Note that when logging
+# configuration files are used then all logging configuration is set in the
+# configuration file and other logging configuration options are ignored (for
+# example, logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
+# Deprecated group/name - [DEFAULT]/log_config
+#log_config_append = <None>
+{%- if server.logging.log_appender %}
+log_config_append=/etc/barbican/logging.conf
+{%- endif %}
+
# Log to this file. Make sure you do not set the same log
# file for both the API and registry servers!
#log_file = /var/log/barbican/api.log
diff --git a/barbican/map.jinja b/barbican/map.jinja
index 8f536b1..ff15a84 100644
--- a/barbican/map.jinja
+++ b/barbican/map.jinja
@@ -13,6 +13,12 @@
enabled: False
dogtag_admin_cert:
engine: noop
+ logging:
+ app_name: 'barbican'
+ log_appender: false
+ log_handlers:
+ watchedfile:
+ enabled: true
Debian:
pkgs:
- barbican-api
diff --git a/barbican/meta/fluentd.yml b/barbican/meta/fluentd.yml
new file mode 100644
index 0000000..2bee78e
--- /dev/null
+++ b/barbican/meta/fluentd.yml
@@ -0,0 +1,70 @@
+{%- from "barbican/map.jinja" import server with context %}
+{%- if pillar.get('fluentd', {}).get('agent', {}).get('enabled', False) %}
+{%- set positiondb = pillar.fluentd.agent.dir.positiondb %}
+{%- set apache_wsgi = server.get('enabled', False) %}
+agent:
+ config:
+ label:
+ forward_input:
+ input:
+ generic_forward_input:
+ type: forward
+ bind: 0.0.0.0
+ port: 24224
+ match:
+ route_openstack_barbican:
+ tag: openstack.barbican.**
+ type: relabel
+ label: openstack_barbican
+ openstack_barbican_wsgi:
+ input:
+ barbican_api_wsgi_in_tail:
+ type: tail
+ path:
+ - '/var/log/apache2/barbican.access.log'
+ - '/var/log/apache2/barbican.error.log'
+ tag: openstack.barbican
+ pos_file: {{ positiondb }}/barbican.wsgi.pos
+ parser:
+ type: regexp
+ time_key: Timestamp
+ time_format: '%d/%b/%Y:%H:%M:%S %z'
+ keep_time_key: false
+ # Apache format: https://regex101.com/r/WeCT7s/5
+ format: '/(?<hostname>[\w\.\-]+)\:(?<port>\d+)\s(?<http_client_ip_address>[\d\.]+)\s\-\s\-\s\[(?<Timestamp>.*)\]\s(?<Payload>\"(?<http_method>[A-Z]+)\s(?<http_url>\S+)\s(?<http_version>[.\/\dHTFSP]+)\"\s(?<http_status>\d{3})\s(?<http_response_time>\d+)\s(?<http_response_size>\d+)\s\"(?<http_referer>.*)\"\s\"(?<user_agent>.*)\")/'
+ filter:
+ add_barbican_wsgi_record_fields:
+ tag: openstack.barbican
+ type: record_transformer
+ enable_ruby: true
+ record:
+ - name: Severity
+ value: 6
+ - name: severity_label
+ value: INFO
+ - name: programname
+ value: barbican-wsgi
+ - name: http_response_time
+ value: ${ record['http_response_time'].to_i/100000.to_f }
+ match:
+ send_to_default:
+ tag: openstack.barbican
+ type: copy
+ store:
+ - type: relabel
+ label: default_output
+ - type: rewrite_tag_filter
+ rule:
+ - name: severity_label
+ regexp: '.'
+ result: metric.barbican_log_messages
+ - type: rewrite_tag_filter
+ rule:
+ - name: http_status
+ regexp: '.'
+ result: metric.barbican_openstack_http_response
+ push_to_metric:
+ tag: 'metric.**'
+ type: relabel
+ label: default_metric
+{% endif %}
diff --git a/barbican/server.sls b/barbican/server.sls
index c094ae3..4b9a251 100644
--- a/barbican/server.sls
+++ b/barbican/server.sls
@@ -37,6 +37,40 @@
- pkg: barbican_server_packages
- cmd: barbican_syncdb
+{%- if server.logging.log_appender %}
+
+{%- if server.logging.log_handlers.get('fluentd', {}).get('enabled', False) %}
+barbican_fluentd_logger_package:
+ pkg.installed:
+ - name: python-fluent-logger
+{%- endif %}
+
+/etc/barbican/logging.conf:
+ file.managed:
+ - user: barbican
+ - group: barbican
+ - source: salt://oslo_templates/files/logging/_logging.conf
+ - template: jinja
+ - defaults:
+ service_name: barbican
+ _data: {{ server.logging }}
+ - require:
+ - pkg: barbican_server_packages
+{%- if server.logging.log_handlers.get('fluentd', {}).get('enabled', False) %}
+ - pkg: barbican_fluentd_logger_package
+{%- endif %}
+ - watch_in:
+ - service: {{ barbican_server_services }}
+
+/var/log/barbican/barbican.log:
+ file.managed:
+ - user: barbican
+ - group: barbican
+ - watch_in:
+ - service: {{ barbican_server_services }}
+
+{%- endif %}
+
{#- Creation of sites using templates is deprecated, sites should be generated by apache pillar, and enabled by barbican formula #}
{%- if pillar.get('apache', {}).get('server', {}).get('site', {}).barbican is not defined %}
diff --git a/metadata/service/server/cluster.yml b/metadata/service/server/cluster.yml
index 4a7128e..f1945f9 100644
--- a/metadata/service/server/cluster.yml
+++ b/metadata/service/server/cluster.yml
@@ -4,6 +4,9 @@
- service.barbican.support
parameters:
_param:
+ openstack_log_appender: false
+ openstack_fluentd_handler_enabled: false
+ openstack_ossyslog_handler_enabled: false
keystone_barbican_endpoint_type: internalURL
cluster_internal_protocol: 'http'
barbican_service_protocol: ${_param:cluster_internal_protocol}
@@ -14,6 +17,15 @@
region: ${_param:openstack_region}
host_href: "${_param:barbican_service_protocol}://${_param:cluster_vip_address}:9311"
is_proxied: true
+ logging:
+ log_appender: ${_param:openstack_log_appender}
+ log_handlers:
+ watchedfile:
+ enabled: true
+ fluentd:
+ enabled: ${_param:openstack_fluentd_handler_enabled}
+ ossyslog:
+ enabled: ${_param:openstack_ossyslog_handler_enabled}
bind:
address: ${_param:cluster_local_address}
port: 9311
diff --git a/metadata/service/server/single.yml b/metadata/service/server/single.yml
index fdfac1b..a2a73e4 100644
--- a/metadata/service/server/single.yml
+++ b/metadata/service/server/single.yml
@@ -4,6 +4,9 @@
- service.barbican.support
parameters:
_param:
+ openstack_log_appender: false
+ openstack_fluentd_handler_enabled: false
+ openstack_ossyslog_handler_enabled: false
keystone_barbican_endpoint_type: internalURL
barbican_service_protocol: 'http'
barbican:
@@ -13,6 +16,15 @@
region: ${_param:openstack_region}
host_href: "${_param:barbican_service_protocol}://${_param:single_address}:9311"
is_proxied: false
+ logging:
+ log_appender: ${_param:openstack_log_appender}
+ log_handlers:
+ watchedfile:
+ enabled: true
+ fluentd:
+ enabled: ${_param:openstack_fluentd_handler_enabled}
+ ossyslog:
+ enabled: ${_param:openstack_ossyslog_handler_enabled}
bind:
address: ${_param:single_address}
port: 9311
diff --git a/metadata/service/support.yml b/metadata/service/support.yml
index ea53a7f..804a555 100644
--- a/metadata/service/support.yml
+++ b/metadata/service/support.yml
@@ -9,3 +9,5 @@
enabled: false
sphinx:
enabled: true
+ fluentd:
+ enabled: true
diff --git a/tests/pillar/control_cluster.sls b/tests/pillar/control_cluster.sls
index 938a5bd..ea8494e 100644
--- a/tests/pillar/control_cluster.sls
+++ b/tests/pillar/control_cluster.sls
@@ -85,6 +85,15 @@
port: 11211
- host: 10.10.10.12
port: 11211
+ logging:
+ log_appender: false
+ log_handlers:
+ watchedfile:
+ enabled: true
+ fluentd:
+ enabled: false
+ ossyslog:
+ enabled: false
apache:
server:
enabled: true
diff --git a/tests/pillar/control_single.sls b/tests/pillar/control_single.sls
index 330f409..7dde92d 100644
--- a/tests/pillar/control_single.sls
+++ b/tests/pillar/control_single.sls
@@ -85,6 +85,15 @@
port: 11211
- host: 10.10.10.12
port: 11211
+ logging:
+ log_appender: false
+ log_handlers:
+ watchedfile:
+ enabled: true
+ fluentd:
+ enabled: false
+ ossyslog:
+ enabled: false
apache:
server:
enabled: true