summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--manifests/haproxy.pp20
-rw-r--r--manifests/haproxy/endpoint.pp26
-rw-r--r--manifests/profile/base/logging/logrotate.pp112
-rw-r--r--spec/classes/tripleo_profile_base_logging_logrotate_spec.rb59
-rw-r--r--templates/logrotate/containers_logrotate.conf.erb14
5 files changed, 213 insertions, 18 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index a3d088a..0933831 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -520,7 +520,6 @@
# 'ironic_inspector_port' (Defaults to 5050)
# 'ironic_inspector_ssl_port' (Defaults to 13050)
# 'keystone_admin_api_port' (Defaults to 35357)
-# 'keystone_admin_api_ssl_port' (Defaults to 13357)
# 'keystone_public_api_port' (Defaults to 5000)
# 'keystone_public_api_ssl_port' (Defaults to 13000)
# 'manila_api_port' (Defaults to 8786)
@@ -708,7 +707,6 @@ class tripleo::haproxy (
ironic_inspector_port => 5050,
ironic_inspector_ssl_port => 13050,
keystone_admin_api_port => 35357,
- keystone_admin_api_ssl_port => 13357,
keystone_public_api_port => 5000,
keystone_public_api_ssl_port => 13000,
manila_api_port => 8786,
@@ -894,16 +892,14 @@ class tripleo::haproxy (
if $keystone_admin {
::tripleo::haproxy::endpoint { 'keystone_admin':
- public_virtual_ip => $public_virtual_ip,
- internal_ip => hiera('keystone_admin_api_vip', $controller_virtual_ip),
- service_port => $ports[keystone_admin_api_port],
- ip_addresses => hiera('keystone_admin_api_node_ips', $controller_hosts_real),
- server_names => hiera('keystone_admin_api_node_names', $controller_hosts_names_real),
- mode => 'http',
- listen_options => merge($default_listen_options, { 'option' => [ 'httpchk GET /v3' ] }),
- public_ssl_port => $ports[keystone_admin_api_ssl_port],
- service_network => $keystone_admin_network,
- member_options => union($haproxy_member_options, $internal_tls_member_options),
+ internal_ip => hiera('keystone_admin_api_vip', $controller_virtual_ip),
+ service_port => $ports[keystone_admin_api_port],
+ ip_addresses => hiera('keystone_admin_api_node_ips', $controller_hosts_real),
+ server_names => hiera('keystone_admin_api_node_names', $controller_hosts_names_real),
+ mode => 'http',
+ listen_options => merge($default_listen_options, { 'option' => [ 'httpchk GET /v3' ] }),
+ service_network => $keystone_admin_network,
+ member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}
diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp
index 9139061..4436e19 100644
--- a/manifests/haproxy/endpoint.pp
+++ b/manifests/haproxy/endpoint.pp
@@ -133,21 +133,35 @@ define tripleo::haproxy::endpoint (
} else {
# internal service only
$public_bind_opts = {}
+ $listen_options_real = $listen_options
}
if $use_internal_certificates {
if !$service_network {
fail("The service_network for this service is undefined. Can't configure TLS for the internal network.")
}
- # NOTE(jaosorior): The key of the internal_certificates_specs hash must
- # must match the convention haproxy-<network name> or else this
- # will fail. Futherly, it must contain the path that we'll use under
- # 'service_pem'.
- $internal_cert_path = $internal_certificates_specs["haproxy-${service_network}"]['service_pem']
+
+ if $service_network == 'external' and $public_certificate {
+ # NOTE(jaosorior): This service has been configured to use the external
+ # network. We should use the public certificate in this case.
+ $internal_cert_path = $public_certificate
+ } else {
+ # NOTE(jaosorior): This service is configured for the internal network.
+ # We use the certificate spec hash. The key of the
+ # internal_certificates_specs hash must must match the convention
+ # haproxy-<network name> or else this will fail. Futherly, it must
+ # contain the path that we'll use under 'service_pem'.
+ $internal_cert_path = $internal_certificates_specs["haproxy-${service_network}"]['service_pem']
+ }
$internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"),
union($haproxy_listen_bind_param, ['ssl', 'crt', $internal_cert_path]))
} else {
- $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), $haproxy_listen_bind_param)
+ if $service_network == 'external' and $public_certificate {
+ $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"),
+ union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate]))
+ } else {
+ $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${service_port}"), $haproxy_listen_bind_param)
+ }
}
$bind_opts = merge($internal_bind_opts, $public_bind_opts)
diff --git a/manifests/profile/base/logging/logrotate.pp b/manifests/profile/base/logging/logrotate.pp
new file mode 100644
index 0000000..1545875
--- /dev/null
+++ b/manifests/profile/base/logging/logrotate.pp
@@ -0,0 +1,112 @@
+# Copyright 2017 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::logging::logrotate
+#
+# Installs a cron job that rotates containerized services logs.
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) String. The current step of the deployment
+# Defaults to hiera('step')
+#
+# [*ensure*]
+# (optional) Defaults to present.
+# Valid values are present, absent.
+#
+# [*minute*]
+# (optional) Defaults to '0'. Configures cron job for logrotate.
+#
+# [*hour*]
+# (optional) Defaults to '*'. Configures cron job for logrotate.
+#
+# [*monthday*]
+# (optional) Defaults to '*'. Configures cron job for logrotate.
+#
+# [*month*]
+# (optional) Defaults to '*'. Configures cron job for logrotate.
+#
+# [*weekday*]
+# (optional) Defaults to '*'. Configures cron job for logrotate.
+#
+# [*maxdelay*]
+# (optional) Seconds. Defaults to 90. Should be a positive integer.
+# Induces a random delay before running the cronjob to avoid running all
+# cron jobs at the same time on all hosts this job is configured.
+#
+# [*user*]
+# (optional) Defaults to 'root'. Configures cron job for logrotate.
+#
+# [*delaycompress*]
+# (optional) Defaults to True.
+# Configures the logrotate delaycompress parameter.
+#
+# [*size*]
+# (optional) Defaults to '10M'.
+# Configures the logrotate size parameter.
+#
+# [*rotate*]
+# (optional) Defaults to 14.
+# Configures the logrotate rotate parameter.
+#
+class tripleo::profile::base::logging::logrotate (
+ $step = Integer(hiera('step')),
+ $ensure = present,
+ $minute = 0,
+ $hour = '*',
+ $monthday = '*',
+ $month = '*',
+ $weekday = '*',
+ Integer $maxdelay = 90,
+ $user = 'root',
+ $delaycompress = true,
+ $size = '10M',
+ $rotate = 14,
+) {
+
+ if $step >= 4 {
+ if $maxdelay == 0 {
+ $sleep = ''
+ } else {
+ $sleep = "sleep `expr \${RANDOM} \\% ${maxdelay}`; "
+ }
+
+ $svc = 'logrotate-crond'
+ $config = "/etc/${svc}.conf"
+ $state = "/var/lib/logrotate/${svc}.status"
+ $cmd = "${sleep}/usr/sbin/logrotate -s ${state} ${config}"
+
+ file { "${config}":
+ ensure => $ensure,
+ owner => $user,
+ group => $user,
+ mode => '0640',
+ content => template('tripleo/logrotate/containers_logrotate.conf.erb'),
+ }
+
+ cron { "${svc}":
+ ensure => $ensure,
+ command => "${cmd} 2>&1|logger -t ${svc}",
+ environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
+ user => $user,
+ minute => $minute,
+ hour => $hour,
+ monthday => $monthday,
+ month => $month,
+ weekday => $weekday,
+ }
+ }
+}
diff --git a/spec/classes/tripleo_profile_base_logging_logrotate_spec.rb b/spec/classes/tripleo_profile_base_logging_logrotate_spec.rb
new file mode 100644
index 0000000..df109b4
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_logging_logrotate_spec.rb
@@ -0,0 +1,59 @@
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::logging::logrotate' do
+ shared_examples_for 'tripleo::profile::base::logging::logrotate' do
+
+ context 'with step less than 4' do
+ let(:params) { { :step => 3 } }
+
+ it 'should do nothing' do
+ is_expected.to contain_class('tripleo::profile::base::logging::logrotate')
+ is_expected.to_not contain_cron('logrotate-crond')
+ is_expected.to_not contain_file('/etc/logrotate-crond.conf')
+ end
+ end
+
+ context 'with defaults and step greater than 3' do
+ let(:params) { { :step => 4 } }
+
+ it { is_expected.to contain_class('tripleo::profile::base::logging::logrotate') }
+ it { is_expected.to contain_cron('logrotate-crond').with(
+ :ensure => 'present',
+ :command => 'sleep `expr ${RANDOM} \\% 90`; /usr/sbin/logrotate -s ' +
+ '/var/lib/logrotate/logrotate-crond.status ' +
+ '/etc/logrotate-crond.conf 2>&1|logger -t logrotate-crond',
+ :user => 'root',
+ :minute => 0,
+ :hour => '*',
+ :monthday => '*',
+ :month => '*',
+ :weekday => '*') }
+ it { is_expected.to contain_file('/etc/logrotate-crond.conf') }
+ end
+ end
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let (:facts) {
+ facts
+ }
+ it_behaves_like 'tripleo::profile::base::logging::logrotate'
+ end
+ end
+end
diff --git a/templates/logrotate/containers_logrotate.conf.erb b/templates/logrotate/containers_logrotate.conf.erb
new file mode 100644
index 0000000..cbf17b4
--- /dev/null
+++ b/templates/logrotate/containers_logrotate.conf.erb
@@ -0,0 +1,14 @@
+/var/log/containers/*/*.log {
+ rotate <%= @rotate %>
+ size <%= @size %>
+ missingok
+ notifempty
+<%- if @delaycompress %>
+ delaycompress
+<%- end %>
+ postrotate
+ /sbin/lsof -nPs +L1 +D /var/log 2>&1|\
+ /bin/perl -ne '/\S+\s+(\d+).*\/var\/log\/.*\(deleted\)/ && print "$1\n"' |\
+ /bin/xargs -n1 -r -t kill -HUP
+ endscript
+}