Bug 1672940 - haproxy log should not be written in /var/log/messages
Summary: haproxy log should not be written in /var/log/messages
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates
Version: 14.0 (Rocky)
Hardware: Unspecified
OS: Unspecified
low
high
Target Milestone: zstream
: 14.0 (Rocky)
Assignee: Damien Ciabrini
QA Contact: pkomarov
URL:
Whiteboard:
Depends On: 1600865 1669146
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-02-06 09:45 UTC by Damien Ciabrini
Modified: 2019-03-18 13:03 UTC (History)
4 users (show)

Fixed In Version: puppet-tripleo-9.3.1-0.20190119004939.e8adf4b.el7ost openstack-tripleo-heat-templates-9.2.1-0.20190119154861.fe11ade.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1600865
Environment:
Last Closed: 2019-03-18 13:03:37 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1814880 0 None None None 2019-02-06 16:34:08 UTC
OpenStack gerrit 635207 0 None None None 2019-02-06 17:12:11 UTC
OpenStack gerrit 635224 0 None None None 2019-02-06 17:12:11 UTC
Red Hat Product Errata RHBA-2019:0446 0 None None None 2019-03-18 13:03:43 UTC

Comment 4 Damien Ciabrini 2019-02-25 13:04:22 UTC 
Instruction for testing the fix:

1. Deploy an HA overcloud
2. verify that HAProxy logs are now stored into a new dedicated file /var/log/containers/haproxy/haproxy.log
3. verify that there's no SELinux denials due to this new file access

Notes: 
. HAProxy logs should still be stored in the journal, as systemd forwards its logs to rsyslog, which in turns stores haproxy entries into the new haproxy log file
. HA routers (that spawn an HAProxy) won't store any log under /var/log/containers/hapoxy/haproxy.log
Comment 8 pkomarov 2019-02-28 15:11:55 UTC 
Verified, 



[stack@undercloud-0 ~]$ ansible controller-0 -b -mshell -a'rpm -qa |grep puppet-tripleo'
 [WARNING]: Found both group and host with same name: undercloud

 [WARNING]: Consider using the yum, dnf or zypper module rather than running rpm.  If you need to use command because yum, dnf or zypper is
insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of this message.

controller-0 | SUCCESS | rc=0 >>
puppet-tripleo-9.3.1-0.20190119004939.e8adf4b.el7ost.noarch



[stack@undercloud-0 ~]$ ansible controller-0 -b -mshell -a'head /var/log/containers/haproxy/haproxy.log'
 [WARNING]: Found both group and host with same name: undercloud

controller-0 | SUCCESS | rc=0 >>
Feb 28 09:50:16 controller-2 haproxy[11]: Proxy aodh started.
Feb 28 09:50:16 controller-2 haproxy[11]: Proxy cinder started.
Feb 28 09:50:16 controller-2 haproxy[11]: Proxy glance_api started.
Feb 28 09:50:16 controller-2 haproxy[11]: Proxy gnocchi started.
Feb 28 09:50:16 controller-2 haproxy[11]: Proxy haproxy.stats started.
Feb 28 09:50:16 controller-2 haproxy[11]: Proxy heat_api started.
Feb 28 09:50:16 controller-2 haproxy[11]: Proxy heat_cfn started.
Feb 28 09:50:16 controller-2 haproxy[11]: Proxy horizon started.
Feb 28 09:50:16 controller-2 haproxy[11]: Proxy keystone_admin started.
Feb 28 09:50:16 controller-2 haproxy[11]: Proxy keystone_public started.

[stack@undercloud-0 ~]$ ansible controller-0 -b -mshell -a'grep haproxy /var/log/secure'
 [WARNING]: Found both group and host with same name: undercloud

controller-0 | FAILED | rc=1 >>
non-zero return code
Comment 10 errata-xmlrpc 2019-03-18 13:03:37 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0446
Note You need to log in before you can comment on or make changes to this bug.