[Ovirt-devel] [PATCH server] Added support for remote logging with rsyslog-gssapi to server.
Arjun Roy
arroy at redhat.com
Tue Aug 11 18:18:40 UTC 2009
Nodes will use rsyslog to forward their logs to the server in
/var/log/remote.
---
installer/modules/ovirt/files/rsyslog.conf | 65 ++++++++++++++++++++
installer/modules/ovirt/manifests/ovirt.pp | 26 ++++++++
.../modules/ovirt/templates/ovirt-dns.conf.erb | 1 +
ovirt-server.spec.in | 3 +
scripts/ovirt-rsyslog-kerbsetup | 28 +++++++++
src/host-browser/host-browser.rb | 3 +
6 files changed, 126 insertions(+), 0 deletions(-)
create mode 100644 installer/modules/ovirt/files/rsyslog.conf
create mode 100755 scripts/ovirt-rsyslog-kerbsetup
diff --git a/installer/modules/ovirt/files/rsyslog.conf b/installer/modules/ovirt/files/rsyslog.conf
new file mode 100644
index 0000000..5e54620
--- /dev/null
+++ b/installer/modules/ovirt/files/rsyslog.conf
@@ -0,0 +1,65 @@
+rsyslog v3 config file
+
+#### MODULES ####
+
+$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command)
+$ModLoad imklog.so # provides kernel logging support (previously done by rklogd)
+
+# Provides TCP syslog reception
+$ModLoad imgssapi.so
+$InputGSSServerServiceName rsyslog
+$InputGSSServerRun 514
+
+#### GLOBAL DIRECTIVES ####
+
+# Use default timestamp format
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+#### RULES ####
+
+# The following templates inspired by Chef http://wiki.opscode.com/display/chef/Home
+
+$template PerHostAuth,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/auth.log"
+$template PerHostCron,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/cron.log"
+$template PerHostSyslog,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/syslog"
+$template PerHostDaemon,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/daemon.log"
+$template PerHostKern,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/kern.log"
+$template PerHostUser,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/user.log"
+
+$template PerHostMail,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/mail.log"
+$template PerHostMailInfo,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/mail.info"
+$template PerHostMailWarn,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/mail.warn"
+
+$template PerHostNewsCrit,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/news.crit"
+$template PerHostNewsErr,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/news.err"
+$template PerHostNewsNotice,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/news.notice"
+
+$template PerHostDebug,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/debug"
+$template PerHostMessages,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/messages"
+
+auth,authpriv.* ?PerHostAuth
+*.*;auth,authpriv.none -?PerHostSyslog
+cron.* ?PerHostCron
+daemon.* -?PerHostDaemon
+kern.* -?PerHostKern
+mail.* -?PerHostMail
+user.* -?PerHostUser
+
+mail.info -?PerHostMailInfo
+mail.warn ?PerHostMailWarn
+
+*.info;mail.none;authpriv.none;cron.none /var/log/messages
+
+# The authpriv file has restricted access.
+authpriv.* /var/log/secure
+
+mail.* -/var/log/maillog
+
+cron.* /var/log/cron
+
+*.emerg *
+
+uucp,news.crit /var/log/spooler
+
+# Save boot messages also to boot.log
+local7.* /var/log/boot.log
diff --git a/installer/modules/ovirt/manifests/ovirt.pp b/installer/modules/ovirt/manifests/ovirt.pp
index b018a00..81c701c 100644
--- a/installer/modules/ovirt/manifests/ovirt.pp
+++ b/installer/modules/ovirt/manifests/ovirt.pp
@@ -58,6 +58,14 @@ class ovirt::setup {
ensure => installed;
}
+ package {"rsyslog":
+ ensure => installed;
+ }
+
+ package {"rsyslog-gssapi":
+ ensure => installed;
+ }
+
package {"collectd":
ensure => installed;
}
@@ -97,6 +105,11 @@ class ovirt::setup {
notify => Service["qpidd"]
}
+ file {"/etc/rsyslog.conf":
+ source => "puppet:///ovirt/rsyslog.conf",
+ notify => Service["rsyslog"]
+ }
+
single_exec { "db_migrate" :
cwd => "/usr/share/ovirt-server/",
command => "/usr/bin/rake db:migrate",
@@ -130,6 +143,18 @@ class ovirt::setup {
notify => Service[qpidd]
}
+ single_exec { "rsyslog_kerbsetup" :
+ command => "/usr/sbin/ovirt-rsyslog-kerbsetup",
+ require => [Package[rsyslog],Package[rsyslog-gssapi]],
+ notify => Service[rsyslog]
+ }
+
+ service {"rsyslog" :
+ enable => true,
+ require => [Package[rsyslog],Package[rsyslog-gssapi]],
+ ensure => running
+ }
+
service {"httpd" :
enable => true,
require => Package[httpd],
@@ -213,6 +238,7 @@ class ovirt::setup {
firewall_rule {"qpidd": destination_port => '5672'}
firewall_rule {"collectd": destination_port => '25826', protocol => 'udp'}
firewall_rule {"ntpd": destination_port => '123', protocol => 'udp'}
+ firewall_rule {"rsyslog": destination_port => '514'}
exec{"refresh-iptables":
command => "/usr/local/bin/iptables-update.sh",
diff --git a/installer/modules/ovirt/templates/ovirt-dns.conf.erb b/installer/modules/ovirt/templates/ovirt-dns.conf.erb
index f4ee39b..03988aa 100644
--- a/installer/modules/ovirt/templates/ovirt-dns.conf.erb
+++ b/installer/modules/ovirt/templates/ovirt-dns.conf.erb
@@ -4,4 +4,5 @@ srv-host=_ldap._tcp,<%= ipa_host %>,389
srv-host=_collectd._udp,<%= ovirt_host %>,25826
srv-host=_qpidd._tcp,<%= ovirt_host %>,5672
srv-host=_identify._tcp,<%= ovirt_host %>,12120
+srv-host=_rsyslog._tcp,<%= ovirt_host %>,514
diff --git a/ovirt-server.spec.in b/ovirt-server.spec.in
index 0715690..ec18b38 100644
--- a/ovirt-server.spec.in
+++ b/ovirt-server.spec.in
@@ -45,6 +45,7 @@ Requires: ruby-qpid >= 0.5.776856
Requires: qpidc
Requires: qmf
Requires: ruby-qmf
+Requires: rsyslog-gssapi
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig
Requires(preun): /sbin/service
@@ -153,6 +154,7 @@ touch %{buildroot}%{_localstatedir}/log/%{name}/db-omatic.log
%{__cp} -a %{pbuild}/scripts/ovirt-reindex-search %{buildroot}%{_sbindir}
%{__cp} -a %{pbuild}/scripts/ovirt-update-search %{buildroot}%{_sbindir}
%{__cp} -a %{pbuild}/scripts/ovirt_ctl %{buildroot}%{_sbindir}
+%{__cp} -a %{pbuild}/scripts/ovirt-rsyslog-kerbsetup %{buildroot}%{_sbindir}
%{__rm} -rf %{buildroot}%{app_root}/tmp
%{__mkdir} %{buildroot}%{_localstatedir}/lib/%{name}/tmp
%{__ln_s} %{_localstatedir}/lib/%{name}/tmp %{buildroot}%{app_root}/tmp
@@ -227,6 +229,7 @@ fi
%{_bindir}/ovirt-add-host
%{_bindir}/ovirt-vm2node
%{_sbindir}/ovirt_ctl
+%{_sbindir}/ovirt-rsyslog-kerbsetup
%{_initrddir}/ovirt-host-browser
%{_initrddir}/ovirt-host-register
%{_initrddir}/ovirt-db-omatic
diff --git a/scripts/ovirt-rsyslog-kerbsetup b/scripts/ovirt-rsyslog-kerbsetup
new file mode 100755
index 0000000..7b7dd90
--- /dev/null
+++ b/scripts/ovirt-rsyslog-kerbsetup
@@ -0,0 +1,28 @@
+#!/usr/bin/python
+
+import krbV
+import os
+import socket
+import shutil
+import sys
+
+def kadmin_local(command):
+ ret = os.system("/usr/kerberos/sbin/kadmin.local -q '" + command + "'")
+ if ret != 0:
+ raise
+
+def get_ip(hostname):
+ return socket.gethostbyname(hostname)
+
+default_realm = krbV.Context().default_realm
+
+# In the following tuple, [0] is fqdn, [2] is ip address
+server_fqdn = socket.gethostbyaddr(socket.gethostname())[0]
+
+rsyslog_princ = 'rsyslog/' + server_fqdn + '@' + default_realm
+outname = '/etc/krb5.keytab'
+
+kadmin_local('addprinc -randkey ' + rsyslog_princ)
+kadmin_local('ktadd -k ' + outname + ' ' + rsyslog_princ)
+
+os.chmod(outname, 0644)
diff --git a/src/host-browser/host-browser.rb b/src/host-browser/host-browser.rb
index d77b321..576b0f6 100755
--- a/src/host-browser/host-browser.rb
+++ b/src/host-browser/host-browser.rb
@@ -83,6 +83,7 @@ class HostBrowser
default_realm = krb5.get_default_realm
qpidd_princ = 'qpidd/' + hostname + '@' + default_realm
libvirt_princ = 'libvirt/' + hostname + '@' + default_realm
+ rsyslog_princ = 'rsyslog/' + hostname + '@' + default_realm
outfile = ipaddress + '-libvirt.tab'
@keytab_filename = @keytab_dir + outfile
@@ -94,6 +95,8 @@ class HostBrowser
kadmin_local('ktadd -k ' + @keytab_filename + ' ' + libvirt_princ)
kadmin_local('addprinc -randkey ' + qpidd_princ)
kadmin_local('ktadd -k ' + @keytab_filename + ' ' + qpidd_princ)
+ kadmin_local('addprinc -randkey ' + rsyslog_princ)
+ kadmin_local('ktadd -k ' + @keytab_filename + ' ' + rsyslog_princ)
File.chmod(0644, at keytab_filename)
end
--
1.6.2.5
More information about the ovirt-devel
mailing list