[Ovirt-devel] [PATCH node] Added support for remote logging with rsyslog-gssapi to node. NOTE: Needs selinux to be set to permissive (setenforce 0) to work.
Arjun Roy
arroy at redhat.com
Tue Aug 11 18:18:54 UTC 2009
TODO: Fix selinux :P
---
Makefile.am | 1 +
ovirt-node.spec.in | 3 ++
scripts/ovirt | 3 ++
scripts/ovirt-managed-rsyslog | 72 +++++++++++++++++++++++++++++++++++++++++
4 files changed, 79 insertions(+), 0 deletions(-)
create mode 100755 scripts/ovirt-managed-rsyslog
diff --git a/Makefile.am b/Makefile.am
index 0374f07..5201a79 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -46,6 +46,7 @@ EXTRA_DIST = \
scripts/ovirt-functions \
scripts/ovirt-install-node-stateful \
scripts/ovirt-install-node-stateless \
+ scripts/ovirt-managed-rsyslog \
scripts/persist \
scripts/unpersist \
scripts/ovirt-post \
diff --git a/ovirt-node.spec.in b/ovirt-node.spec.in
index d88a5b2..85d77ba 100644
--- a/ovirt-node.spec.in
+++ b/ovirt-node.spec.in
@@ -36,6 +36,7 @@ Requires: krb5-workstation
Requires: bash
Requires: chkconfig
Requires: bind-utils
+Requires: rsyslog-gssapi
# Stupid yum dep solver pulls in older 'qemu' to resolve
# /usr/bin/qemu-img dep. This forces it to pick the new
# qemu-img RPM.
@@ -161,6 +162,7 @@ cd -
%{__install} -D -m0755 scripts/ovirt-install-node-stateless %{buildroot}%{_sbindir}
%{__install} -D -m0755 scripts/ovirt-uninstall-node-stateful %{buildroot}%{_sbindir}
%{__install} -D -m0755 scripts/ovirt-config-view-logs %{buildroot}%{_sbindir}
+%{__install} -p -m0755 scripts/ovirt-managed-rsyslog %{buildroot}%{_sbindir}
%{__install} -p -m0755 scripts/persist %{buildroot}%{_sbindir}
%{__install} -p -m0755 scripts/unpersist %{buildroot}%{_sbindir}
@@ -310,6 +312,7 @@ fi
%{_sbindir}/ovirt-config-view-logs
%{_sbindir}/ovirt-process-config
%{_sbindir}/ovirt-install-node-stateless
+%{_sbindir}/ovirt-managed-rsyslog
%{_sbindir}/gptsync
%{_sbindir}/showpart
%{_sbindir}/persist
diff --git a/scripts/ovirt b/scripts/ovirt
index 4ff03f2..2614ada 100755
--- a/scripts/ovirt
+++ b/scripts/ovirt
@@ -74,6 +74,9 @@ start() {
else
log "skipping libvirt-qpid and matahari configuration, could not find $libvirt_qpid_conf"
fi
+
+ # Call rsyslog setup script
+ /usr/sbin/ovirt-managed-rsyslog
}
case "$1" in
diff --git a/scripts/ovirt-managed-rsyslog b/scripts/ovirt-managed-rsyslog
new file mode 100755
index 0000000..7f7e07a
--- /dev/null
+++ b/scripts/ovirt-managed-rsyslog
@@ -0,0 +1,72 @@
+#!/bin/bash
+#
+# Configures the rsyslog daemon
+# for managed ovirt node.
+# Source functions library
+. /etc/init.d/functions
+. /etc/init.d/ovirt-functions
+
+rsyslog_main_config="/etc/rsyslog.conf"
+sysconfig_file="/etc/sysconfig/rsyslog"
+
+find_srv rsyslog tcp
+if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then
+ echo "/usr/kerberos/bin/kinit -k -t /etc/libvirt/krb5.tab rsyslog/`hostname`" >> $sysconfig_file
+else
+ log "skipping rsyslog configuration, could not find find remote server"
+ exit 1
+fi
+
+cat > $rsyslog_main_config << EOF
+#rsyslog v3 config file
+
+#### MODULES ####
+
+\$ModLoad omgssapi.so # provides gssapi remote logging over tcp
+\$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command)
+\$ModLoad imklog.so # provides kernel logging support (previously done by rklogd)
+
+\$GSSForwardServiceName rsyslog
+\$GssMode encryption
+
+#### GLOBAL DIRECTIVES ####
+
+# Use default timestamp format
+\$ActionFileDefaultTemplate RSYSLOG_TraditionalForwardFormat
+
+#### RULES ####
+
+# Forward all messages to ovirt controller
+\$WorkDirectory /var/rsyslog
+\$ActionQueueFileName ovirt-server-fwd
+\$ActionQueueMaxDiskSpace 1g
+\$ActionQueueSaveOnShutdown off
+\$ActionQueueType LinkedList # run asynchronously
+\$ActionResumeRetryCount -1 # infinite retries if host is down
+*.* :omgssapi:$SRV_HOST:$SRV_PORT
+# End forwarding Rule
+
+# Log anything (except mail) of level info or higher.
+# Don't log private authentication messages!
+*.info;mail.none;authpriv.none;cron.none /var/log/messages
+
+# The authpriv file has restricted access.
+authpriv.* /var/log/secure
+
+# Log all the mail messages in one place.
+mail.* -/var/log/maillog
+
+# Log cron stuff
+cron.* /var/log/cron
+
+# Everybody gets emergency messages
+*.emerg *
+
+# Save news errors of level crit and higher in a special file.
+uucp,news.crit /var/log/spooler
+
+# Save boot messages also to boot.log
+local7.* /var/log/boot.log
+EOF
+
+/sbin/service rsyslog restart
--
1.6.2.5
More information about the ovirt-devel
mailing list