[Ovirt-devel] [PATCH node] Added support for remote logging with rsyslog-gssapi to node. NOTE: Needs selinux to be set to permissive (setenforce 0) to work.

Arjun Roy arroy at redhat.com
Tue Aug 11 18:18:54 UTC 2009 

TODO: Fix selinux :P
---
 Makefile.am                   |    1 +
 ovirt-node.spec.in            |    3 ++
 scripts/ovirt                 |    3 ++
 scripts/ovirt-managed-rsyslog |   72 +++++++++++++++++++++++++++++++++++++++++
 4 files changed, 79 insertions(+), 0 deletions(-)
 create mode 100755 scripts/ovirt-managed-rsyslog

diff --git a/Makefile.am b/Makefile.am
index 0374f07..5201a79 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -46,6 +46,7 @@ EXTRA_DIST =			\
   scripts/ovirt-functions	\
   scripts/ovirt-install-node-stateful	\
   scripts/ovirt-install-node-stateless	\
+  scripts/ovirt-managed-rsyslog \
   scripts/persist                       \
   scripts/unpersist                     \
   scripts/ovirt-post		\
diff --git a/ovirt-node.spec.in b/ovirt-node.spec.in
index d88a5b2..85d77ba 100644
--- a/ovirt-node.spec.in
+++ b/ovirt-node.spec.in
@@ -36,6 +36,7 @@ Requires:       krb5-workstation
 Requires:       bash
 Requires:       chkconfig
 Requires:       bind-utils
+Requires:       rsyslog-gssapi
 # Stupid yum dep solver pulls in older 'qemu' to resolve
 # /usr/bin/qemu-img dep. This forces it to pick the new
 # qemu-img RPM.
@@ -161,6 +162,7 @@ cd -
 %{__install} -D -m0755 scripts/ovirt-install-node-stateless %{buildroot}%{_sbindir}
 %{__install} -D -m0755 scripts/ovirt-uninstall-node-stateful %{buildroot}%{_sbindir}
 %{__install} -D -m0755 scripts/ovirt-config-view-logs %{buildroot}%{_sbindir}
+%{__install} -p -m0755 scripts/ovirt-managed-rsyslog %{buildroot}%{_sbindir}
 %{__install} -p -m0755 scripts/persist %{buildroot}%{_sbindir}
 %{__install} -p -m0755 scripts/unpersist %{buildroot}%{_sbindir}
 
@@ -310,6 +312,7 @@ fi
 %{_sbindir}/ovirt-config-view-logs
 %{_sbindir}/ovirt-process-config
 %{_sbindir}/ovirt-install-node-stateless
+%{_sbindir}/ovirt-managed-rsyslog
 %{_sbindir}/gptsync
 %{_sbindir}/showpart
 %{_sbindir}/persist
diff --git a/scripts/ovirt b/scripts/ovirt
index 4ff03f2..2614ada 100755
--- a/scripts/ovirt
+++ b/scripts/ovirt
@@ -74,6 +74,9 @@ start() {
     else
         log "skipping libvirt-qpid and matahari configuration, could not find $libvirt_qpid_conf"
     fi
+
+    # Call rsyslog setup script
+    /usr/sbin/ovirt-managed-rsyslog
 }
 
 case "$1" in
diff --git a/scripts/ovirt-managed-rsyslog b/scripts/ovirt-managed-rsyslog
new file mode 100755
index 0000000..7f7e07a
--- /dev/null
+++ b/scripts/ovirt-managed-rsyslog
@@ -0,0 +1,72 @@
+#!/bin/bash
+#
+# Configures the rsyslog daemon
+# for managed ovirt node.
+# Source functions library
+. /etc/init.d/functions
+. /etc/init.d/ovirt-functions
+
+rsyslog_main_config="/etc/rsyslog.conf"
+sysconfig_file="/etc/sysconfig/rsyslog"
+
+find_srv rsyslog tcp
+if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then
+    echo "/usr/kerberos/bin/kinit -k -t /etc/libvirt/krb5.tab rsyslog/`hostname`" >> $sysconfig_file
+else
+    log "skipping rsyslog configuration, could not find find remote server"
+    exit 1
+fi
+
+cat > $rsyslog_main_config << EOF
+#rsyslog v3 config file
+
+#### MODULES ####
+
+\$ModLoad omgssapi.so    # provides gssapi remote logging over tcp
+\$ModLoad imuxsock.so    # provides support for local system logging (e.g. via logger command)
+\$ModLoad imklog.so      # provides kernel logging support (previously done by rklogd)
+
+\$GSSForwardServiceName rsyslog
+\$GssMode encryption
+
+#### GLOBAL DIRECTIVES ####
+
+# Use default timestamp format
+\$ActionFileDefaultTemplate RSYSLOG_TraditionalForwardFormat
+
+#### RULES ####
+
+# Forward all messages to ovirt controller
+\$WorkDirectory /var/rsyslog
+\$ActionQueueFileName ovirt-server-fwd
+\$ActionQueueMaxDiskSpace 1g
+\$ActionQueueSaveOnShutdown off
+\$ActionQueueType LinkedList   # run asynchronously
+\$ActionResumeRetryCount -1    # infinite retries if host is down
+*.* :omgssapi:$SRV_HOST:$SRV_PORT
+# End forwarding Rule
+
+# Log anything (except mail) of level info or higher.
+# Don't log private authentication messages!
+*.info;mail.none;authpriv.none;cron.none                /var/log/messages
+
+# The authpriv file has restricted access.
+authpriv.*                                              /var/log/secure
+
+# Log all the mail messages in one place.
+mail.*                                                  -/var/log/maillog
+
+# Log cron stuff
+cron.*                                                  /var/log/cron
+
+# Everybody gets emergency messages
+*.emerg                                                 *
+
+# Save news errors of level crit and higher in a special file.
+uucp,news.crit                                          /var/log/spooler
+
+# Save boot messages also to boot.log
+local7.*                                                /var/log/boot.log
+EOF
+
+/sbin/service rsyslog restart
-- 
1.6.2.5

More information about the ovirt-devel mailing list