Skip to content

Commit 9d6a4c2

Browse files
MiciahMiciah
committed
router: Add oc adm router --extended-logging flag
Add a --extended-logging flag to oc adm router that injects a sidecar container running rsyslog into the pod and configures HAProxy to log to that sidecar. This can be used with ROUTER_LOG_LEVEL=debug to get access logs. This commit fixes bug 1438482. https://bugzilla.redhat.com/show_bug.cgi?id=1438482
1 parent e004e65 commit 9d6a4c2

File tree

4 files changed

+91
-3
lines changed

4 files changed

+91
-3
lines changed

contrib/completions/bash/oc

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

contrib/completions/zsh/oc

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

images/router/haproxy/Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
#
66
FROM openshift/origin-cli
77

8-
RUN INSTALL_PKGS="haproxy18" && \
8+
RUN INSTALL_PKGS="haproxy18 rsyslog" && \
99
yum install -y $INSTALL_PKGS && \
1010
rpm -V $INSTALL_PKGS && \
1111
yum clean all && \

pkg/oc/admin/router/router.go

Lines changed: 86 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -154,6 +154,11 @@ type RouterConfig struct {
154154
// network namespace or the container's.
155155
HostNetwork bool
156156

157+
// ExtendedLogging specifies whether to inject a sidecar container
158+
// running rsyslogd into the router pod and configure the router to send
159+
// access logs to that sidecar.
160+
ExtendedLogging bool
161+
157162
// HostPorts will expose host ports for each router port if host networking is
158163
// not set.
159164
HostPorts bool
@@ -239,6 +244,12 @@ const (
239244

240245
// Default stats port.
241246
defaultStatsPort = 1936
247+
248+
rsyslogConfigurationFile = `$ModLoad imuxsock
249+
$SystemLogSocketName /var/lib/rsyslog/rsyslog.sock
250+
$ModLoad omstdout.so
251+
*.* :omstdout:
252+
`
242253
)
243254

244255
// NewCmdRouter implements the OpenShift CLI router command.
@@ -291,6 +302,7 @@ func NewCmdRouter(f kcmdutil.Factory, parentName, name string, out, errout io.Wr
291302
cmd.Flags().IntVar(&cfg.StatsPort, "stats-port", cfg.StatsPort, "If the underlying router implementation can provide statistics this is a hint to expose it on this port. Specify 0 if you want to turn off exposing the statistics.")
292303
cmd.Flags().StringVar(&cfg.StatsPassword, "stats-password", cfg.StatsPassword, "If the underlying router implementation can provide statistics this is the requested password for auth. If not set a password will be generated. Not available for external appliance based routers (e.g. F5)")
293304
cmd.Flags().StringVar(&cfg.StatsUsername, "stats-user", cfg.StatsUsername, "If the underlying router implementation can provide statistics this is the requested username for auth. Not available for external appliance based routers (e.g. F5)")
305+
cmd.Flags().BoolVar(&cfg.ExtendedLogging, "extended-logging", cfg.ExtendedLogging, "If true, then configure the router with additional logging.")
294306
cmd.Flags().BoolVar(&cfg.HostNetwork, "host-network", cfg.HostNetwork, "If true (the default), then use host networking rather than using a separate container network stack. Not required for external appliance based routers (e.g. F5)")
295307
cmd.Flags().BoolVar(&cfg.HostPorts, "host-ports", cfg.HostPorts, "If true (the default), when not using host networking host ports will be exposed. Not required for external appliance based routers (e.g. F5)")
296308
cmd.Flags().StringVar(&cfg.ExternalHost, "external-host", cfg.ExternalHost, "If the underlying router implementation connects with an external host, this is the external host's hostname.")
@@ -695,11 +707,50 @@ func RunCmdRouter(f kcmdutil.Factory, cmd *cobra.Command, out, errout io.Writer,
695707
}
696708
env.Add(app.Environment{"DEFAULT_CERTIFICATE_DIR": defaultCertificateDir})
697709
var certName = fmt.Sprintf("%s-certs", cfg.Name)
698-
secrets, volumes, mounts, err := generateSecretsConfig(cfg, namespace, defaultCert, certName)
710+
secrets, volumes, routerMounts, err := generateSecretsConfig(cfg, namespace, defaultCert, certName)
699711
if err != nil {
700712
return fmt.Errorf("router could not be created: %v", err)
701713
}
702714

715+
var configMaps []*kapi.ConfigMap
716+
717+
if cfg.Type == "haproxy-router" && cfg.ExtendedLogging {
718+
configMaps = append(configMaps, &kapi.ConfigMap{
719+
ObjectMeta: metav1.ObjectMeta{
720+
Name: "rsyslog-config",
721+
},
722+
Data: map[string]string{
723+
"rsyslog.conf": rsyslogConfigurationFile,
724+
},
725+
})
726+
volumes = append(volumes, kapi.Volume{
727+
Name: "rsyslog-config",
728+
VolumeSource: kapi.VolumeSource{
729+
ConfigMap: &kapi.ConfigMapVolumeSource{
730+
LocalObjectReference: kapi.LocalObjectReference{
731+
Name: "rsyslog-config",
732+
},
733+
},
734+
},
735+
})
736+
// Ideally we would use a Unix domain socket in the abstract
737+
// namespace, but rsyslog does not support that, so we need a
738+
// filesystem that is common to the router and syslog
739+
// containers.
740+
volumes = append(volumes, kapi.Volume{
741+
Name: "rsyslog-socket",
742+
VolumeSource: kapi.VolumeSource{
743+
EmptyDir: &kapi.EmptyDirVolumeSource{},
744+
},
745+
})
746+
routerMounts = append(routerMounts, kapi.VolumeMount{
747+
Name: "rsyslog-socket",
748+
MountPath: "/var/lib/rsyslog",
749+
})
750+
751+
env["ROUTER_SYSLOG_ADDRESS"] = "/var/lib/rsyslog/rsyslog.sock"
752+
}
753+
703754
livenessProbe := generateLivenessProbeConfig(cfg, ports)
704755
readinessProbe := generateReadinessProbeConfig(cfg, ports)
705756

@@ -719,7 +770,7 @@ func RunCmdRouter(f kcmdutil.Factory, cmd *cobra.Command, out, errout io.Writer,
719770
LivenessProbe: livenessProbe,
720771
ReadinessProbe: readinessProbe,
721772
ImagePullPolicy: kapi.PullIfNotPresent,
722-
VolumeMounts: mounts,
773+
VolumeMounts: routerMounts,
723774
Resources: kapi.ResourceRequirements{
724775
Requests: kapi.ResourceList{
725776
kapi.ResourceCPU: resource.MustParse("100m"),
@@ -728,11 +779,44 @@ func RunCmdRouter(f kcmdutil.Factory, cmd *cobra.Command, out, errout io.Writer,
728779
},
729780
},
730781
}
782+
if cfg.Type == "haproxy-router" && cfg.ExtendedLogging {
783+
containers = append(containers, kapi.Container{
784+
Name: "syslog",
785+
Image: image,
786+
Command: []string{
787+
"/sbin/rsyslogd", "-n",
788+
// TODO: Once we have rsyslog 8.32 or later,
789+
// we can switch to -i NONE.
790+
"-i", "/tmp/rsyslog.pid",
791+
"-f", "/etc/rsyslog/rsyslog.conf",
792+
},
793+
ImagePullPolicy: kapi.PullIfNotPresent,
794+
VolumeMounts: []kapi.VolumeMount{
795+
{
796+
Name: "rsyslog-config",
797+
MountPath: "/etc/rsyslog",
798+
},
799+
{
800+
Name: "rsyslog-socket",
801+
MountPath: "/var/lib/rsyslog",
802+
},
803+
},
804+
Resources: kapi.ResourceRequirements{
805+
Requests: kapi.ResourceList{
806+
kapi.ResourceCPU: resource.MustParse("100m"),
807+
kapi.ResourceMemory: resource.MustParse("256Mi"),
808+
},
809+
},
810+
})
811+
}
731812

732813
objects := []runtime.Object{}
733814
for _, s := range secrets {
734815
objects = append(objects, s)
735816
}
817+
for _, cm := range configMaps {
818+
objects = append(objects, cm)
819+
}
736820

737821
objects = append(objects,
738822
&kapi.ServiceAccount{ObjectMeta: metav1.ObjectMeta{Name: cfg.ServiceAccount}},

0 commit comments

Comments
 (0)