thr3ads.net - Ovirt devel - [Ovirt-devel] [PATCH server] Added support for remote logging with rsyslog-gssapi to server. [Aug 2009]

If this information is useful, please help other people find it:
Share via:
Arjun Roy
2009-Aug-11 18:18 UTC
[Ovirt-devel] [PATCH server] Added support for remote logging with rsyslog-gssapi to server.

Nodes will use rsyslog to forward their logs to the server in
/var/log/remote.
---
 installer/modules/ovirt/files/rsyslog.conf         |   65 ++++++++++++++++++++
 installer/modules/ovirt/manifests/ovirt.pp         |   26 ++++++++
 .../modules/ovirt/templates/ovirt-dns.conf.erb     |    1 +
 ovirt-server.spec.in                               |    3 +
 scripts/ovirt-rsyslog-kerbsetup                    |   28 +++++++++
 src/host-browser/host-browser.rb                   |    3 +
 6 files changed, 126 insertions(+), 0 deletions(-)
 create mode 100644 installer/modules/ovirt/files/rsyslog.conf
 create mode 100755 scripts/ovirt-rsyslog-kerbsetup

diff --git a/installer/modules/ovirt/files/rsyslog.conf
b/installer/modules/ovirt/files/rsyslog.conf
new file mode 100644
index 0000000..5e54620
--- /dev/null
+++ b/installer/modules/ovirt/files/rsyslog.conf
@@ -0,0 +1,65 @@
+rsyslog v3 config file
+
+#### MODULES ####
+
+$ModLoad imuxsock.so    # provides support for local system logging (e.g. via
logger command)
+$ModLoad imklog.so      # provides kernel logging support (previously done by
rklogd)
+
+# Provides TCP syslog reception
+$ModLoad imgssapi.so
+$InputGSSServerServiceName rsyslog
+$InputGSSServerRun 514
+
+#### GLOBAL DIRECTIVES ####
+
+# Use default timestamp format
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+#### RULES ####
+
+# The following templates inspired by Chef
http://wiki.opscode.com/display/chef/Home
+
+$template
PerHostAuth,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/auth.log"
+$template
PerHostCron,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/cron.log"
+$template
PerHostSyslog,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/syslog"
+$template
PerHostDaemon,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/daemon.log"
+$template
PerHostKern,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/kern.log"
+$template
PerHostUser,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/user.log"
+
+$template
PerHostMail,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/mail.log"
+$template
PerHostMailInfo,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/mail.info"
+$template
PerHostMailWarn,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/mail.warn"
+
+$template
PerHostNewsCrit,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/news.crit"
+$template
PerHostNewsErr,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/news.err"
+$template
PerHostNewsNotice,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/news.notice"
+
+$template
PerHostDebug,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/debug"
+$template
PerHostMessages,"/var/log/remote/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/messages"
+
+auth,authpriv.*         ?PerHostAuth
+*.*;auth,authpriv.none  -?PerHostSyslog
+cron.*                  ?PerHostCron
+daemon.*                -?PerHostDaemon
+kern.*                  -?PerHostKern
+mail.*                  -?PerHostMail
+user.*                  -?PerHostUser
+
+mail.info               -?PerHostMailInfo
+mail.warn               ?PerHostMailWarn
+
+*.info;mail.none;authpriv.none;cron.none                /var/log/messages
+
+# The authpriv file has restricted access.
+authpriv.*                                              /var/log/secure
+
+mail.*                                                  -/var/log/maillog
+
+cron.*                                                  /var/log/cron
+
+*.emerg                                                 *
+
+uucp,news.crit                                          /var/log/spooler
+
+# Save boot messages also to boot.log
+local7.*                                                /var/log/boot.log
diff --git a/installer/modules/ovirt/manifests/ovirt.pp
b/installer/modules/ovirt/manifests/ovirt.pp
index b018a00..81c701c 100644
--- a/installer/modules/ovirt/manifests/ovirt.pp
+++ b/installer/modules/ovirt/manifests/ovirt.pp
@@ -58,6 +58,14 @@ class ovirt::setup {
 	        ensure => installed;
 	}
 
+	package {"rsyslog":
+		ensure => installed;
+	}
+
+	package {"rsyslog-gssapi":
+		ensure => installed;
+	}
+
 	package {"collectd":
 		ensure => installed;
 	}
@@ -97,6 +105,11 @@ class ovirt::setup {
                 notify => Service["qpidd"]
         }
 
+	file {"/etc/rsyslog.conf":
+		source => "puppet:///ovirt/rsyslog.conf",
+		notify => Service["rsyslog"]
+	}
+
 	single_exec { "db_migrate" :
 		cwd => "/usr/share/ovirt-server/",
 		command => "/usr/bin/rake db:migrate",
@@ -130,6 +143,18 @@ class ovirt::setup {
 		notify => Service[qpidd]
 	}
 
+	single_exec { "rsyslog_kerbsetup" :
+		command => "/usr/sbin/ovirt-rsyslog-kerbsetup",
+		require => [Package[rsyslog],Package[rsyslog-gssapi]],
+		notify => Service[rsyslog]
+	}
+
+	service {"rsyslog" :
+		enable => true,
+		require => [Package[rsyslog],Package[rsyslog-gssapi]],
+		ensure => running
+	}
+
 	service {"httpd" :
                 enable => true,
                 require => Package[httpd],
@@ -213,6 +238,7 @@ class ovirt::setup {
         firewall_rule {"qpidd": destination_port =>
'5672'}
         firewall_rule {"collectd": destination_port =>
'25826', protocol => 'udp'}
         firewall_rule {"ntpd": destination_port => '123',
protocol => 'udp'}
+        firewall_rule {"rsyslog": destination_port =>
'514'}
 
     exec{"refresh-iptables":
                 command => "/usr/local/bin/iptables-update.sh",
diff --git a/installer/modules/ovirt/templates/ovirt-dns.conf.erb
b/installer/modules/ovirt/templates/ovirt-dns.conf.erb
index f4ee39b..03988aa 100644
--- a/installer/modules/ovirt/templates/ovirt-dns.conf.erb
+++ b/installer/modules/ovirt/templates/ovirt-dns.conf.erb
@@ -4,4 +4,5 @@ srv-host=_ldap._tcp,<%= ipa_host %>,389
 srv-host=_collectd._udp,<%= ovirt_host %>,25826
 srv-host=_qpidd._tcp,<%= ovirt_host %>,5672
 srv-host=_identify._tcp,<%= ovirt_host %>,12120
+srv-host=_rsyslog._tcp,<%= ovirt_host %>,514
 
diff --git a/ovirt-server.spec.in b/ovirt-server.spec.in
index 0715690..ec18b38 100644
--- a/ovirt-server.spec.in
+++ b/ovirt-server.spec.in
@@ -45,6 +45,7 @@ Requires: ruby-qpid >= 0.5.776856
 Requires: qpidc
 Requires: qmf
 Requires: ruby-qmf
+Requires: rsyslog-gssapi
 Requires(post):  /sbin/chkconfig
 Requires(preun): /sbin/chkconfig
 Requires(preun): /sbin/service
@@ -153,6 +154,7 @@ touch
%{buildroot}%{_localstatedir}/log/%{name}/db-omatic.log
 %{__cp} -a %{pbuild}/scripts/ovirt-reindex-search %{buildroot}%{_sbindir}
 %{__cp} -a %{pbuild}/scripts/ovirt-update-search %{buildroot}%{_sbindir}
 %{__cp} -a %{pbuild}/scripts/ovirt_ctl %{buildroot}%{_sbindir}
+%{__cp} -a %{pbuild}/scripts/ovirt-rsyslog-kerbsetup %{buildroot}%{_sbindir}
 %{__rm} -rf %{buildroot}%{app_root}/tmp
 %{__mkdir} %{buildroot}%{_localstatedir}/lib/%{name}/tmp
 %{__ln_s} %{_localstatedir}/lib/%{name}/tmp %{buildroot}%{app_root}/tmp
@@ -227,6 +229,7 @@ fi
 %{_bindir}/ovirt-add-host
 %{_bindir}/ovirt-vm2node
 %{_sbindir}/ovirt_ctl
+%{_sbindir}/ovirt-rsyslog-kerbsetup
 %{_initrddir}/ovirt-host-browser
 %{_initrddir}/ovirt-host-register
 %{_initrddir}/ovirt-db-omatic
diff --git a/scripts/ovirt-rsyslog-kerbsetup b/scripts/ovirt-rsyslog-kerbsetup
new file mode 100755
index 0000000..7b7dd90
--- /dev/null
+++ b/scripts/ovirt-rsyslog-kerbsetup
@@ -0,0 +1,28 @@
+#!/usr/bin/python
+
+import krbV
+import os
+import socket
+import shutil
+import sys
+
+def kadmin_local(command):
+        ret = os.system("/usr/kerberos/sbin/kadmin.local -q '" +
command + "'")
+        if ret != 0:
+                raise
+
+def get_ip(hostname):
+        return socket.gethostbyname(hostname)
+
+default_realm = krbV.Context().default_realm
+
+# In the following tuple, [0] is fqdn, [2] is ip address
+server_fqdn = socket.gethostbyaddr(socket.gethostname())[0]
+
+rsyslog_princ = 'rsyslog/' + server_fqdn + '@' + default_realm
+outname = '/etc/krb5.keytab'
+
+kadmin_local('addprinc -randkey ' + rsyslog_princ)
+kadmin_local('ktadd -k ' + outname + ' ' + rsyslog_princ)
+
+os.chmod(outname, 0644)
diff --git a/src/host-browser/host-browser.rb b/src/host-browser/host-browser.rb
index d77b321..576b0f6 100755
--- a/src/host-browser/host-browser.rb
+++ b/src/host-browser/host-browser.rb
@@ -83,6 +83,7 @@ class HostBrowser
         default_realm = krb5.get_default_realm
         qpidd_princ = 'qpidd/' + hostname + '@' + default_realm
         libvirt_princ = 'libvirt/' + hostname + '@' +
default_realm
+        rsyslog_princ = 'rsyslog/' + hostname + '@' +
default_realm
         outfile = ipaddress + '-libvirt.tab'
         @keytab_filename = @keytab_dir + outfile
 
@@ -94,6 +95,8 @@ class HostBrowser
             kadmin_local('ktadd -k ' + @keytab_filename + ' ' +
libvirt_princ)
             kadmin_local('addprinc -randkey ' + qpidd_princ)
             kadmin_local('ktadd -k ' + @keytab_filename + ' ' +
qpidd_princ)
+            kadmin_local('addprinc -randkey ' + rsyslog_princ)
+            kadmin_local('ktadd -k ' + @keytab_filename + ' ' +
rsyslog_princ)
 
             File.chmod(0644, at keytab_filename)
         end
-- 
1.6.2.5
Maybe Matching Threads

Search for more reasonably related threads
Ovirt devel - Aug 2009 - [PATCH server] Added support for remote logging with rsyslog-gssapi to server.

[Ovirt-devel] [PATCH server] Added support for remote logging with rsyslog-gssapi to server.

Maybe Matching Threads

Wisdom of the Ancients
