NEW: cflogsink / syslog logging support

andvgal · andvgal · commit 9fbdb1139688 · 2018-03-10T04:58:34.000Z
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,7 @@
 
+=== (next) ===
+NEW: cflogsink / syslog logging support
+
 === 0.12.0 (2017-02-09) ===
 NEW: version bump of cf* series
 
diff --git a/README.md b/README.md
@@ -175,6 +175,11 @@ Main setup and configuration of nginx web server.
     * `$cpu_weight = 100`
     * `$io_weight = 100`
 * `$settings_tune = {}` - tree for fine tune of nginx.conf
+    * `cfweb = {}` - tune of `cfweb` itself
+        - 'extra_files = 20000' - extra file descriptors, affects open file cache
+        - 'mem_per_conn = 128' - expected memory requirement per connection in KiB
+        - 'ssl_sess_factor = 3' - multiplier of max conn for ssl cache size
+        - 'use_syslog' - auto-detected based on cflogsink::client
 * `$trusted_proxy = []` - list of trusted reverse-proxies
 * `$default_certs = {}` - cert names to use for the default catch all vhosts
 * `$backlog = 4096` - tune backlog
diff --git a/lib/puppet/provider/cfweb_nginx/cfweb.rb b/lib/puppet/provider/cfweb_nginx/cfweb.rb
@@ -67,13 +67,36 @@ def self.on_config_change(newconf)
         worker_connections = (mem_limit * 1024 / mem_per_conn / worker_processes).to_i
         ssl_sess_factor = cfweb_tune.fetch('ssl_sess_factor', 3).to_i
         ssl_sess_per_mb = 4000
-        
-        
+
+        #---
+        if cfweb_tune.fetch('use_syslog', false)
+            access_log = "syslog:server=unix:/dev/hdlog,facility=local2,tag=access_#{service_name},nohostname vhosts"
+            error_log = "syslog:server=unix:/dev/hdlog,facility=local1,tag=#{service_name},nohostname error"
+            log_conf = {
+                'error_log' => error_log,
+                'access_log' => access_log,
+            }
+        else
+            access_log = '/var/log/nginx/access.log vhosts'
+            error_log = '/var/log/nginx/error.log error'
+            log_conf = {}
+        end
+    
+        config_changed = cf_system.atomicWrite(
+            "#{conf_dir}/log.conf",
+            nginxConf( log_conf, 0),
+            {
+                :user => user,
+                :mode => 0640,
+            }
+        )
+
+        #---        
         global_conf = {
             'worker_processes' => worker_processes,
             'worker_cpu_affinity' => 'auto',
             'pcre_jit' => 'on',
-            'error_log' => '/var/log/nginx/error.log error',
+            'error_log' => error_log,
         }.merge(settings_tune.fetch('global', {}))
         worker_processes = global_conf['worker_processes'].to_i
         
@@ -86,21 +109,21 @@ def self.on_config_change(newconf)
         max_conn = global_conf['worker_processes'].to_i *
                    events_conf['worker_connections'].to_i
         ssl_sess_cache = (max_conn * ssl_sess_factor / ssl_sess_per_mb + 1).to_i
-        
+
         http_conf = {
             'default_type' => 'application/octet-stream',
             #
             'log_format main' => [
                     '\'$remote_addr - $remote_user [$time_local]',
                     '"$request" $status $body_bytes_sent "$http_referer"',
-                    '"$http_user_agent" "$http_x_forwarded_for"\''
+                    '"$http_user_agent"\''
             ].join(' '),
             'log_format vhosts' => [
-                    '\'$host $remote_addr - $remote_user [$time_local]',
+                    '\'$host:$server_port $remote_addr - $remote_user [$time_local]',
                     '"$request" $status $body_bytes_sent "$http_referer"',
-                    '"$http_user_agent" "$http_x_forwarded_for"\''
+                    '"$http_user_agent" $request_time\''
             ].join(' '),
-            'access_log' => '/var/log/nginx/access.log vhosts',
+            'access_log' => access_log,
             #
             'keepalive_timeout' => '65 60',
             'keepalive_requests' => 100,
diff --git a/manifests/nginx.pp b/manifests/nginx.pp
@@ -61,6 +61,25 @@
     $acme_challenge_group = $cfweb::acme_challenge_group
     $acme_challenge_root = $cfweb::acme_challenge_root
 
+    #---
+    $act_settings_tune = merge(
+        {
+            cfweb => merge(
+                {
+                    use_syslog => defined(Class['cflogsink::client']) or lookup('cflogsink::target')
+                },
+                pick($settings_tune['cfweb'], {})
+            )
+        },
+        $settings_tune
+    )
+
+    if $act_settings_tune['cfweb']['use_syslog'] {
+        include cfsystem::hdsyslog
+    }
+    #---
+
+
     group { $group:
         ensure => present,
     }
@@ -85,7 +104,7 @@
         recurse => true,
         force   => true,
     }
-    -> file { "${conf_dir}/nginx.conf":
+    -> file { [ "${conf_dir}/nginx.conf", "${conf_dir}/log.conf" ]:
         group   => $group,
         mode    => '0640',
         replace => false,
@@ -159,7 +178,7 @@
         memory_weight => $memory_weight,
         cpu_weight    => $cpu_weight,
         io_weight     => $io_weight,
-        settings_tune => $settings_tune,
+        settings_tune => $act_settings_tune,
         service_name  => $service_name,
         limits        => $limits,
         stress_hosts  => $stress_hosts,
diff --git a/templates/app_vhost.epp b/templates/app_vhost.epp
@@ -106,6 +106,9 @@ server {
     listen <%= $l %>;
 <%  } -%>
 
+    # NOTE: it's not redundant, there are some fine moments in log handling in server block
+    include /etc/nginx/log.conf;
+
 <%= $tls_snippet -%>
 <%= $trust_proxy_snippet -%>
 
@@ -159,6 +162,8 @@ server {
     listen <%= $l %>;
 <%  } -%>
 
+    # NOTE: it's not redundant, there are some fine moments in log handling in server block
+    include /etc/nginx/log.conf;
     
 <%= $trust_proxy_snippet -%>
 <%= $acme_challenge_snippet %>
@@ -176,6 +181,9 @@ server {
 server {
     server_name <%= $alt_names.join(' ') %>;
     
+    # NOTE: it's not redundant, there are some fine moments in log handling in server block
+    include /etc/nginx/log.conf;
+
 <%  $listen_plain.each |$l| { -%>
     listen <%= $l %>;
 <%  } -%>
diff --git a/templates/default_vhost.epp b/templates/default_vhost.epp
@@ -25,6 +25,8 @@ server {
 <% } -%>
         ;
         
+    # NOTE: it's not redundant, there are some fine moments in log handling in server block
+    include /etc/nginx/log.conf;
         
 <% if $proxy_protocol { -%>
 <%  $trusted_proxy.each |$p| { -%>

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,8 @@ server {`
`25`	`25`	`<% } -%>`
`26`	`26`	`;`
`27`	`27`
	`28`	`+ # NOTE: it's not redundant, there are some fine moments in log handling in server block`
	`29`	`+ include /etc/nginx/log.conf;`
`28`	`30`
`29`	`31`	`<% if $proxy_protocol { -%>`
`30`	`32`	`<% $trusted_proxy.each \|$p\| { -%>`