juju-core

Code review comment for lp://staging/~axwalk/juju-core/lp1281071-rsyslog-worker-tls

  1. lp1281071-rsyslog-worker-tls
  2. Merge into trunk
Revision history for this message
Andrew Wilkins (axwalk) wrote :

Reviewers: mp+208531_code.launchpad.net,

Message:
Please take a look.

Description:
Implement rsyslog TLS support

This changes the rsyslog configuration
we generate to use TLS. We install the
rsyslog-gnutls package and generate a
new CA cert, server cert and key
specifically for rsyslog.

This completely changes the way rsyslog
configuration is managed. Now, instead
of writing at bootstrap time and having
an upgrade step, we have a worker that
writes the syslog config whenever syslog
parameters change. The state server will
generate certificates and propagate the
CA cert to other agents via environ config.

There are some other miscellaneous changes:
   - we now use reliable forwarding, as
     otherwise the machine agent and unit
     agent will restart rsyslog while
     log messages are buffered causing
     message loss
   - dedicated upgrades for rsyslog are
     redundant and removed. The new worker
     upgrades machine and unit agent rsyslog
     automatically.
   - syslog-port can now be changed, and must
     be changed to work around the privilege
     drop race in rsyslog 5.x (this is the
     sole motivation)
   - the local provider symlinks machine-0.log
     into /var/log/juju$namespace so that we
     do not need any configuration other than
     the existing namespace to determine log
     location

Fixes lp:1281071
Fixes lp:1284020

https://code.launchpad.net/~axwalk/juju-core/lp1281071-rsyslog-worker-tls/+merge/208531

Requires:
https://code.launchpad.net/~axwalk/juju-core/remove-syslog-cloudinit-config/+merge/208278

(do not edit description out of merge proposal)

Please review this at https://codereview.appspot.com/68930045/

Affected files (+1011, -32 lines):
   A [revision details]
   M cmd/jujud/agent.go
   M cmd/jujud/machine.go
   M cmd/jujud/machine_test.go
   M cmd/jujud/unit.go
   M cmd/jujud/unit_test.go
   M environs/cloudinit/cloudinit.go
   M environs/config/config.go
   M log/syslog/config.go
   M log/syslog/config_test.go
   M log/syslog/testing/syslogconf.go
   M provider/local/config.go
   M provider/local/environ.go
   M state/api/params/params.go
   A state/api/rsyslog/package_test.go
   A state/api/rsyslog/rsyslog.go
   A state/api/rsyslog/rsyslog_test.go
   M state/api/state.go
   M state/apiserver/root.go
   A state/apiserver/rsyslog/package_test.go
   A state/apiserver/rsyslog/rsyslog.go
   A state/apiserver/rsyslog/rsyslog_test.go
   A upgrades/rsysloggnutls.go
   M upgrades/steps118.go
   M upgrades/steps118_test.go
   A worker/rsyslog/export_test.go
   A worker/rsyslog/rsyslog_test.go
   A worker/rsyslog/worker.go

« Back to merge proposal