Cuttlefish schema to configure syslog application.

Configure the syslog application directly instead of relying on rabbit_lager module.
author: Daniil Fedotov <hairyhum@gmail.com> 2018-05-17 15:35:41 +0100
committer: Daniil Fedotov <hairyhum@gmail.com> 2018-05-17 15:36:57 +0100
commit: 0fe2422741d1c726de1564b8c4aa9a909191b8b0 (patch)
tree: 05f9ed741bbfd2fe87d17b3aa9afe6e1fa1e65ac
parent: b89f9cb4d8f42187581a46a4f9a650b9a11ed36e (diff)
download: rabbitmq-server-git-0fe2422741d1c726de1564b8c4aa9a909191b8b0.tar.gz
3 files changed, 215 insertions, 14 deletions
diff --git a/priv/schema/rabbit.schema b/priv/schema/rabbit.schema
index 181e20447e..6d82cdc1f5 100644
--- a/priv/schema/rabbit.schema
+++ b/priv/schema/rabbit.schema
@@ -1070,12 +1070,174 @@ end}.
 {mapping, "log.syslog.level", "rabbit.log.syslog.level", [
     {datatype, {enum, [debug, info, notice, warning, error, critical, alert, emergency, none]}}
 ]}.
-{mapping, "log.syslog.identity", "rabbit.log.syslog.identity", [
+
+{mapping, "log.syslog.identity", "syslog.app_name", [
     {datatype, string}
 ]}.
-{mapping, "log.syslog.facility", "rabbit.log.syslog.facility", [
-    {datatype, atom}
+
+{mapping, "log.syslog.facility", "syslog.facility", [
+    {datatype, {enum, [kern, kernel, user, mail, daemon, auth, syslog, lpr,
+                       news, uucp, cron, authpriv, ftp, ntp, audit, alert,
+                       clock, local0, local1, local2, local3, local4,
+                       local5, local6, local7]}}
+]}.
+
+{mapping, "log.syslog.multiline_mode", "syslog.multiline_mode", [
+    {datatype, {enum, [true, false]}}
+]}.
+
+{mapping, "log.syslog.ip", "syslog.dest_host", [
+    {datatype, string},
+    {validators, ["is_ip"]}
+]}.
+
+{translation, "syslog.dest_host",
+fun(Conf) ->
+    IpString = cuttlefish:conf_get("log.syslog.ip", Conf),
+    {ok, IP} = inet:parse_address(IpString),
+    IP
+end}.
+
+{mapping, "log.syslog.port", "syslog.dest_port", [
+    {datatype, integer}
+]}.
+
+{mapping, "log.syslog.transport", "syslog.protocol", [
+    {datatype, {enum, [udp, tcp, tls, ssl]}}
+]}.
+{mapping, "log.syslog.protocol", "syslog.protocol", [
+    {datatype, {enum, [rfc3164, rfc5424]}}
 ]}.
+{mapping, "log.syslog.ssl_options.verify", "syslog.protocol", [
+    {datatype, {enum, [verify_peer, verify_none]}}]}.
+
+{mapping, "log.syslog.ssl_options.fail_if_no_peer_cert", "syslog.protocol", [
+    {datatype, {enum, [true, false]}}]}.
+
+{mapping, "log.syslog.ssl_options.cacertfile", "syslog.protocol",
+    [{datatype, string}, {validators, ["file_accessible"]}]}.
+
+{mapping, "log.syslog.ssl_options.certfile", "syslog.protocol",
+    [{datatype, string}, {validators, ["file_accessible"]}]}.
+
+{mapping, "log.syslog.ssl_options.cacerts.$name", "syslog.protocol",
+    [{datatype, string}]}.
+
+{mapping, "log.syslog.ssl_options.cert", "syslog.protocol",
+    [{datatype, string}]}.
+
+{mapping, "log.syslog.ssl_options.client_renegotiation", "syslog.protocol",
+    [{datatype, {enum, [true, false]}}]}.
+
+{mapping, "log.syslog.ssl_options.crl_check", "syslog.protocol",
+    [{datatype, [{enum, [true, false, peer, best_effort]}]}]}.
+
+{mapping, "log.syslog.ssl_options.depth", "syslog.protocol",
+    [{datatype, integer}, {validators, ["byte"]}]}.
+
+{mapping, "log.syslog.ssl_options.dh", "syslog.protocol",
+    [{datatype, string}]}.
+
+{mapping, "log.syslog.ssl_options.dhfile", "syslog.protocol",
+    [{datatype, string}, {validators, ["file_accessible"]}]}.
+
+{mapping, "log.syslog.ssl_options.honor_cipher_order", "syslog.protocol",
+    [{datatype, {enum, [true, false]}}]}.
+
+{mapping, "log.syslog.ssl_options.honor_ecc_order", "syslog.protocol",
+    [{datatype, {enum, [true, false]}}]}.
+
+{mapping, "log.syslog.ssl_options.key.RSAPrivateKey", "syslog.protocol",
+    [{datatype, string}]}.
+
+{mapping, "log.syslog.ssl_options.key.DSAPrivateKey", "syslog.protocol",
+    [{datatype, string}]}.
+
+{mapping, "log.syslog.ssl_options.key.PrivateKeyInfo", "syslog.protocol",
+    [{datatype, string}]}.
+
+{mapping, "log.syslog.ssl_options.keyfile", "syslog.protocol",
+    [{datatype, string}, {validators, ["file_accessible"]}]}.
+
+{mapping, "log.syslog.ssl_options.log_alert", "syslog.protocol",
+    [{datatype, {enum, [true, false]}}]}.
+
+{mapping, "log.syslog.ssl_options.password", "syslog.protocol",
+    [{datatype, string}]}.
+
+{mapping, "log.syslog.ssl_options.psk_identity", "syslog.protocol",
+    [{datatype, string}]}.
+
+{mapping, "log.syslog.ssl_options.reuse_sessions", "syslog.protocol",
+    [{datatype, {enum, [true, false]}}]}.
+
+{mapping, "log.syslog.ssl_options.secure_renegotiate", "syslog.protocol",
+    [{datatype, {enum, [true, false]}}]}.
+
+{mapping, "log.syslog.ssl_options.versions.$version", "syslog.protocol",
+    [{datatype, atom}]}.
+
+{translation, "syslog.protocol",
+fun(Conf) ->
+    ParseSslOptions = fun() ->
+        RawSettings = [
+            {verify,               cuttlefish:conf_get("log.syslog.ssl_options.verify", Conf, undefined)},
+            {fail_if_no_peer_cert, cuttlefish:conf_get("log.syslog.ssl_options.fail_if_no_peer_cert", Conf, undefined)},
+            {cacertfile,           cuttlefish:conf_get("log.syslog.ssl_options.cacertfile", Conf, undefined)},
+            {certfile,             cuttlefish:conf_get("log.syslog.ssl_options.certfile", Conf, undefined)},
+            {cert,                 cuttlefish:conf_get("log.syslog.ssl_options.cert", Conf, undefined)},
+            {client_renegotiation, cuttlefish:conf_get("log.syslog.ssl_options.client_renegotiation", Conf, undefined)},
+            {crl_check,            cuttlefish:conf_get("log.syslog.ssl_options.crl_check", Conf, undefined)},
+            {depth,                cuttlefish:conf_get("log.syslog.ssl_options.depth", Conf, undefined)},
+            {dh,                   cuttlefish:conf_get("log.syslog.ssl_options.dh", Conf, undefined)},
+            {dhfile,               cuttlefish:conf_get("log.syslog.ssl_options.dhfile", Conf, undefined)},
+            {honor_cipher_order,   cuttlefish:conf_get("log.syslog.ssl_options.honor_cipher_order", Conf, undefined)},
+            {honor_ecc_order,      cuttlefish:conf_get("log.syslog.ssl_options.honor_ecc_order", Conf, undefined)},
+
+            {keyfile,              cuttlefish:conf_get("log.syslog.ssl_options.keyfile", Conf, undefined)},
+            {log_alert,            cuttlefish:conf_get("log.syslog.ssl_options.log_alert", Conf, undefined)},
+            {password,             cuttlefish:conf_get("log.syslog.ssl_options.password", Conf, undefined)},
+            {psk_identity,         cuttlefish:conf_get("log.syslog.ssl_options.psk_identity", Conf, undefined)},
+            {reuse_sessions,       cuttlefish:conf_get("log.syslog.ssl_options.reuse_sessions", Conf, undefined)},
+            {secure_renegotiate,   cuttlefish:conf_get("log.syslog.ssl_options.secure_renegotiate", Conf, undefined)}
+            ],
+        DefinedSettings = [{K, V} || {K, V} <- RawSettings, V  =/= undefined],
+
+        lists:map(
+            fun({K, Val}) when K == dh; K == cert -> {K, list_to_binary(Val)};
+               ({K, Val}) -> {K, Val}
+            end,
+            DefinedSettings) ++
+        [ {K, V}
+          || {K, V} <-
+            [{cacerts, [ list_to_binary(V) || {_, V} <- cuttlefish_variable:filter_by_prefix("log.syslog.ssl_options.cacerts", Conf)]},
+             {versions, [ V || {_, V} <- cuttlefish_variable:filter_by_prefix("log.syslog.ssl_options.versions", Conf) ]},
+             {key, case cuttlefish_variable:filter_by_prefix("log.syslog.ssl_options.key", Conf) of
+                      [{[_,_,Key], Val}|_] -> {list_to_atom(Key), list_to_binary(Val)};
+                      _ -> undefined
+                   end}],
+          V =/= undefined,
+          V =/= []]
+    end,
+
+    Proto = cuttlefish:conf_get("log.syslog.protocol", Conf, undefined),
+    Transport = cuttlefish:conf_get("log.syslog.transport", Conf, udp),
+    case Transport of
+        TLS when TLS == tls; TLS == ssl ->
+            case Proto of
+                rfc3164 ->
+                    cuttlefish:invalid("Syslog protocol rfc3164 is not compatible with TLS");
+                _       ->
+                    {rfc5424, tls, ParseSslOptions()}
+            end;
+        _ when Transport == udp; Transport == tcp ->
+            case Proto of
+                undefined -> {rfc3164, Transport};
+                _         -> {Proto, Transport}
+            end;
+        _ -> cuttlefish:invalid("Invalid syslog transport ~p~n", [Transport])
+    end
+end}.
 
 {mapping, "log.file", "rabbit.log.file.file", [
     {datatype, [{enum, [false]}, string]}
diff --git a/src/rabbit_lager.erl b/src/rabbit_lager.erl
index 8575e6fe6a..0003b74ea8 100644
--- a/src/rabbit_lager.erl
+++ b/src/rabbit_lager.erl
@@ -274,18 +274,8 @@ configure_syslog() ->
     case application:get_env(syslog, syslog_error_logger) of
         undefined -> application:set_env(syslog, syslog_error_logger, false);
         _ -> ok
-    end,
-    LogConfig = application:get_env(rabbit, log, []),
-    case proplists:get_value(syslog, LogConfig, undefined) of
-        undefined -> ok;
-        SyslogConfig when is_list(SyslogConfig) ->
-            Identity = proplists:get_value(identity, SyslogConfig, "rabbitmq"),
-            Facility = proplists:get_value(facility, SyslogConfig, daemon),
-            application:set_env(syslog, app_name, Identity),
-            application:set_env(syslog, facility, Facility)
     end.
 
-
 remove_rabbit_handlers(Handlers, FormerHandlers) ->
     lists:filter(fun(Handler) ->
         not lists:member(Handler, FormerHandlers)
diff --git a/test/config_schema_SUITE_data/rabbit.snippets b/test/config_schema_SUITE_data/rabbit.snippets
index e4dda9f368..93546cb1c6 100644
--- a/test/config_schema_SUITE_data/rabbit.snippets
+++ b/test/config_schema_SUITE_data/rabbit.snippets
@@ -534,5 +534,54 @@ credential_validator.regexp = ^abc\\d+",
    [{kernel, [
       {net_ticktime, 20}
      ]}],
-   []}
+   []},
+  {log_syslog_settings,
+   "log.syslog = true
+    log.syslog.identity = rabbitmq
+    log.syslog.facility = user
+    log.syslog.multiline_mode = true
+    log.syslog.ip = 10.10.10.10
+    log.syslog.port = 123",
+   [
+    {rabbit,[{log, [{syslog, [{enabled, true}]}]}]},
+    {syslog, [{app_name, "rabbitmq"},
+              {facility, user},
+              {multiline_mode, true},
+              {dest_host, {10, 10, 10, 10}},
+              {dest_port, 123}]}
+   ],
+   []},
+  {log_syslog_tcp,
+   "log.syslog = true
+    log.syslog.transport = tcp
+    log.syslog.protocol = rfc5424",
+   [
+    {rabbit,[{log, [{syslog, [{enabled, true}]}]}]},
+    {syslog, [{protocol, {rfc5424, tcp}}]}
+   ],
+   []},
+  {log_syslog_udp_default,
+   "log.syslog = true
+    log.syslog.protocol = rfc3164",
+   [
+    {rabbit,[{log, [{syslog, [{enabled, true}]}]}]},
+    {syslog, [{protocol, {rfc3164, udp}}]}
+   ],
+   []},
+  {log_syslog_tls,
+  "log.syslog = true
+   log.syslog.transport = tls
+   log.syslog.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem
+   log.syslog.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem
+   log.syslog.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem
+   log.syslog.ssl_options.verify = verify_peer
+   log.syslog.ssl_options.fail_if_no_peer_cert = false",
+  [{rabbit, [{log, [{syslog, [{enabled, true}]}]}]},
+   {syslog, [{protocol, {rfc5424, tls,
+              [{verify,verify_peer},
+               {fail_if_no_peer_cert,false},
+               {cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"},
+               {certfile,"test/config_schema_SUITE_data/certs/cert.pem"},
+               {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}]}}]}],
+  []}
 ].
author	Daniil Fedotov <hairyhum@gmail.com>	2018-05-17 15:35:41 +0100
committer	Daniil Fedotov <hairyhum@gmail.com>	2018-05-17 15:36:57 +0100
commit	0fe2422741d1c726de1564b8c4aa9a909191b8b0 (patch)
tree	05f9ed741bbfd2fe87d17b3aa9afe6e1fa1e65ac
parent	b89f9cb4d8f42187581a46a4f9a650b9a11ed36e (diff)
download	rabbitmq-server-git-0fe2422741d1c726de1564b8c4aa9a909191b8b0.tar.gz