11:04 a.m.
Hi all,
hi Maciej,
since it would be nice (not only to accord to data privacy law) to
anonymizie ip addressses in nginx logfiles I tried to achieve this with
existent debops roles. My approach is to log via syslog together wit
mmanon module.
As far as I found out - this doesn't work out of the box, because the
default.conf.j2 template already has a access_log line which is composed
with static log path root "/" and suffix .log:
access_log {{ (item.log_path | d(nginx_log_path)) + '/' +
item.access_log | d(item.filename | d(item.name if item.name is string
else item.name[0]) + '_access') }}.log{{ nginx_tpl_access_log_format }};
As far as I understood, this is not optional and configurable.
So I wrote a new template where I replaced these lines with:
access_log {{ item.syslog_access }};
error_log {{ item.syslog_error }};
and i can have in my config something like:
nginx__servers:
- name
[...]
syslog_access: "syslog:server=unix:/dev/log,tag=nginx_access"
syslog_error: "syslog:server=unix:/dev/log,tag=nginx_error"
Is it possible to store this template somwere in my project directory
instead of debops repository?
By the way: maybe it's worth to extend the default template with the
possibility to log to syslog instead of files?
Best regards
Jan
10:37 p.m.
On Apr 12, Jan Kowalsky wrote:
since it would be nice (not only to accord to data privacy law) to
anonymizie ip addressses in nginx logfiles I tried to achieve this with
existent debops roles. My approach is to log via syslog together wit
mmanon module.
As far as I found out - this doesn't work out of the box, because the
default.conf.j2 template already has a access_log line which is composed
with static log path root "/" and suffix .log:
access_log {{ (item.log_path | d(nginx_log_path)) + '/' +
item.access_log | d(item.filename | d(item.name if item.name is string
else item.name[0]) + '_access') }}.log{{ nginx_tpl_access_log_format }};
As far as I understood, this is not optional and configurable.
So I wrote a new template where I replaced these lines with:
access_log {{ item.syslog_access }};
error_log {{ item.syslog_error }};
and i can have in my config something like:
nginx__servers:
- name
[...]
syslog_access: "syslog:server=unix:/dev/log,tag=nginx_access"
syslog_error: "syslog:server=unix:/dev/log,tag=nginx_error"
Is it possible to store this template somwere in my project directory
instead of debops repository?
By the way: maybe it's worth to extend the default template with the
possibility to log to syslog instead of files?
Hello,
There's currently no way to pass an external template to the debops.nginx
role. This could be possible using the 'template_src' custom lookup plugin
included in DebOps; that way you could put external templates in the project
directory as you describe. But that needs to be implemented, and I'm currently
slightly against doing that - custom lookup plugins make roles less portable.
IMO, writing a role in a way that you can customize it through Ansible
inventory without external additions is a better direction. Of course
'debops.nginx' is a bad example of this, and will have to be redesigned from
scratch. I'm not ready for that just yet though, I feel that there still are
some pieces missing to do a good rewrite of this role.
Nevertheless, I think that you're right about issues with access and error log
definitions in the debops.nginx default server template. It should be more
like:
access_log {{ item.access_log | d(nginx_log_path + "/" + (item.filename +
"_access.log")) }};
error_log {{ item.error_log | d(nginx_log_path + "/" + (item.filename +
"_error.log")) }};
With some better designed filename generation of course. That way you could
easily overwrite it with syslog configuration. Want to try and clean up the
current definition in the default template? If not, I can take a crack at it
in a few days.
Cheers,
Maciej
2080
days inactive
2080
days old
1 comments
2 participants
participants (2)
-
Jan Kowalsky -
Maciej Delmanowski