commit 24c1450decbf914ab5a72796d7cd4dc29157fd45
Author: Michal Nasiadka <mnasiadka@gmail.com>
Date:   Wed Aug 5 14:49:48 2020 +0200

    Fix glance-tls-proxy logrotate and fluentd log permissions
    
    Change-Id: Iabc0115d3476a626df134cc70cb473bf6e72487e
    Closes-Bug: #1890439
    (cherry picked from commit aed9f84fe9a486c4acc975458fe4693c714d408f)

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index ec5f815..c6cce6e 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -842,6 +842,8 @@ glance_backend_swift: "{{ enable_swift | bool }}"
 glance_file_datadir_volume: "glance"
 glance_enable_rolling_upgrade: "no"
 glance_api_hosts: "{{ [groups['glance-api']|first] if glance_backend_file | bool and glance_file_datadir_volume == 'glance' else groups['glance-api'] }}"
+# NOTE(mnasiadka): For use in common role
+glance_enable_tls_backend: "{{ kolla_enable_tls_backend }}"
 
 #######################
 # Barbican options
diff --git a/ansible/roles/common/tasks/config.yml b/ansible/roles/common/tasks/config.yml
index bf70062..9ddd1ee 100644
--- a/ansible/roles/common/tasks/config.yml
+++ b/ansible/roles/common/tasks/config.yml
@@ -295,7 +295,7 @@
       - { name: "fluentd", enabled: "{{ enable_fluentd | bool }}" }
       - { name: "freezer", enabled: "{{ enable_freezer | bool }}" }
       - { name: "glance", enabled: "{{ enable_glance | bool }}" }
-      - { name: "glance-tls-proxy", enabled: "{{ enable_glance | bool }}" }
+      - { name: "glance-tls-proxy", enabled: "{{ glance_enable_tls_backend | bool }}" }
       - { name: "gnocchi", enabled: "{{ enable_gnocchi | bool }}" }
       - { name: "grafana", enabled: "{{ enable_grafana | bool }}" }
       - { name: "haproxy", enabled: "{{ enable_haproxy | bool }}" }
diff --git a/ansible/roles/common/templates/conf/output/00-local.conf.j2 b/ansible/roles/common/templates/conf/output/00-local.conf.j2
index d1eb7ae..4dcfe97 100644
--- a/ansible/roles/common/templates/conf/output/00-local.conf.j2
+++ b/ansible/roles/common/templates/conf/output/00-local.conf.j2
@@ -120,6 +120,7 @@
 {% endif %}
 </match>
 
+{% if glance_enable_tls_backend | bool %}
 <match syslog.{{ syslog_glance_tls_proxy_facility }}.**>
   @type copy
   <store>
@@ -178,3 +179,4 @@
   </store>
 {% endif %}
 </match>
+{% endif %}
diff --git a/ansible/roles/common/templates/fluentd.json.j2 b/ansible/roles/common/templates/fluentd.json.j2
index 94656c2..6a45eca 100644
--- a/ansible/roles/common/templates/fluentd.json.j2
+++ b/ansible/roles/common/templates/fluentd.json.j2
@@ -56,6 +56,13 @@
             "owner": "{{ fluentd_user }}:{{ fluentd_user }}",
             "recurse": true
         },
+{% if glance_enable_tls_backend | bool %}
+        {
+            "path": "/var/log/kolla/glance-tls-proxy",
+            "owner": "{{ fluentd_user }}:{{ fluentd_user }}",
+            "recurse": true
+        },
+{% endif %}
         {
             "path": "/var/log/kolla/swift",
             "owner": "{{ fluentd_user }}:{{ fluentd_user }}",
diff --git a/ansible/roles/glance/defaults/main.yml b/ansible/roles/glance/defaults/main.yml
index 98c0fb8..79765d3 100644
--- a/ansible/roles/glance/defaults/main.yml
+++ b/ansible/roles/glance/defaults/main.yml
@@ -210,11 +210,6 @@ vmware_datastore_name:
 glance_cache_max_size: "10737418240"
 
 ####################
-# TLS
-####################
-glance_enable_tls_backend: "{{ kolla_enable_tls_backend }}"
-
-####################
 # Backend TLS proxy
 ####################
 syslog_server: "{{ api_interface_address }}"