From 1606aad1a4f9d31eceff2f1fd0e78c21489ba4f6 Mon Sep 17 00:00:00 2001 From: Dmitry Tantsur Date: Fri, 24 Jul 2020 16:08:36 +0200 Subject: [PATCH] Store inspector ramdisk logs by default They have not been stored previously because the logs collector was not enabled. Also use the standard location for logs and save them in the CI. Change-Id: I034a5fffb982a848ceda3db6635da841f869111e --- .../roles/bifrost-ironic-install/README.md | 4 ---- .../bifrost-ironic-install/defaults/main.yml | 4 ++-- .../tasks/inspector_bootstrap.yml | 23 ++++++++----------- .../templates/ironic-inspector.conf.j2 | 6 +++-- ...spector-ramdisk-logs-0db7c111fd455cec.yaml | 9 ++++++++ scripts/collect-test-info.sh | 6 ++--- 6 files changed, 27 insertions(+), 25 deletions(-) create mode 100644 releasenotes/notes/inspector-ramdisk-logs-0db7c111fd455cec.yaml diff --git a/playbooks/roles/bifrost-ironic-install/README.md b/playbooks/roles/bifrost-ironic-install/README.md index d50bf8c2b..02e9bc597 100644 --- a/playbooks/roles/bifrost-ironic-install/README.md +++ b/playbooks/roles/bifrost-ironic-install/README.md @@ -198,10 +198,6 @@ inspector_manage_firewall: Boolean value, default false. Controls whether adds the rule to permit the callback traffic, so you shouldn't need to enable this. -inspector_data_dir: Base path for ironic-inspector's temporary data and log - files. The default location is - `/opt/stack/ironic-inspector/var`. - inspector_port_addition: Defines which MAC addresses to add as ports during introspection. Possible values are `all`, `active`, and `pxe`. The default value is `pxe`. diff --git a/playbooks/roles/bifrost-ironic-install/defaults/main.yml b/playbooks/roles/bifrost-ironic-install/defaults/main.yml index ee3c88742..8e576bdbb 100644 --- a/playbooks/roles/bifrost-ironic-install/defaults/main.yml +++ b/playbooks/roles/bifrost-ironic-install/defaults/main.yml @@ -199,11 +199,11 @@ ironic_log_dir: /var/log/ironic # Set inspector_log_dir to use a non-default log directory for inspector. #inspector_log_dir: +inspector_ramdisk_logs_local_path: /var/log/ironic-inspector/ramdisk # Set nginx_log_dir to use a non-default log directory for nginx. nginx_log_dir: /var/log/nginx -inspector_data_dir: "/opt/stack/ironic-inspector/var" inspector_store_ramdisk_logs: true # Note: inspector_port_addition has three valid values: all, active, pxe inspector_port_addition: "pxe" @@ -213,7 +213,7 @@ inspector_keep_ports: "present" # String value containing extra kernel parameters for the inspector default # PXE configuration. -#inspector_extra_kernel_options: +inspector_extra_kernel_options: "ipa-inspection-collectors=default,logs" # Set inspector_processing_hooks to specify a non-default comma-separated # list of processing hooks for inspector. diff --git a/playbooks/roles/bifrost-ironic-install/tasks/inspector_bootstrap.yml b/playbooks/roles/bifrost-ironic-install/tasks/inspector_bootstrap.yml index 4f67607b4..6dda47c10 100644 --- a/playbooks/roles/bifrost-ironic-install/tasks/inspector_bootstrap.yml +++ b/playbooks/roles/bifrost-ironic-install/tasks/inspector_bootstrap.yml @@ -72,20 +72,17 @@ owner=ironic group=ironic mode=0740 -- name: "Inspector - create data folder" +- name: "Inspector - Create the log directories (if requested)" file: - name="{{ inspector_data_dir }}" - state=directory - owner=ironic - group=ironic - mode=0755 -- name: "Inspector - create log folder" - file: - name="{{ inspector_data_dir }}/log" - state=directory - owner=ironic - group=ironic - mode=0755 + name: "{{ item }}" + state: directory + owner: ironic + group: ironic + mode: 0700 + loop: + - "{{ inspector_log_dir | default('') }}" + - "{{ inspector_ramdisk_logs_local_path | default('') }}" + when: item != "" - name: "Upgrade inspector DB Schema" shell: ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade become: true diff --git a/playbooks/roles/bifrost-ironic-install/templates/ironic-inspector.conf.j2 b/playbooks/roles/bifrost-ironic-install/templates/ironic-inspector.conf.j2 index c46d1788d..ad71313cc 100644 --- a/playbooks/roles/bifrost-ironic-install/templates/ironic-inspector.conf.j2 +++ b/playbooks/roles/bifrost-ironic-install/templates/ironic-inspector.conf.j2 @@ -8,7 +8,7 @@ auth_strategy = noauth {% endif %} debug = {{ inspector_debug | bool }} -{% if inspector_log_dir is defined %} +{% if inspector_log_dir | default("") != "" %} log_dir = {{ inspector_log_dir }} {% endif %} @@ -59,7 +59,9 @@ project_domain_id = default [processing] add_ports = {{ inspector_port_addition | default('pxe') }} keep_ports = {{ inspector_keep_ports | default('present') }} -ramdisk_logs_dir = {{ inspector_data_dir }}/log +{% if inspector_ramdisk_logs_local_path | default("") != "" %} +ramdisk_logs_dir = {{ inspector_ramdisk_logs_local_path }} +{% endif %} always_store_ramdisk_logs = {{ inspector_store_ramdisk_logs | default('true') | bool }} {% if inspector_processing_hooks is defined %} processing_hooks = {{ inspector_processing_hooks }} diff --git a/releasenotes/notes/inspector-ramdisk-logs-0db7c111fd455cec.yaml b/releasenotes/notes/inspector-ramdisk-logs-0db7c111fd455cec.yaml new file mode 100644 index 000000000..3fbd74c5d --- /dev/null +++ b/releasenotes/notes/inspector-ramdisk-logs-0db7c111fd455cec.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + The ramdisk logs for inspection are now stored by default in + ``/var/log/ironic-inspector/ramdisk``. +security: + - | + Uses mode 0700 for the inspector log directories to prevent them from being + world readable. diff --git a/scripts/collect-test-info.sh b/scripts/collect-test-info.sh index 8a63dbe24..bb2184fd8 100755 --- a/scripts/collect-test-info.sh +++ b/scripts/collect-test-info.sh @@ -81,10 +81,8 @@ for vm in $(baremetal node list -c Name -f value); do baremetal node show $vm >> ${LOG_LOCATION}/baremetal.txt done -if [ -d "/var/log/ironic" ]; then - sudo cp -a "/var/log/ironic" ${LOG_LOCATION}/ipa-logs - ls -la ${LOG_LOCATION}/ipa-logs -fi +sudo cp -a "/var/log/ironic/deploy" ${LOG_LOCATION}/deploy-ramdisk +sudo cp -a "/var/log/ironic-inspector/ramdisk" ${LOG_LOCATION}/inspection-ramdisk # general info sudo ps auxf &> ${LOG_LOCATION}/ps.txt