Merge "Store inspector ramdisk logs by default"

playbooks/roles/bifrost-ironic-install/README.md

@@ -198,10 +198,6 @@ inspector_manage_firewall: Boolean value, default false. Controls whether
                            adds the rule to permit the callback traffic,
                            so you shouldn't need to enable this.
 
-inspector_data_dir: Base path for ironic-inspector's temporary data and log
-                    files. The default location is
-                    `/opt/stack/ironic-inspector/var`.
-
 inspector_port_addition: Defines which MAC addresses to add as ports during
                          introspection. Possible values are `all`, `active`,
                          and `pxe`. The default value is `pxe`.

playbooks/roles/bifrost-ironic-install/defaults/main.yml

@@ -194,11 +194,11 @@ ironic_log_dir: /var/log/ironic
 
 # Set inspector_log_dir to use a non-default log directory for inspector.
 #inspector_log_dir:
+inspector_ramdisk_logs_local_path: /var/log/ironic-inspector/ramdisk
 
 # Set nginx_log_dir to use a non-default log directory for nginx.
 nginx_log_dir: /var/log/nginx
 
-inspector_data_dir: "/opt/stack/ironic-inspector/var"
 inspector_store_ramdisk_logs: true
 # Note: inspector_port_addition has three valid values: all, active, pxe
 inspector_port_addition: "pxe"
@@ -208,7 +208,7 @@ inspector_keep_ports: "present"
 
 # String value containing extra kernel parameters for the inspector default
 # PXE configuration.
-#inspector_extra_kernel_options:
+inspector_extra_kernel_options: "ipa-inspection-collectors=default,logs"
 
 # Set inspector_processing_hooks to specify a non-default comma-separated
 # list of processing hooks for inspector.

playbooks/roles/bifrost-ironic-install/tasks/inspector_bootstrap.yml

@@ -72,20 +72,17 @@
     owner=ironic
     group=ironic
     mode=0740
-- name: "Inspector - create data folder"
+- name: "Inspector - Create the log directories (if requested)"
   file:
-    name="{{ inspector_data_dir }}"
-    state=directory
-    owner=ironic
-    group=ironic
-    mode=0755
-- name: "Inspector - create log folder"
-  file:
-    name="{{ inspector_data_dir }}/log"
-    state=directory
-    owner=ironic
-    group=ironic
-    mode=0755
+    name: "{{ item }}"
+    state: directory
+    owner: ironic
+    group: ironic
+    mode: 0700
+  loop:
+    - "{{ inspector_log_dir | default('') }}"
+    - "{{ inspector_ramdisk_logs_local_path | default('') }}"
+  when: item != ""
 - name: "Upgrade inspector DB Schema"
   shell: ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade
   become: true

playbooks/roles/bifrost-ironic-install/templates/ironic-inspector.conf.j2

@@ -8,7 +8,7 @@ auth_strategy = noauth
 {% endif %}
 debug = {{ inspector_debug | bool }}
 
-{% if inspector_log_dir is defined %}
+{% if inspector_log_dir | default("") != "" %}
 log_dir = {{ inspector_log_dir }}
 {% endif %}
 
@@ -59,7 +59,9 @@ project_domain_id = default
 [processing]
 add_ports = {{ inspector_port_addition | default('pxe') }}
 keep_ports = {{ inspector_keep_ports | default('present') }}
-ramdisk_logs_dir = {{ inspector_data_dir }}/log
+{% if inspector_ramdisk_logs_local_path | default("") != "" %}
+ramdisk_logs_dir = {{ inspector_ramdisk_logs_local_path }}
+{% endif %}
 always_store_ramdisk_logs = {{ inspector_store_ramdisk_logs | default('true') | bool }}
 {% if inspector_processing_hooks is defined %}
 processing_hooks = {{ inspector_processing_hooks }}

releasenotes/notes/inspector-ramdisk-logs-0db7c111fd455cec.yaml

@@ -0,0 +1,9 @@
+---
+features:
+  - |
+    The ramdisk logs for inspection are now stored by default in
+    ``/var/log/ironic-inspector/ramdisk``.
+security:
+  - |
+    Uses mode 0700 for the inspector log directories to prevent them from being
+    world readable.

scripts/collect-test-info.sh

@@ -81,10 +81,8 @@ for vm in $(baremetal node list -c Name -f value); do
     baremetal node show $vm >> ${LOG_LOCATION}/baremetal.txt
 done
 
-if [ -d "/var/log/ironic" ]; then
-   sudo cp -a "/var/log/ironic" ${LOG_LOCATION}/ipa-logs
-   ls -la ${LOG_LOCATION}/ipa-logs
-fi
+sudo cp -a "/var/log/ironic/deploy" ${LOG_LOCATION}/deploy-ramdisk
+sudo cp -a "/var/log/ironic-inspector/ramdisk" ${LOG_LOCATION}/inspection-ramdisk
 
 # general info
 sudo ps auxf &> ${LOG_LOCATION}/ps.txt