openstack/openstack-ansible
Code Issues Proposed changes
f91b88078a
openstack-ansible/playbooks/infra-journal-remote.yml
Kevin Carter fd04ab82dd Fix journal remote playbook 
Changes have been made and things have been learned about how best to
configure and tune systemd when uploading remote journals.

Overview:

> The old setup was binding to users and groups which are not needed.
> Journald was not setup to best recieve remote journals and with its
  default config will fill up disks remote target disks.
> This playbook is leveraging the systemd-service common role in a way
  that is no longer needed given the upstream improvements we've made
  in the role.

This change updates our playbook to ensure we're tuning the system
accordingly and removing code we no longer need.

Change-Id: I426dc8c29987e7b034a656e7d81321655ed6dbe2
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2019-01-23 15:05:40 +00:00

118 lines
4.0 KiB
YAML
Raw Blame History

---
# Copyright 2018, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Install Journal-Remote
hosts: hosts
gather_facts: "{{ osa_gather_facts | default(True) }}"
become: true
handlers:
- name: Restart systemd-journald
systemd:
name: systemd-journald
state: restarted
pre_tasks:
# At this time there's no suitable package available for systemd-journal-remote/gateway
# When installing on SUSE 42.x. For now this playbook will omit suse when the package
# manager is "zypper". When a suitable package is available on SUSE this should be removed.
- name: Omit suse from this playbook
meta: end_play
when:
- ansible_pkg_mgr == 'zypper'
- name: Skip playbook if log_hosts group is empty
meta: end_play
when:
- groups['log_hosts'] | length == 0
- name: Install systemd-journal-remote
package:
name: "{{ systemd_journal_remote_distro_package[ansible_pkg_mgr] }}"
state: "{{ package_state }}"
- name: Create journal directory
file:
path: "/var/log/journal"
state: "directory"
owner: "root"
group: "systemd-journal"
- name: Create journal remote directory
file:
path: "/var/log/journal/remote"
state: "directory"
owner: "systemd-journal-remote"
group: "systemd-journal"
- name: Ensure receiving hosts are tuned
ini_file:
path: "/etc/systemd/journald.conf"
section: Journal
option: "{{ item.key }}"
value: "{{ item.value }}"
backup: yes
with_items:
- key: RuntimeMaxFiles
value: "{{ ((((groups['hosts'] | length) * 1.5) + (groups['hosts'] | length)) // 1) | int }}"
- key: RuntimeMaxFileSize
value: "5G"
- key: Compress
value: "yes"
- key: MaxFileSec
value: "1d"
- key: MaxRetentionSec
value: "2d"
when:
- (ansible_host == systemd_journal_remote_target)
notify:
- Restart systemd-journald
roles:
- role: "systemd_service"
systemd_tempd_prefix: "openstack"
systemd_CPUAccounting: true
systemd_BlockIOAccounting: true
systemd_MemoryAccounting: true
systemd_TasksAccounting: true
systemd_services:
- service_name: "systemd-journal-remote"
enabled: "{{ (ansible_host != systemd_journal_remote_target) | ternary('no', 'yes') }}"
state: "{{ (ansible_host != systemd_journal_remote_target) | ternary('stopped', 'started') }}"
execstarts: >-
{{ systemd_utils_prefix }}/systemd-journal-remote
--listen-http=-3
--split-mode=host
--compress
--seal
--output=/var/log/journal/remote/
- service_name: "systemd-journal-upload"
enabled: "{{ (ansible_host == systemd_journal_remote_target) | ternary('no', 'yes') }}"
state: "{{ (ansible_host == systemd_journal_remote_target) | ternary('stopped', 'started') }}"
execstarts: >-
{{ systemd_utils_prefix }}/systemd-journal-upload
--save-state
--merge
--url=http://{{ systemd_journal_remote_target }}:19532
vars:
systemd_journal_remote_target: "{{ hostvars[groups['log_hosts'][0]]['ansible_host'] }}"
systemd_journal_remote_distro_package:
apt: "systemd-journal-remote"
yum: "systemd-journal-gateway"
dnf: "systemd-journal-gateway"
tags:
- journal-remote
View Git Blame Copy Permalink