From 48b277cdc952281d5c741caa0d57b0d35d8f2b0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= Date: Thu, 7 Mar 2019 09:44:29 +0100 Subject: [PATCH] [Queens-only] Install and configure tmpwatch for log cleanup Installing and configuring tmpwatch allows to get rid of some ugly things in logrotate configuration. As the container has no network access anymore, we have to install the tool on the host directly - this isn't that bad. In order to avoid issues with logrotate manage logs, we explicitely exclude patterns manage in the specific logorate configuration. Also, always in order to avoid issues and ensure logrotate does its own cleanup, we clean files one day later. Note: this patch is the port of [1]. We can't really cherry-pick things since we have to correct the heat_template_version value, and config-download not really supported, meaning we can't use the "deploy_steps_tasks" as is. [1] https://review.openstack.org/645183 Related-Bug: https://bugs.launchpad.net/tripleo/+bug/1821852 Change-Id: I5c59f337f2a62bc44e459f13de9bab6b4ab1a9f5 (cherry picked from commit 9e37ce9ab6cc3e2e43a3e115ed59da6991537be8) --- docker/services/logrotate-crond.yaml | 17 +++++++++ environments/undercloud.yaml | 1 + extraconfig/services/tmpwatch-install.yaml | 43 ++++++++++++++++++++++ overcloud-resource-registry-puppet.j2.yaml | 1 + roles/Undercloud.yaml | 1 + roles_data_undercloud.yaml | 1 + 6 files changed, 64 insertions(+) create mode 100644 extraconfig/services/tmpwatch-install.yaml diff --git a/docker/services/logrotate-crond.yaml b/docker/services/logrotate-crond.yaml index 7454e7e31b..0ff160748c 100644 --- a/docker/services/logrotate-crond.yaml +++ b/docker/services/logrotate-crond.yaml @@ -70,6 +70,23 @@ outputs: tripleo::profile::base::logging::logrotate::rotation: {get_param: LogrotateRotationInterval} tripleo::profile::base::logging::logrotate::rotate: {get_param: LogrotateRotate} tripleo::profile::base::logging::logrotate::purge_after_days: {get_param: LogrotatePurgeAfterDays} + host_prep_tasks: + - name: configure tmpwatch on the host + copy: + dest: /etc/cron.daily/containers-tmpwatch + owner: root + group: root + mode: 0755 + content: | + #!/bin/sh + tmpwatch --nodirs \ + -X "/var/log/containers/*/*log" \ + -X "/var/log/containers/*/*/*log" \ + -X "/var/log/containers/*/*err" \ + {{ LogrotatePurgeAfterDays|int +1 }} \ + /var/log/containers/ 2>&1 | logger -t container-tmpwatch + vars: + LogrotatePurgeAfterDays: {get_param: LogrotatePurgeAfterDays} # BEGIN DOCKER SETTINGS puppet_config: config_volume: crond diff --git a/environments/undercloud.yaml b/environments/undercloud.yaml index 07b8c7d8a8..2c2f3e8967 100644 --- a/environments/undercloud.yaml +++ b/environments/undercloud.yaml @@ -1,4 +1,5 @@ resource_registry: + OS::TripleO::Services::Tmpwatch: ../extraconfig/services/tmpwatch-install.yaml OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/noop.yaml OS::TripleO::Network::Ports::ControlPlaneVipPort: ../deployed-server/deployed-neutron-port.yaml OS::TripleO::Undercloud::Net::SoftwareConfig: ../net-config-undercloud.yaml diff --git a/extraconfig/services/tmpwatch-install.yaml b/extraconfig/services/tmpwatch-install.yaml new file mode 100644 index 0000000000..4c21e6e2b0 --- /dev/null +++ b/extraconfig/services/tmpwatch-install.yaml @@ -0,0 +1,43 @@ +heat_template_version: queens + +description: > + Install tmpwatch on the undercloud/standalone + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +outputs: + role_data: + description: Role data for tmpwatch install on undercloud or standalone + value: + service_name: logrotate_tmpwatch + host_prep_tasks: + - name: install tmpwatch on the host + package: + name: tmpwatch + state: installed diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 66a0c2561c..753016ccaf 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -344,6 +344,7 @@ resource_registry: OS::TripleO::Services::Multipathd: docker/services/multipathd.yaml # Logging + OS::TripleO::Services::Tmpwatch: OS::Heat::None OS::TripleO::Services::Logging::BarbicanApi: docker/services/logging/files/barbican-api.yaml OS::TripleO::Services::Logging::GlanceApi: docker/services/logging/files/glance-api.yaml OS::TripleO::Services::Logging::HAProxy: docker/services/logging/files/haproxy.yaml diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml index 2648eb0355..8ed2694c15 100644 --- a/roles/Undercloud.yaml +++ b/roles/Undercloud.yaml @@ -58,6 +58,7 @@ - OS::TripleO::Services::SwiftProxy - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Tmpwatch - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Tuned - OS::TripleO::Services::UndercloudAodhApi diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml index b2fd7aab5c..fc0e290591 100644 --- a/roles_data_undercloud.yaml +++ b/roles_data_undercloud.yaml @@ -61,6 +61,7 @@ - OS::TripleO::Services::SwiftProxy - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Tmpwatch - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Tuned - OS::TripleO::Services::UndercloudAodhApi