[Queens-only] Install and configure tmpwatch for log cleanup

Installing and configuring tmpwatch allows to get rid of some
ugly things in logrotate configuration. As the container has no
network access anymore, we have to install the tool on the host
directly - this isn't that bad.

In order to avoid issues with logrotate manage logs, we explicitely
exclude patterns manage in the specific logorate configuration.

Also, always in order to avoid issues and ensure logrotate does its
own cleanup, we clean files one day later.

Note: this patch is the port of [1].
We can't really cherry-pick things since we have to correct the
heat_template_version value, and config-download not really supported,
meaning we can't use the "deploy_steps_tasks" as is.

[1] https://review.openstack.org/645183

Related-Bug: https://bugs.launchpad.net/tripleo/+bug/1821852
Change-Id: I5c59f337f2a62bc44e459f13de9bab6b4ab1a9f5
(cherry picked from commit 9e37ce9ab6)
This commit is contained in:
Cédric Jeanneret 2019-03-07 09:44:29 +01:00
parent cdfe53f691
commit 48b277cdc9
6 changed files with 64 additions and 0 deletions

View File

@ -70,6 +70,23 @@ outputs:
tripleo::profile::base::logging::logrotate::rotation: {get_param: LogrotateRotationInterval} tripleo::profile::base::logging::logrotate::rotation: {get_param: LogrotateRotationInterval}
tripleo::profile::base::logging::logrotate::rotate: {get_param: LogrotateRotate} tripleo::profile::base::logging::logrotate::rotate: {get_param: LogrotateRotate}
tripleo::profile::base::logging::logrotate::purge_after_days: {get_param: LogrotatePurgeAfterDays} tripleo::profile::base::logging::logrotate::purge_after_days: {get_param: LogrotatePurgeAfterDays}
host_prep_tasks:
- name: configure tmpwatch on the host
copy:
dest: /etc/cron.daily/containers-tmpwatch
owner: root
group: root
mode: 0755
content: |
#!/bin/sh
tmpwatch --nodirs \
-X "/var/log/containers/*/*log" \
-X "/var/log/containers/*/*/*log" \
-X "/var/log/containers/*/*err" \
{{ LogrotatePurgeAfterDays|int +1 }} \
/var/log/containers/ 2>&1 | logger -t container-tmpwatch
vars:
LogrotatePurgeAfterDays: {get_param: LogrotatePurgeAfterDays}
# BEGIN DOCKER SETTINGS # BEGIN DOCKER SETTINGS
puppet_config: puppet_config:
config_volume: crond config_volume: crond

View File

@ -1,4 +1,5 @@
resource_registry: resource_registry:
OS::TripleO::Services::Tmpwatch: ../extraconfig/services/tmpwatch-install.yaml
OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/noop.yaml OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/noop.yaml
OS::TripleO::Network::Ports::ControlPlaneVipPort: ../deployed-server/deployed-neutron-port.yaml OS::TripleO::Network::Ports::ControlPlaneVipPort: ../deployed-server/deployed-neutron-port.yaml
OS::TripleO::Undercloud::Net::SoftwareConfig: ../net-config-undercloud.yaml OS::TripleO::Undercloud::Net::SoftwareConfig: ../net-config-undercloud.yaml

View File

@ -0,0 +1,43 @@
heat_template_version: queens
description: >
Install tmpwatch on the undercloud/standalone
parameters:
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
outputs:
role_data:
description: Role data for tmpwatch install on undercloud or standalone
value:
service_name: logrotate_tmpwatch
host_prep_tasks:
- name: install tmpwatch on the host
package:
name: tmpwatch
state: installed

View File

@ -344,6 +344,7 @@ resource_registry:
OS::TripleO::Services::Multipathd: docker/services/multipathd.yaml OS::TripleO::Services::Multipathd: docker/services/multipathd.yaml
# Logging # Logging
OS::TripleO::Services::Tmpwatch: OS::Heat::None
OS::TripleO::Services::Logging::BarbicanApi: docker/services/logging/files/barbican-api.yaml OS::TripleO::Services::Logging::BarbicanApi: docker/services/logging/files/barbican-api.yaml
OS::TripleO::Services::Logging::GlanceApi: docker/services/logging/files/glance-api.yaml OS::TripleO::Services::Logging::GlanceApi: docker/services/logging/files/glance-api.yaml
OS::TripleO::Services::Logging::HAProxy: docker/services/logging/files/haproxy.yaml OS::TripleO::Services::Logging::HAProxy: docker/services/logging/files/haproxy.yaml

View File

@ -58,6 +58,7 @@
- OS::TripleO::Services::SwiftProxy - OS::TripleO::Services::SwiftProxy
- OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::Tmpwatch
- OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Tuned - OS::TripleO::Services::Tuned
- OS::TripleO::Services::UndercloudAodhApi - OS::TripleO::Services::UndercloudAodhApi

View File

@ -61,6 +61,7 @@
- OS::TripleO::Services::SwiftProxy - OS::TripleO::Services::SwiftProxy
- OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::Tmpwatch
- OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Tuned - OS::TripleO::Services::Tuned
- OS::TripleO::Services::UndercloudAodhApi - OS::TripleO::Services::UndercloudAodhApi