From 836705161cfdd847c4ef0ff37f0e5708b520e763 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= Date: Thu, 7 Mar 2019 09:44:29 +0100 Subject: [PATCH] Install and configure tmpwatch for log cleanup Installing and configuring tmpwatch allows to get rid of some ugly things in logrotate configuration. As the container has no network access anymore, we have to install the tool on the host directly - this isn't that bad. In order to avoid issues with logrotate manage logs, we explicitely exclude patterns manage in the specific logorate configuration. Also, always in order to avoid issues and ensure logrotate does its own cleanup, we clean files one day later. Change-Id: Ic666388d9ba7556e7b68ab2fc1082957a9e26552 --- .../logrotate-crond-container-puppet.yaml | 18 ++++++++ deployment/logrotate/tmpwatch-install.yaml | 44 +++++++++++++++++++ environments/standalone.yaml | 1 + .../standalone/standalone-tripleo.yaml | 1 + environments/undercloud.yaml | 1 + overcloud-resource-registry-puppet.j2.yaml | 1 + roles/Standalone.yaml | 1 + roles/Undercloud.yaml | 1 + roles_data_undercloud.yaml | 1 + sample-env-generator/standalone.yaml | 3 ++ 10 files changed, 72 insertions(+) create mode 100644 deployment/logrotate/tmpwatch-install.yaml diff --git a/deployment/logrotate/logrotate-crond-container-puppet.yaml b/deployment/logrotate/logrotate-crond-container-puppet.yaml index ded049527e..2db870ff7d 100644 --- a/deployment/logrotate/logrotate-crond-container-puppet.yaml +++ b/deployment/logrotate/logrotate-crond-container-puppet.yaml @@ -69,6 +69,24 @@ outputs: tripleo::profile::base::logging::logrotate::rotation: {get_param: LogrotateRotationInterval} tripleo::profile::base::logging::logrotate::rotate: {get_param: LogrotateRotate} tripleo::profile::base::logging::logrotate::purge_after_days: {get_param: LogrotatePurgeAfterDays} + deploy_steps_tasks: + - name: configure tmpwatch on the host + when: step|int == 2 + copy: + dest: /etc/cron.daily/containers-tmpwatch + owner: root + group: root + mode: 0755 + content: | + #!/bin/sh + tmpwatch --nodirs \ + -X "/var/log/containers/*/*log" \ + -X "/var/log/containers/*/*/*log" \ + -X "/var/log/containers/*/*err" \ + {{ LogrotatePurgeAfterDays|int +1 }} \ + /var/log/containers/ 2>&1 | logger -t container-tmpwatch + vars: + LogrotatePurgeAfterDays: {get_param: LogrotatePurgeAfterDays} # BEGIN DOCKER SETTINGS puppet_config: config_volume: crond diff --git a/deployment/logrotate/tmpwatch-install.yaml b/deployment/logrotate/tmpwatch-install.yaml new file mode 100644 index 0000000000..97ada068e8 --- /dev/null +++ b/deployment/logrotate/tmpwatch-install.yaml @@ -0,0 +1,44 @@ +heat_template_version: rocky + +description: > + Install tmpwatch on the undercloud/standalone + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +outputs: + role_data: + description: Role data for tmpwatch install on undercloud or standalone + value: + service_name: logrotate_tmpwatch + deploy_steps_tasks: + - name: install tmpwatch on the host + when: step|int == 1 + package: + name: tmpwatch + state: installed diff --git a/environments/standalone.yaml b/environments/standalone.yaml index 95c3016869..df13c6757f 100644 --- a/environments/standalone.yaml +++ b/environments/standalone.yaml @@ -1,6 +1,7 @@ # DEPRECATED. # This file has been replaced with environments/standalone/standalone-tripleo.yaml resource_registry: + OS::TripleO::Services::Tmpwatch: ../deployment/logrotate/tmpwatch-install.yaml OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/noop.yaml OS::TripleO::Network::Ports::ControlPlaneVipPort: ../deployed-server/deployed-neutron-port.yaml OS::TripleO::Standalone::Net::SoftwareConfig: ../net-config-standalone.yaml diff --git a/environments/standalone/standalone-tripleo.yaml b/environments/standalone/standalone-tripleo.yaml index 7f0d33bb6d..31b6646b50 100644 --- a/environments/standalone/standalone-tripleo.yaml +++ b/environments/standalone/standalone-tripleo.yaml @@ -120,5 +120,6 @@ resource_registry: OS::TripleO::Services::SaharaApi: OS::Heat::None OS::TripleO::Services::SaharaEngine: OS::Heat::None OS::TripleO::Services::Tacker: OS::Heat::None + OS::TripleO::Services::Tmpwatch: ../../deployment/logrotate/tmpwatch-install.yaml OS::TripleO::Services::Zaqar: OS::Heat::None OS::TripleO::Standalone::Net::SoftwareConfig: ../../net-config-standalone.yaml diff --git a/environments/undercloud.yaml b/environments/undercloud.yaml index 2fea4b2b19..bab3c59b26 100644 --- a/environments/undercloud.yaml +++ b/environments/undercloud.yaml @@ -1,4 +1,5 @@ resource_registry: + OS::TripleO::Services::Tmpwatch: ../deployment/logrotate/tmpwatch-install.yaml OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/noop.yaml OS::TripleO::Network::Ports::ControlPlaneVipPort: ../deployed-server/deployed-neutron-port.yaml OS::TripleO::Undercloud::Net::SoftwareConfig: ../net-config-undercloud.yaml diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index d9ef50d8ad..90f4511883 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -336,6 +336,7 @@ resource_registry: OS::TripleO::Services::Multipathd: deployment/multipathd/multipathd-container.yaml # Logging + OS::TripleO::Services::Tmpwatch: OS::Heat::None OS::TripleO::Services::Logging::BarbicanApi: docker/services/logging/files/barbican-api.yaml OS::TripleO::Services::Logging::GlanceApi: deployment/glance/glance-api-logging-file-container.yaml OS::TripleO::Services::Logging::HAProxy: docker/services/logging/files/haproxy.yaml diff --git a/roles/Standalone.yaml b/roles/Standalone.yaml index 293975f136..7b899f076b 100644 --- a/roles/Standalone.yaml +++ b/roles/Standalone.yaml @@ -174,6 +174,7 @@ - OS::TripleO::Services::Tacker - OS::TripleO::Services::Timesync - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Tmpwatch - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Tuned diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml index 8eb74ebc4d..cc2498aaac 100644 --- a/roles/Undercloud.yaml +++ b/roles/Undercloud.yaml @@ -89,6 +89,7 @@ - OS::TripleO::Services::Tempest - OS::TripleO::Services::Timesync - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Tmpwatch - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoUI - OS::TripleO::Services::Tuned diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml index f667d28876..52e3895e42 100644 --- a/roles_data_undercloud.yaml +++ b/roles_data_undercloud.yaml @@ -92,6 +92,7 @@ - OS::TripleO::Services::Tempest - OS::TripleO::Services::Timesync - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Tmpwatch - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoUI - OS::TripleO::Services::Tuned diff --git a/sample-env-generator/standalone.yaml b/sample-env-generator/standalone.yaml index 93982c8d43..950d1c067b 100644 --- a/sample-env-generator/standalone.yaml +++ b/sample-env-generator/standalone.yaml @@ -75,6 +75,9 @@ environments: OS::TripleO::Services::Podman: ../../deployment/podman/podman-baremetal-ansible.yaml OS::TripleO::Services::DockerRegistry: ../../deployment/image-serve/image-serve-baremetal-ansible.yaml + # Install tmpwatch + OS::TripleO::Services::Tmpwatch: ../../deployment/logrotate/tmpwatch-install.yaml + # Disable non-openstack services that are enabled by default OS::TripleO::Services::HAproxy: OS::Heat::None OS::TripleO::Services::Keepalived: OS::Heat::None