[Rocky-only] Install and configure tmpwatch for log cleanup

Installing and configuring tmpwatch allows to get rid of some ugly things in logrotate configuration. As the container has no network access anymore, we have to install the tool on the host directly - this isn't that bad. In order to avoid issues with logrotate manage logs, we explicitely exclude patterns manage in the specific logorate configuration. Also, always in order to avoid issues and ensure logrotate does its own cleanup, we clean files one day later. Note: this patch is the port of [1], without the "deployment" directory. We can't really cherry-pick things since the tree is modified in master. [1] https://review.openstack.org/641608 Change-Id: I5c59f337f2a62bc44e459f13de9bab6b4ab1a9f5
2019-03-07 09:44:29 +01:00 · 2019-03-07 09:44:29 +01:00 · 9e37ce9ab6
parent 8b49052e3f
commit 9e37ce9ab6
10 changed files with 72 additions and 0 deletions
--- a/docker/services/logrotate-crond.yaml
+++ b/docker/services/logrotate-crond.yaml
@ -70,6 +70,24 @@ outputs:
        tripleo::profile::base::logging::logrotate::rotation: {get_param: LogrotateRotationInterval}
        tripleo::profile::base::logging::logrotate::rotate: {get_param: LogrotateRotate}
        tripleo::profile::base::logging::logrotate::purge_after_days: {get_param: LogrotatePurgeAfterDays}
+      deploy_steps_tasks:
+        - name: configure tmpwatch on the host
+          when: step|int == 2
+          copy:
+            dest: /etc/cron.daily/containers-tmpwatch
+            owner: root
+            group: root
+            mode: 0755
+            content: |
+              #!/bin/sh
+              tmpwatch --nodirs \
+                -X "/var/log/containers/*/*log" \
+                -X "/var/log/containers/*/*/*log" \
+                -X "/var/log/containers/*/*err" \
+                {{ LogrotatePurgeAfterDays|int +1 }} \
+                /var/log/containers/ 2>&1 | logger -t container-tmpwatch
+          vars:
+             LogrotatePurgeAfterDays: {get_param: LogrotatePurgeAfterDays}
      # BEGIN DOCKER SETTINGS
      puppet_config:
        config_volume: crond
--- a/environments/standalone.yaml
+++ b/environments/standalone.yaml
@ -1,6 +1,7 @@
 # DEPRECATED.
 # This file has been replaced with environments/standalone/standalone-tripleo.yaml
 resource_registry:
+  OS::TripleO::Services::Tmpwatch: ../extraconfig/services/tmpwatch-install.yaml
  OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/noop.yaml
  OS::TripleO::Network::Ports::ControlPlaneVipPort: ../deployed-server/deployed-neutron-port.yaml
  OS::TripleO::Standalone::Net::SoftwareConfig: ../net-config-standalone.yaml
--- a/environments/standalone/standalone-tripleo.yaml
+++ b/environments/standalone/standalone-tripleo.yaml
@ -109,5 +109,6 @@ resource_registry:
  OS::TripleO::Services::SaharaApi: OS::Heat::None
  OS::TripleO::Services::SaharaEngine: OS::Heat::None
  OS::TripleO::Services::Tacker: OS::Heat::None
+  OS::TripleO::Services::Tmpwatch: ../../extraconfig/services/tmpwatch-install.yaml
  OS::TripleO::Services::Zaqar: OS::Heat::None
  OS::TripleO::Standalone::Net::SoftwareConfig: ../../net-config-standalone.yaml
--- a/environments/undercloud.yaml
+++ b/environments/undercloud.yaml
@ -3,6 +3,7 @@ parameter_merge_strategies:
  UndercloudExtraConfig: deep_merge

 resource_registry:
+  OS::TripleO::Services::Tmpwatch: ../extraconfig/services/tmpwatch-install.yaml
  OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/noop.yaml
  OS::TripleO::Network::Ports::ControlPlaneVipPort: ../deployed-server/deployed-neutron-port.yaml
  OS::TripleO::Undercloud::Net::SoftwareConfig: ../net-config-undercloud.yaml
--- a/extraconfig/services/tmpwatch-install.yaml
+++ b/extraconfig/services/tmpwatch-install.yaml
@ -0,0 +1,44 @@
+heat_template_version: rocky
+
+description: >
+  Install tmpwatch on the undercloud/standalone
+
+parameters:
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+outputs:
+  role_data:
+    description: Role data for tmpwatch install on undercloud or standalone
+    value:
+      service_name: logrotate_tmpwatch
+      deploy_steps_tasks:
+        - name: install tmpwatch on the host
+          when: step|int == 1
+          package:
+            name: tmpwatch
+            state: installed
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@ -333,6 +333,7 @@ resource_registry:
  OS::TripleO::Services::Multipathd: docker/services/multipathd.yaml

  # Logging
+  OS::TripleO::Services::Tmpwatch: OS::Heat::None
  OS::TripleO::Services::Logging::BarbicanApi: docker/services/logging/files/barbican-api.yaml
  OS::TripleO::Services::Logging::GlanceApi: docker/services/logging/files/glance-api.yaml
  OS::TripleO::Services::Logging::HAProxy: docker/services/logging/files/haproxy.yaml
--- a/roles/Standalone.yaml
+++ b/roles/Standalone.yaml
@ -181,6 +181,7 @@
    - OS::TripleO::Services::SwiftStorage
    - OS::TripleO::Services::Tacker
    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::Tmpwatch
    - OS::TripleO::Services::TripleoFirewall
    - OS::TripleO::Services::TripleoPackages
    - OS::TripleO::Services::Tuned
--- a/roles/Undercloud.yaml
+++ b/roles/Undercloud.yaml
@ -90,6 +90,7 @@
    - OS::TripleO::Services::SwiftRingBuilder
    - OS::TripleO::Services::SwiftStorage
    - OS::TripleO::Services::Tempest
+    - OS::TripleO::Services::Tmpwatch
    - OS::TripleO::Services::TripleoFirewall
    - OS::TripleO::Services::TripleoUI
    - OS::TripleO::Services::Tuned
--- a/roles_data_undercloud.yaml
+++ b/roles_data_undercloud.yaml
@ -93,6 +93,7 @@
    - OS::TripleO::Services::SwiftRingBuilder
    - OS::TripleO::Services::SwiftStorage
    - OS::TripleO::Services::Tempest
+    - OS::TripleO::Services::Tmpwatch
    - OS::TripleO::Services::TripleoFirewall
    - OS::TripleO::Services::TripleoUI
    - OS::TripleO::Services::Tuned
--- a/sample-env-generator/standalone.yaml
+++ b/sample-env-generator/standalone.yaml
@ -63,6 +63,9 @@ environments:
      OS::TripleO::Services::ContainerImagePrepare: ../../puppet/services/container-image-prepare.yaml
      OS::TripleO::Services::DockerRegistry: ../../puppet/services/docker-registry.yaml

+      # Install tmpwatch
+      OS::TripleO::Services::Tmpwatch: ../../extraconfig/services/tmpwatch-install.yaml
+
      # Disable non-openstack services that are enabled by default
      OS::TripleO::Services::HAproxy: OS::Heat::None
      OS::TripleO::Services::Keepalived: OS::Heat::None