heat_template_version: wallaby description: > Containerized logrotate with crond for containerized service logs rotation parameters: ContainerCrondImage: description: image type: string tags: - role_specific ContainerCrondConfigImage: description: The container image to use for the crond config_volume type: string tags: - role_specific EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. Use parameter_merge_strategies to merge it with the defaults. type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json LogrotateMaxsize: description: Configures the maxsize param for containerized logrotate. type: string default: '10M' LogrotateRotationInterval: description: Configures rotation interval for containerized logrotate. type: string default: 'daily' constraints: - allowed_values: [ 'hourly', 'daily', 'weekly', 'monthly' ] LogrotateRotate: description: Configures the rotate param for containerized logrotate. type: string default: '14' LogrotatePurgeAfterDays: description: Enforces life time (days) of rotated and compressed files. type: string default: '14' LogrotateDateExt: description: Enable/disable dateext parameter. type: boolean default: false LogrotateDateFormat: description: Configures dateformat strings for containerized logrotate. This is valid when LogrotateDateExt is true. The allowed specifiers are only %Y %m %d %H %M %S %V and %s. type: string default: '-%Y%m%d' constraints: - allowed_pattern: '-(%[YmdHMSVs])+$' LogrotateDateYesterday: description: Configures dateyesterday parameter for containerized logrotate. This is valid when LogrotateDateExt is true. type: boolean default: false resources: ContainersCommon: type: ../containers-common.yaml RoleParametersValue: type: OS::Heat::Value properties: type: json value: map_replace: - map_replace: - ContainerCrondImage: ContainerCrondImage ContainerCrondConfigImage: ContainerCrondConfigImage - values: {get_param: [RoleParameters]} - values: ContainerCrondImage: {get_param: ContainerCrondImage} ContainerCrondConfigImage: {get_param: ContainerCrondConfigImage} outputs: role_data: description: Role data for the crond role. value: service_name: logrotate_crond config_settings: map_merge: - tripleo::profile::base::logging::logrotate::maxsize: {get_param: LogrotateMaxsize} tripleo::profile::base::logging::logrotate::rotation: {get_param: LogrotateRotationInterval} tripleo::profile::base::logging::logrotate::rotate: {get_param: LogrotateRotate} tripleo::profile::base::logging::logrotate::purge_after_days: {get_param: LogrotatePurgeAfterDays} tripleo::profile::base::logging::logrotate::dateext: {get_param: LogrotateDateExt} - if: - {get_param: LogrotateDateExt} - tripleo::profile::base::logging::logrotate::dateformat: {get_param: LogrotateDateFormat} tripleo::profile::base::logging::logrotate::dateyesterday: {get_param: LogrotateDateYesterday} host_prep_tasks: - name: allow logrotate to read inside containers seboolean: name: logrotate_read_inside_containers persistent: true state: true when: - ansible_facts.selinux is defined - ansible_facts.selinux.status == "enabled" deploy_steps_tasks: - name: configure tmpwatch on the host when: step|int == 2 block: - name: Push script copy: dest: /usr/local/sbin/containers-tmpwatch owner: root group: root mode: 0755 content: | #!/bin/sh tmpwatch --nodirs \ -X "/var/log/containers/*/*log" \ -X "/var/log/containers/*/*/*log" \ -X "/var/log/containers/*/*err" \ {{ LogrotatePurgeAfterDays|int +1 }}d \ /var/log/containers/ 2>&1 | logger -t container-tmpwatch vars: LogrotatePurgeAfterDays: {get_param: LogrotatePurgeAfterDays} - name: Insert cronjob in root crontab cron: name: "Remove old logs" special_time: "daily" user: "root" job: "/usr/local/sbin/containers-tmpwatch" update_tasks: &tmpwatch_script_clean - name: Ensure old cron.daily is absent when: step|int == 1 file: path: /etc/cron.daily/containers-tmpwatch state: absent upgrade_tasks: *tmpwatch_script_clean # BEGIN DOCKER SETTINGS puppet_config: config_volume: crond step_config: 'include tripleo::profile::base::logging::logrotate' config_image: {get_attr: [RoleParametersValue, value, ContainerCrondConfigImage]} kolla_config: /var/lib/kolla/config_files/logrotate-crond.json: command: /usr/sbin/crond -s -n config_files: - source: "/var/lib/kolla/config_files/src/*" dest: "/" merge: true preserve_properties: true docker_config: step_4: logrotate_crond: image: {get_attr: [RoleParametersValue, value, ContainerCrondImage]} net: none pid: host privileged: true user: root restart: always healthcheck: test: '/usr/share/openstack-tripleo-common/healthcheck/cron' volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/logrotate-crond.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/crond:/var/lib/kolla/config_files/src:ro - /var/log/containers:/var/log/containers:z environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS external_upgrade_tasks: - when: - step|int == 1 tags: - never - system_upgrade_transfer_data - system_upgrade_stop_services block: - name: Stop logrotate container import_role: name: tripleo_container_stop vars: tripleo_containers_to_stop: - logrotate_crond tripleo_delegate_to: "{{ groups['logrotate_crond'] | default([]) }}"