openstack/tripleo-heat-templates
Code Issues Proposed changes
0c0b82b908
tripleo-heat-templates/docker/services/logrotate-crond.yaml
Bogdan Dobrelya 62cdc3949f Allow custom time constraints to rotate logs 
Time based constraints must prevail over size et al
constraints applied for logs of containerized services.
Time based constraints are needed in order to abide
GDPR requirements.

Depending on FS type, Linux may not allow system operators
to access files creation time attribute (see the Birth
attribute shown as '-' by the stat -c %w command).
This is work-arouned by alternative strict time-based rules
defined in the postrotate script, which purges files in
/var/log/containers and ensures GDPR compliant system
configuration, limited to the containerized services logs.

Extended management of life time of journald and /var/log
files residing on bare metal hosts, should be done in
follow up patches.

Partial-bug: #1771543

Change-Id: I6f2f98aba103f83a4f64a435077f4de33f9692c0
Depends-On: Id8e4717a5ecda53bc9cd39f1c2efaa80b56bd45e
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-05-17 17:43:28 +02:00

104 lines
3.4 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
Containerized logrotate with crond for containerized service logs rotation
parameters:
DockerCrondImage:
description: image
type: string
DockerCrondConfigImage:
description: The container image to use for the crond config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
LogrotateMaxsize:
description: Configures tme maxsize param for containerized logrotate.
type: string
default: '10M'
LogrotateRotationInterval:
description: Configures rotation interval for containerized logrotate.
type: string
default: 'daily'
constraints:
- allowed_values: [ 'daily', 'weekly', 'monthly' ]
LogrotateRotate:
description: Configures the rotate param for containerized logrotate.
type: string
default: '14'
LogrotatePurgeAfterDays:
description: Enforces life time (days) of rotated and compressed files.
type: string
default: '14'
resources:
ContainersCommon:
type: ./containers-common.yaml
outputs:
role_data:
description: Role data for the crond role.
value:
service_name: logrotate_crond
config_settings:
tripleo::profile::base::logging::logrotate::maxsize: {get_param: LogrotateMaxsize}
tripleo::profile::base::logging::logrotate::rotation: {get_param: LogrotateRotationInterval}
tripleo::profile::base::logging::logrotate::rotate: {get_param: LogrotateRotate}
tripleo::profile::base::logging::logrotate::purge_after_days: {get_param: LogrotatePurgeAfterDays}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: crond
step_config: 'include ::tripleo::profile::base::logging::logrotate'
config_image: {get_param: DockerCrondConfigImage}
kolla_config:
/var/lib/kolla/config_files/logrotate-crond.json:
command: /usr/sbin/crond -s -n
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
step_4:
logrotate_crond:
image: {get_param: DockerCrondImage}
net: none
pid: host
privileged: true
user: root
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/logrotate-crond.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/crond/:/var/lib/kolla/config_files/src:ro
- /var/log/containers:/var/log/containers
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
View Git Blame Copy Permalink