openstack/tripleo-heat-templates
Code Issues Proposed changes
b580f223ed
tripleo-heat-templates/deployment/logrotate/logrotate-crond-container-puppet.yaml
Kevin Carter 7e8d88afa5
Allow deployments to run when selinux is disabled 
This change will allow the generated playbooks to run when selinux is
disabled. Presently the seboolean module will fail when a systems has
selinux disabled. While selinux could be set permissive to avoid an
error, the disabled setting is a valid configuration and should be
respected.

> seboolean will now only run when selinux is enabled.

Change-Id: Ifd31adcf27902a8a77de9c68482306ec9da6d250
Signed-off-by: Kevin Carter <kecarter@redhat.com>
2022-02-10 09:05:20 -06:00

199 lines
7.2 KiB
YAML
Raw Blame History

heat_template_version: wallaby
description: >
Containerized logrotate with crond for containerized service logs rotation
parameters:
ContainerCrondImage:
description: image
type: string
tags:
- role_specific
ContainerCrondConfigImage:
description: The container image to use for the crond config_volume
type: string
tags:
- role_specific
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. Use
parameter_merge_strategies to merge it with the defaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
LogrotateMaxsize:
description: Configures the maxsize param for containerized logrotate.
type: string
default: '10M'
LogrotateRotationInterval:
description: Configures rotation interval for containerized logrotate.
type: string
default: 'daily'
constraints:
- allowed_values: [ 'hourly', 'daily', 'weekly', 'monthly' ]
LogrotateRotate:
description: Configures the rotate param for containerized logrotate.
type: string
default: '14'
LogrotatePurgeAfterDays:
description: Enforces life time (days) of rotated and compressed files.
type: string
default: '14'
LogrotateDateExt:
description: Enable/disable dateext parameter.
type: boolean
default: false
LogrotateDateFormat:
description: Configures dateformat strings for containerized logrotate.
This is valid when LogrotateDateExt is true.
The allowed specifiers are only %Y %m %d %H %M %S %V and %s.
type: string
default: '-%Y%m%d'
constraints:
- allowed_pattern: '-(%[YmdHMSVs])+$'
LogrotateDateYesterday:
description: Configures dateyesterday paramter for containerized logrotate.
This is valid when LogrotateDateExt is true.
type: boolean
default: false
resources:
ContainersCommon:
type: ../containers-common.yaml
RoleParametersValue:
type: OS::Heat::Value
properties:
type: json
value:
map_replace:
- map_replace:
- ContainerCrondImage: ContainerCrondImage
ContainerCrondConfigImage: ContainerCrondConfigImage
- values: {get_param: [RoleParameters]}
- values:
ContainerCrondImage: {get_param: ContainerCrondImage}
ContainerCrondConfigImage: {get_param: ContainerCrondConfigImage}
outputs:
role_data:
description: Role data for the crond role.
value:
service_name: logrotate_crond
config_settings:
map_merge:
- tripleo::profile::base::logging::logrotate::maxsize: {get_param: LogrotateMaxsize}
tripleo::profile::base::logging::logrotate::rotation: {get_param: LogrotateRotationInterval}
tripleo::profile::base::logging::logrotate::rotate: {get_param: LogrotateRotate}
tripleo::profile::base::logging::logrotate::purge_after_days: {get_param: LogrotatePurgeAfterDays}
tripleo::profile::base::logging::logrotate::dateext: {get_param: LogrotateDateExt}
- if:
- {get_param: LogrotateDateExt}
- tripleo::profile::base::logging::logrotate::dateformat: {get_param: LogrotateDateFormat}
tripleo::profile::base::logging::logrotate::dateyesterday: {get_param: LogrotateDateYesterday}
host_prep_tasks:
- name: allow logrotate to read inside containers
seboolean:
name: logrotate_read_inside_containers
persistent: true
state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
deploy_steps_tasks:
- name: configure tmpwatch on the host
when: step|int == 2
block:
- name: Push script
copy:
dest: /usr/local/sbin/containers-tmpwatch
owner: root
group: root
mode: 0755
content: |
#!/bin/sh
tmpwatch --nodirs \
-X "/var/log/containers/*/*log" \
-X "/var/log/containers/*/*/*log" \
-X "/var/log/containers/*/*err" \
{{ LogrotatePurgeAfterDays|int +1 }}d \
/var/log/containers/ 2>&1 | logger -t container-tmpwatch
vars:
LogrotatePurgeAfterDays: {get_param: LogrotatePurgeAfterDays}
- name: Insert cronjob in root crontab
cron:
name: "Remove old logs"
special_time: "daily"
user: "root"
job: "/usr/local/sbin/containers-tmpwatch"
update_tasks: &tmpwatch_script_clean
- name: Ensure old cron.daily is absent
when: step|int == 1
file:
path: /etc/cron.daily/containers-tmpwatch
state: absent
upgrade_tasks: *tmpwatch_script_clean
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: crond
step_config: 'include tripleo::profile::base::logging::logrotate'
config_image: {get_attr: [RoleParametersValue, value, ContainerCrondConfigImage]}
kolla_config:
/var/lib/kolla/config_files/logrotate-crond.json:
command: /usr/sbin/crond -s -n
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
step_4:
logrotate_crond:
image: {get_attr: [RoleParametersValue, value, ContainerCrondImage]}
net: none
pid: host
privileged: true
user: root
restart: always
healthcheck:
test: '/usr/share/openstack-tripleo-common/healthcheck/cron'
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- - /var/lib/kolla/config_files/logrotate-crond.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/crond:/var/lib/kolla/config_files/src:ro
- /var/log/containers:/var/log/containers:z
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
external_upgrade_tasks:
- when:
- step|int == 1
tags:
- never
- system_upgrade_transfer_data
- system_upgrade_stop_services
block:
- name: Stop logrotate container
import_role:
name: tripleo_container_stop
vars:
tripleo_containers_to_stop:
- logrotate_crond
tripleo_delegate_to: "{{ groups['logrotate_crond'] | default([]) }}"
View Git Blame Copy Permalink