How should Admin Console log ansible runs? #3180
Comments
|
What is the standard iiab log? Note |
|
I didn't realize runrole had a different log than iiab-install. In any event I am asking for iiab-install's log. The export variable takes precedence over the config file, so there will be no conflict with current scripts. I am unable to set the env variable. |
Why is that out of curiosity?
Good point. Some might argue that ~4 log files is too many. On the other hand, mashing everything together into 1 single log file (e.g. /opt/iiab/iiab/iiab-install.log) is a bit much. Certainly this would makes iiab-diagnostics output less meaningful, as iiab-diagnostics takes the last 100 lines of each of these log files. Ref: |
|
log_path=/var/log/iiab-ansible.log maybe as the fallback? Just one more log file to check for. |
|
To test this I broke the link of /opt/admin/cmdsrv/ansible.cfg and provided a new file with the above included, works nicely. The path and log file name is up for debate as this would be shared with runroles if the change is made in iiab without breaking the link. |
|
We should think about Admin Console recording to a distinct log file separate from the initial install's |
A related issue was just solved thanks to @shanti-bhardwa and @tim-moody: The above question of keeping diagnostics clear, by using distinct log files (especially for iiab-diagnostics which communicates the final 100 lines of each log file) remains important. @jvonau also suggested using /var/log and logrotate, if it gets to the point where logs truly balloon in size. |
|
no longer needed |
|
Quickly discussed on this week's http://minutes.iiab.io call: iiab-diagnostics should offer context around what fails and why — in any file separate from Background: log file
We discussed trying to find a way to include I strongly recommend this info be logged to any other filename (e.g. something like @jvonau recommends this be saved to |
|
These logs are not for the benefit of Admin Console, so I guess I don't really care where they are. In terms of /var/log I would keep them all together. Ansible writes to the log, so any rotation would have to be configured there and I don't know how. I can offer the following:
we can turn on logging to the file declared in /opt/admin/cmdsrv/ansible.cfg I think I can suppress logging of the setup -m to about 200 chars. This will still happen every time cmdsrv starts. |
Should iiab-diagnostics include that output?
Yes. Quick solution would be to save to /opt/iiab/iiab/iiab-admin.log alongside the current log files there. And then perhaps move all of these to /var/log if ongoing disk bloat is a real issue, using logrotate or similar? So far disk bloat from a few MB of IIAB log files is not an issue on today's massive disks & SD cards. But that could hypothetically change if we throw a lot more into log files on an ongoing basis?
@jvonau does that make sense? Or do you have another recommendation? |
it occurred to me that the 200 chars can go to a separate log file in /tmp, since no one will be interested in it. |
Why? The existing log files are generated with a process started by human intervention. During the initial install iiab-install.log is usually only written to one time. The proposed admin-console/cmdserv logging is tied to a daemon that will be running and modifying the install an unknown number of times and for a unknown length of service.
Drop a file into /etc/logrotate.d/ describing the actions needed.
That would be a bonus, the main issue was the logging would go to the same log file for all ansible calls from cmdsrv. All the logging in iiab uses 'ANSIBLE_LOG_PATH=' perhaps iiab-cmdsrv.service might be able to add |
|
yes. I discovered that if I suppress the logging the output has that suppression message, so the only way to suppress and get the ansible variables is to write to a throw away file in /tmp.
I don't notice any for the logs in /opt/iiab/iiab
apart from the cmdsrv init, I'm not clear why that would be more than the other iiab logs or why install and reinstall are somehow two different things. iiab-diags get clogged with stale data. Installing services with cmdsrv is a different flow than with a script, but I wouldn't expect it to be more frequent. To be clear, cmdsrv already logs. The only change requested is to satisfy the needs of iiab-diags, in which btw, 10K chars is a trifle. In any event, if the noted changes are desired I will make them. |
Each line may be only 10 KB, but these add up fast if an Admin Console implementer/operator initiates a lot of Ansible actions presumably? The human intervention point is a good one, as these moments will (generally) correspond with the most useful diagnostics. Question for Everyone: do any of those 10KB lines contain info of real diagnostic value? (I'm assuming not much of value there, but perhaps that's not the full truth??)
Sounds very reasonable to me. Let's go with this now, if possible. If /etc/logrotate.d etc are later needed to face overwhelming bloat, that's fine too. |
|
I haven't tried it, but fyi @tim-moody's PR looks great here: |
tim-moody
changed the title
Looks like an excellent idea. This needs to be added to iiab-diagnostics, as we just discussed on the weekly community call. |
|
Even better idea now that @tim-moody has redacted logging of passwords etc — great catch: |
This will cause ansible to log to the standard iiab log even when run from Admin Console.
The text was updated successfully, but these errors were encountered: