Skip to content
Permalink
Browse files

Install and configure tmpwatch for log cleanup

Installing and configuring tmpwatch allows to get rid of some
ugly things in logrotate configuration. As the container has no
network access anymore, we have to install the tool on the host
directly - this isn't that bad.

In order to avoid issues with logrotate manage logs, we explicitely
exclude patterns manage in the specific logorate configuration.

Also, always in order to avoid issues and ensure logrotate does its
own cleanup, we clean files one day later.

Change-Id: Ic666388d9ba7556e7b68ab2fc1082957a9e26552
  • Loading branch information...
cjeanner committed Mar 7, 2019
1 parent 47c6bc6 commit 836705161cfdd847c4ef0ff37f0e5708b520e763
@@ -69,6 +69,24 @@ outputs:
tripleo::profile::base::logging::logrotate::rotation: {get_param: LogrotateRotationInterval}
tripleo::profile::base::logging::logrotate::rotate: {get_param: LogrotateRotate}
tripleo::profile::base::logging::logrotate::purge_after_days: {get_param: LogrotatePurgeAfterDays}
deploy_steps_tasks:
- name: configure tmpwatch on the host
when: step|int == 2
copy:
dest: /etc/cron.daily/containers-tmpwatch
owner: root
group: root
mode: 0755
content: |
#!/bin/sh
tmpwatch --nodirs \
-X "/var/log/containers/*/*log" \
-X "/var/log/containers/*/*/*log" \
-X "/var/log/containers/*/*err" \
{{ LogrotatePurgeAfterDays|int +1 }} \
/var/log/containers/ 2>&1 | logger -t container-tmpwatch
vars:
LogrotatePurgeAfterDays: {get_param: LogrotatePurgeAfterDays}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: crond
@@ -0,0 +1,44 @@
heat_template_version: rocky

description: >
Install tmpwatch on the undercloud/standalone
parameters:
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json

outputs:
role_data:
description: Role data for tmpwatch install on undercloud or standalone
value:
service_name: logrotate_tmpwatch
deploy_steps_tasks:
- name: install tmpwatch on the host
when: step|int == 1
package:
name: tmpwatch
state: installed
@@ -1,6 +1,7 @@
# DEPRECATED.
# This file has been replaced with environments/standalone/standalone-tripleo.yaml
resource_registry:
OS::TripleO::Services::Tmpwatch: ../deployment/logrotate/tmpwatch-install.yaml
OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/noop.yaml
OS::TripleO::Network::Ports::ControlPlaneVipPort: ../deployed-server/deployed-neutron-port.yaml
OS::TripleO::Standalone::Net::SoftwareConfig: ../net-config-standalone.yaml
@@ -120,5 +120,6 @@ resource_registry:
OS::TripleO::Services::SaharaApi: OS::Heat::None
OS::TripleO::Services::SaharaEngine: OS::Heat::None
OS::TripleO::Services::Tacker: OS::Heat::None
OS::TripleO::Services::Tmpwatch: ../../deployment/logrotate/tmpwatch-install.yaml
OS::TripleO::Services::Zaqar: OS::Heat::None
OS::TripleO::Standalone::Net::SoftwareConfig: ../../net-config-standalone.yaml
@@ -1,4 +1,5 @@
resource_registry:
OS::TripleO::Services::Tmpwatch: ../deployment/logrotate/tmpwatch-install.yaml
OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/noop.yaml
OS::TripleO::Network::Ports::ControlPlaneVipPort: ../deployed-server/deployed-neutron-port.yaml
OS::TripleO::Undercloud::Net::SoftwareConfig: ../net-config-undercloud.yaml
@@ -336,6 +336,7 @@ resource_registry:
OS::TripleO::Services::Multipathd: deployment/multipathd/multipathd-container.yaml

# Logging
OS::TripleO::Services::Tmpwatch: OS::Heat::None
OS::TripleO::Services::Logging::BarbicanApi: docker/services/logging/files/barbican-api.yaml
OS::TripleO::Services::Logging::GlanceApi: deployment/glance/glance-api-logging-file-container.yaml
OS::TripleO::Services::Logging::HAProxy: docker/services/logging/files/haproxy.yaml
@@ -174,6 +174,7 @@
- OS::TripleO::Services::Tacker
- OS::TripleO::Services::Timesync
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::Tmpwatch
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Tuned
@@ -89,6 +89,7 @@
- OS::TripleO::Services::Tempest
- OS::TripleO::Services::Timesync
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::Tmpwatch
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::TripleoUI
- OS::TripleO::Services::Tuned
@@ -92,6 +92,7 @@
- OS::TripleO::Services::Tempest
- OS::TripleO::Services::Timesync
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::Tmpwatch
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::TripleoUI
- OS::TripleO::Services::Tuned
@@ -75,6 +75,9 @@ environments:
OS::TripleO::Services::Podman: ../../deployment/podman/podman-baremetal-ansible.yaml
OS::TripleO::Services::DockerRegistry: ../../deployment/image-serve/image-serve-baremetal-ansible.yaml

# Install tmpwatch
OS::TripleO::Services::Tmpwatch: ../../deployment/logrotate/tmpwatch-install.yaml

# Disable non-openstack services that are enabled by default
OS::TripleO::Services::HAproxy: OS::Heat::None
OS::TripleO::Services::Keepalived: OS::Heat::None

0 comments on commit 8367051

Please sign in to comment.
You can’t perform that action at this time.