Support hourly logrotate directory on EL9 again. #221
Conversation
traylenator
force-pushed
the
hour_systemd
branch
from
21b870c to
355f33a
Compare
When EL9 switched to using systemd (quite correctly ) in voxpupuli#216 support for a special directory for hourly logrotations was removed. Add that functionality back with a new unit and timer * `logrotate-hourly.service` * `logrotate-hourly.timer` While this could be achieved by reducing the period of existing timer to hourly I presume the motivation for this was to avoid processing all logrotate directives every hour.
traylenator
force-pushed
the
hour_systemd
branch
from
2045383 to
06b1bed
Compare
|
CentOS 8 tests are a timeout. |
| 'Description' => [ | ||
| '', | ||
| 'Extra timer to run hourly logrotates only', | ||
| ], |
There was a problem hiding this comment.
Would it be worth doing to make this timer also trigger logrotate.service by setting I believe Unit=logrotate.service? This way the hourly and regular OS services can't run at same time. If both timers use the same service, that ensures there would be no overlap of log rotation commands.
There was a problem hiding this comment.
Hi,
I don't think hourly and daily can call the same service. They have different exec lines as they operate on different config files.
As for the hourly and daily overlapping I can't immediately see why it would matter but if we could then yes makes sense to avoid it.
Quick search around systemd does not have anything obvious to mutex a couple of units.
Only suggestions I can see are an external flock around the logrotate command or use of some ExecCondition.
Should check if logrotate maintains it's own lock....
There was a problem hiding this comment.
Logrotate has a --wait-for-state-lock which sounds like the ticket.
- Need to check there's a timeout configured.
- Such a change is probably better as it's own MR since this applies to the cron variant the same.
There was a problem hiding this comment.
If that wait lock doesn't work it could be done with like ExecStartPre=/bin/touch /var/lock/logrotate and ExecStartPost=/bin/rm -f /var/lock/logrotate then have the units conditional on that path not existing. That wait for state lock sounds better though. A new PR for those changes sounds fine.
There was a problem hiding this comment.
flock is the way to do that - better to do that than maintain your own lock always with external commands. i.e
logrotate becomes `
/usr/bin/flock --wait 21600 /run/lock/logrotate.service /usr/bin/logrotate
this also solves the timeout problem since the waiting unit will enter a failed state after 6 hours which seems perfect.
Unfortuantly the --wait-for-state-lock in logrotate itself only arrived with 3.21.0 which is newer than EL9 has :-(
There was a problem hiding this comment.
/usr/bin/flock now added to mutex the two instances.
| file { "${logrotate::rules_configdir}/hourly": | ||
| ensure => $dir_ensure, | ||
| ensure => 'directory', |
There was a problem hiding this comment.
Why not allow this to be removed when hourly is ensure=absent?
There was a problem hiding this comment.
When which parameter is set not /set ?
$logrotate::manage_cron_hourlycontrols if the crons are managed.- $logrotate::manage_systemd_timer controls if the units should be managed
Just noticed this confusion in the class:
In logrotate::rule it includes logrotate::daily if and only if there is a rule which is hourly.
However there is also a contain in logrotate::init - that contain seems wrong to me. Should we be creating these units, crons and directories if there are no hourly rules.
In reference to the "${logrotate::rules_configdir}/hourly": I don't see how you can know up front that the directory need to be created or not - certainly not that it can be deleted.
I would remove that contain from manifests::init myself so for the default case the extra cron, timer and directory never get created.
There was a problem hiding this comment.
Looking at this ancient MR https://github.com/voxpupuli/puppet-logrotate/pull/174/files it looks to be quite deliberate
that the ${logrotate::rules_configdir}/hourly" is always created in all circumstances.
Either that should go or the one here in logrotate::rule
case $rotate_every {
'hour', 'hourly': {
include logrotate::hourly
$rule_path = "${logrotate::rules_configdir}/hourly/${rulename}"
one of these is definitely redundant.
There was a problem hiding this comment.
Could split hourly in two files.
Move the directory management into its own file to create and purge always.
Existing file without that could be included iff there an hourly logrotate rule.
Pull Request (PR) description
When EL9 switched to using systemd (quite correctly ) in #216 support for a special directory for hourly logrotations was removed - that change was backwards incompatible.
Add that functionality back with a new unit and timer
logrotate-hourly.servicelogrotate-hourly.timerWhile this could be achieved by reducing the period of existing timer to hourly I presume the motivation for this was to avoid processing all logrotate directives every hour which does make some sense.
Following this patch:
and