Giuseppe Lavagetto has submitted this change and it was merged.
Change subject: service::node: Output std out/err to a file
......................................................................
service::node: Output std out/err to a file
In case a service (or firejail) logs something to std out/err, it gets
sent to journalctl, which is not accessible to service owners. This
patch redirects them to a file so that service owners can consult and
inspect them.
Note that this changeset is pertinent only for Jessie installs since
Upstart has no way of redirecting the std streams.
Bug: T137878
Change-Id: I6f06d85bd1ada95c99b373a5f6b8f51c535eeee6
---
M modules/service/manifests/configuration.pp
M modules/service/manifests/node.pp
A modules/systemd/manifests/syslog.pp
A modules/systemd/templates/logrotate.erb
A modules/systemd/templates/rsyslog.conf.erb
5 files changed, 101 insertions(+), 15 deletions(-)
Approvals:
Giuseppe Lavagetto: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/service/manifests/configuration.pp
b/modules/service/manifests/configuration.pp
index f6281cf..f4f6bfa 100644
--- a/modules/service/manifests/configuration.pp
+++ b/modules/service/manifests/configuration.pp
@@ -46,5 +46,12 @@
$log_dir = '/srv/log',
$use_dev_pkgs = false,
){
- # No op for now.
+
+ file { $log_dir:
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ }
+
}
diff --git a/modules/service/manifests/node.pp
b/modules/service/manifests/node.pp
index c679109..64a88aa 100644
--- a/modules/service/manifests/node.pp
+++ b/modules/service/manifests/node.pp
@@ -270,29 +270,35 @@
File["/etc/${title}/config.yaml"] -> Service[$title]
}
- if $local_logging {
- if !defined(File[$::service::configuration::log_dir]) {
- file { $::service::configuration::log_dir:
- ensure => directory,
- owner => 'root',
- group => 'root',
- mode => '0755',
- }
+ # on systemd, set up redirecting of stdout/stderr to a file
+ # that will be readable by any user.
+ if $::initsystem == 'systemd' {
+ systemd::syslog { $title:
+ readable_by => 'all',
+ base_dir => $::service::configuration::log_dir,
+ group => 'root',
}
+ }
+ elsif $local_logging {
+ # Local logging is enabled, but we're
+ # not on systemd
file { $local_logdir:
- ensure => directory,
- owner => $title,
- group => 'root',
- mode => '0755',
- before => Service[$title],
- require => File[$::service::configuration::log_dir],
+ ensure => directory,
+ owner => $title,
+ group => 'root',
+ mode => '0755',
}
+
file { "/etc/logrotate.d/${title}":
content => template('service/logrotate.erb'),
owner => 'root',
group => 'root',
mode => '0444',
}
+ }
+
+
+ if $local_logging {
# convenience script to pretty-print logs
file { "/usr/local/bin/tail-${title}":
content => template('service/node/tail-log.erb'),
@@ -305,6 +311,11 @@
file { "/usr/bin/tail-${title}":
ensure => absent,
}
+
+ # Ensure the local log directory is present before the service
+ if $enable {
+ File[$local_logdir] -> Service[$title]
+ }
}
# service init script and activation
diff --git a/modules/systemd/manifests/syslog.pp
b/modules/systemd/manifests/syslog.pp
new file mode 100644
index 0000000..5a468c0
--- /dev/null
+++ b/modules/systemd/manifests/syslog.pp
@@ -0,0 +1,54 @@
+define systemd::syslog(
+ $base_dir='/var/log',
+ $owner=$title,
+ $group=$title,
+ $readable_by='group'
+ ) {
+ if $::initsystem != 'systemd' {
+ fail('systemd::syslog is useful only with systemd')
+ }
+
+ # File permissions
+ $dirmode = '0755'
+ $filemode = $readable_by ? {
+ 'user' => '0600',
+ 'group' =>'0640',
+ 'all' => '0644'
+ }
+
+ $local_logdir = "${base_dir}/${title}"
+ $local_syslogfile = "${local_logdir}/syslog.log"
+
+ if ! defined(File[$local_logdir]) {
+ file { $local_logdir:
+ ensure => directory,
+ owner => $owner,
+ group => $group,
+ mode => $dirmode,
+ }
+ }
+
+ file { $local_syslogfile:
+ ensure => present,
+ replace => false,
+ content => '',
+ owner => $title,
+ group => $title,
+ mode => $filemode,
+ before => Rsyslog::Conf[$title],
+ }
+
+ rsyslog::conf { $title:
+ content => template('systemd/rsyslog.conf.erb'),
+ priority => 20,
+ require => File[$local_logdir],
+ before => Base::Service_unit[$title],
+ }
+
+ file { "/etc/logrotate.d/${title}":
+ content => template('systemd/logrotate.erb'),
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ }
+}
diff --git a/modules/systemd/templates/logrotate.erb
b/modules/systemd/templates/logrotate.erb
new file mode 100644
index 0000000..5d52eb7
--- /dev/null
+++ b/modules/systemd/templates/logrotate.erb
@@ -0,0 +1,11 @@
+# logrotate(8) config for <%= @title %>
+
+<%= @local_logdir %>/* {
+ daily
+ copytruncate
+ missingok
+ compress
+ notifempty
+ rotate 15
+ size 256M
+}
diff --git a/modules/systemd/templates/rsyslog.conf.erb
b/modules/systemd/templates/rsyslog.conf.erb
new file mode 100644
index 0000000..60631fa
--- /dev/null
+++ b/modules/systemd/templates/rsyslog.conf.erb
@@ -0,0 +1,3 @@
+# rsyslogd(8) configuration file for services.
+# This file is managed by Puppet.
+:programname, startswith, "<%= @title %>" <%= @local_syslogfile %>
--
To view, visit https://gerrit.wikimedia.org/r/299000
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I6f06d85bd1ada95c99b373a5f6b8f51c535eeee6
Gerrit-PatchSet: 10
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Mobrovac <[email protected]>
Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]>
Gerrit-Reviewer: Mobrovac <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
