nickhammond / ansible-logrotate Goto Github PK

Ansible Galaxy role to setup logrotate and additional rotation scripts

License: BSD 3-Clause "New" or "Revised" License

Ruby 100.00%

ansible-logrotate's Introduction

Hi, I'm Nick.

I’ve been working professionally on the internet building things for over 15 years. I’ve spent most of that time building Rails applications with a strong focus on Developer UX and DevOps.

More recently I've been helping companies migrate to and from the cloud with tools like Kamal and Terraform.

I'm also working on building a deployment dashboard for Kamal called Shipyrd.

I currently have some time available for about 10 hours of contract work a week, send me an email if you'd like to chat.

ansible-logrotate's People

Contributors

Stargazers

Watchers

Forkers

juliosmelo narrativecontentgroup kagux ajsalminen jeancornic praveen8735 duhast robzienert rayleyva danwashusen ynott simplyguru-dot gsfjohnson jgeusebroek zapier edelamusse libraries-fi antstorm bdossantos nickvolynkin sauce-archives 3wille fujitsuenablingsoftwaretechnologygmbh gorazio swalkinshaw tridevgurung lchabert glossandglam akhon verygood-ops crazyguyonabike steamulo zeelax singleplatform-eng limbus-medtec splitice giouchiha hu-berlin-cms gadventures lightyrs ivanfoo tune-archive poniverse ursuad supaflysnooka arineng affinity silverlogic otakup0pe travis-south wtsi-hgi pmickus berry-nature patchy-txr tangrufus oozou arcenik rcm7 kietnguyen agepartnership rwese mdrotthoff cybercinch g1gc pkeeper rcuza onshift injeti-manohar johneayala jackjuvo gofrolist kailashadhikari satishgummadelli vinodadhikary yanshoutong mikhail-dyuryagin popzh siahaanbernard jfcalvez downingar vishalzambre thaovutran nin9swells nycrecords angilenko alekhyachalla akulatraxas zombie-king miscreantt chancez binbashar alwaysastudent joaoplsaraiva h2-invent-infra arohacs aberes segovchik iq-scm dschaaff

ansible-logrotate's Issues

Needs become to run

Install logrotate task requires root. However, it is not given that the user we use to connect to the target machine will be root. Using become: true on the task should solve this.

Needs become to run

Install logrotate task requires root. However, it is not given that the user we use to connect to the target machine will be root. Using become: true on the task should solve this.

No updates since August 2016. :( 9 PRs, and 9 issues. I would be happy to help the maintainer if I can. It seems to be the most featureful implementation of logrotate in Ansible-land, but newer Ansible versions have differing ways of using roles with changed syntax and YAML-isms.

Manually deleted config files not recreated

Sorry. wrong repository.

Documentation lacking an actual playbook example

Could you provide an example of an actual playbook with this role applied, rather than just the role's required variable? An example would have saved me two days of struggling to both understand roles and how to use this particular role.

'ansible.vars.unsafe_proxy.AnsibleUnsafeText object' has no attribute 'name'

Apologies if this is just noobness. This is just a snippet. I'd be happy to provide more info.

Environment:

$ ansible --version
ansible 2.3.2.0
  config file = /home/jesse/<REDACTED>deploy/ansible.cfg
  configured module search path = Default w/o overrides
  python version = 2.7.12 (default, Jan  2 2017, 14:56:13) [GCC 4.9.4]

Ansible output snippet:

TASK [logrotate : nickhammond.logrotate | Setup logrotate.d scripts] ********************************************************
fatal: [<REDACTED>]: FAILED! => {                                                                                 "failed": true             
}                                                                                                                            

MSG:                                                          

the field 'args' has an invalid value, which appears to include a variable that is undefined. The error was: 'ansible.vars.un
safe_proxy.AnsibleUnsafeText object' has no attribute 'name'  
                               
The error appears to have been in '/home/jesse/<REDACTED>/deploy/roles/logrotate/tasks/main.yml': line 8, column 3, b
ut may                         
be elsewhere in the file depending on the exact syntax problem.                                                              

The offending line appears to be:                                                                                            
                                                                                                                             
                                                                                                                             
- name: nickhammond.logrotate | Setup logrotate.d scripts     
  ^ here

Thanks in advance.

missing tag v0.0.4 for the latest commit

it will keep a better management of the role itself instead of dumping from master branch and always checking the repo.

Doc bug: scripts is not a list

The documentation says this:

  scripts:
      - postrotate: "[ -s /run/nginx.pid ] && kill USR1 `cat /run/nginx.pid`"

...but should say this:

  scripts:
      postrotate: "[ -s /run/nginx.pid ] && kill USR1 `cat /run/nginx.pid`"

Way to move vars out of main playbook definition file?

Hello. Might not be the right place but worth asking:

site.yml:

---
- hosts: all
  become: true
  roles:
    - role: nickhammond.logrotate
      logrotate_scripts:
        - name: logrotate for rails
          path: "/var/www/app/shared/log/*.log"
          options:
            - weekly
            - size 25M
            - missingok
            - compress
            - delaycompress
            - copytruncate

I want to instead do something like this:

site.yml

---
- hosts: all
  become: true
  roles:
    - role: nickhammond.logrotate
      include_vars:
        file: logrotate.yml

vars/logrotate.yml

logrotate_scripts:
  - name: logrotate for rails
    path: "/var/www/app/shared/log/*.log"
    options:
      - weekly
      - size 25M
      - missingok
      - compress
      - delaycompress
      - copytruncate

I've tried every type of include that Ansible provides. include, and include_vars. Is this just not possible? I could do it if I made my own role/task and did it within that, but that seems overkill. Thanks.

Adding multiple paths?

Is there anyway to add multiple paths to the same rotate entry? Same for scripts (e.g. multiple scripts lines) Does not appear to put the proper quotes. an example would help if this is possible. BTW thanks for putting this together...works great

SELinux

Hello

Logrotate didn't worked out of the box due to SELinux denied logrotate the access to /opt/tomcat/logs while running as daemon (meaning, interactive logrotate -v -f /etc/logrotate.conf did work, but not overnight).
Here's my resulting playbooks, maybe you should include a sefcontext in your module, or give this example in your README.md

---
- hosts: all
  remote_user: root

  vars:
    logrotate_scripts:
      - name: tomcat
        path: /opt/tomcat/logs/catalina.out
        options:
          - daily
          - dateext
          - size 10M
          - rotate 30
          - missingok
          - compress
          - delaycompress
          - copytruncate

  roles:
    - nickhammond.logrotate

  tasks:
    # - debug:
    #     msg: Requires "ansible-galaxy install nickhammond.logrotate"

    # type=AVC msg=audit(1486347241.981:69221): avc:  denied  { write } for  pid=405 comm="logrotate" name="catalina.out" dev=dm-0 ino=262591 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
    # type=SYSCALL msg=audit(1486347241.981:69221): arch=c000003e syscall=2 success=no exit=-13 a0=cbec20 a1=2 a2=7fffe8ef76ef a3=746165726373662f items=0 ppid=403 pid=405 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9311 comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null)
    - name: Logrotate | SELinux fcontext for /opt/tomcat/logs
      # semanage fcontext -l -- | grep 'var/log'
      # semanage fcontext -l -- | grep tomcat   =>   system_u:object_r:tomcat_log_t:s0
      sefcontext:
        target: '/opt/tomcat/logs/.*?'
        seuser: system_u
        # serole: object_r # unsupported parameters
        setype: tomcat_log_t
        selevel: s0
        state: present
      # Result /opt/tomcat/logs/.*?     all files    system_u:object_r:tomcat_log_t:s0

      # # SELinux context, c/c from ls -Z /var/log/nginx/* /var/log/httpd/*
      # - name: Logrotate | SELinux context for catalina.out file
      #   file:
      #     path: /opt/tomcat/logs/catalina.out
      #     state: file
      #     selevel: s0
      #     serole: object_r
      #     seuser: system_u
      #     setype: httpd_sys_content_t

Use GitHub releases for versioning

Would you mind using GitHub releases so that users can install a specific version? This is really useful to avoid pulling in changes from master until we decide to upgrade.

Allows you to create a requirements.yml like this:

- src: nickhammond.logrotate
  version: v1.0.0

logrotate_scripts from different groups conflict

Ok say I got a web group and a db group. The db group wants to rotate the db logs and the web group wants to rotate the web logs, and a host is in both groups. The variable logrotate_scripts conflicts.

Because of how ansible works you can't define a logrotate_scripts in the web group vars and a different logrotate_scripts in the db group vars because ansible flattens it and depending on the order the host will only ever get the one logrotate_scripts no matter how you select it.

nginx example has a fatal bug

postrotate: "[ -s /run/nginx.pid ] && kill USR1 `cat /run/nginx.pid`"

should be

postrotate: "[ -s /run/nginx.pid ] && kill -USR1 `cat /run/nginx.pid`"

Took me a few hours to figure out.

Role does not provide a way to avoid duplicate entries

A number of logrotate configurations come pre-defined in /etc/logrotate.d/. If this role is used to define the configuration for a path that is already configured, logrotate reports:

error: <basename(path)>:3 duplicate log entry for <path>

and then it looks like it gives precedence to the configuration defined in the file with the name of the lowest lowest lexicographic ordering.

It would be good if there was a way of removing any other other configurations to ensure that that set by this role gets run.

Multiple Paths

Currently you can only pass one path to each logrotate_scripts element. Any issues with supporting multiple paths?

I have created a branch here: AgePartnership@18b94f1

Change is backwards compatible I believe.

Will setup a PR if you are happy.

I have tested on CentOS using LogRotate 3.8.6

scripts, postrotate, multiple entries

I am trying to use this role to set the log owner and permissions, but I am using copytruncate, so I can't use the create directive.

Is there a way to do it in scripts, postrotate. When I tested, it only allows one entry for postrotate I believe because it is a dict object.

i.e.

scripts:
  postrotate: chown app:app /mnt/log/test/*.log
  postrotate: chmod 0644 /mnt/log/test/*.log

If I run the above, only the chmod line is applied when the playbook is run...

logrotate_keep cannot be -1 even it is a valid value

Hi and thank for this Ansible role.

I wanted to setup a logrotate that always keep logs with the value -1 but it is denied by the role : I got the following error message :

TASK [logrotate : assert | Test if logrotate_keep is set correctly] **************************************************************************************************************************
fatal: [192.168.1.21 -> localhost]: FAILED! => {"assertion": "logrotate_keep >= 0", "changed": false, "evaluated_to": false, "msg": "Assertion failed"}

The man of logrotate says :

❯ man logrotate | grep '\-1'
              [...] If count is -1, old logs are not removed at all, except they are affected by maxage (use with caution, may waste performance and disk space).  Default is 0.

May be the test should be logrotate_keep >= -1 ?

Thanks again.
Best regards.

Add an option to skip logrotate installation

Some people run on weird systems without apt (like Gentoo), but still want to use configuration management tools. I can come up with PR that allows to skip logrotate installation. What do you think?

Logrotate broken with Python3

Python2 goes end-of-life January 2020. Distro vendors have been scrambling to upgrade to Python3 and this appears to include the recent Ansible 2.8.0 release. A previously-functioning project using ansible-logrotate now fails because Python3 does not implement iteritems.

Change required - file logrotate/templates/logrotate.d.j2

FROM:
{%- for name, script in item.scripts.iteritems() -%}
TO:
{%- for name, script in item.scripts.items() | list -%}

Postrotate not working

I use the following config:

logrotate_scripts:
  - name: node
    path: "/var/log/forever/*.log"
    options:
      - daily
      - dateext
      - missingok
      - rotate 30
      - compress
      - delaycompress
      - notifempty
      - copytruncate
    scripts:
      postrotate: "mv /var/log/forever/*.gz /var/log/forever/archive"

The logs are never rotated into the archive folder (running the command manually works). What am I doing wrong?

nickhammond / ansible-logrotate Goto Github PK

ansible-logrotate's Introduction

Hi, I'm Nick.

Links

ansible-logrotate's People

Contributors

Stargazers

Watchers

Forkers

ansible-logrotate's Issues

Recommend Projects

Recommend Topics

Recommend Org