puppet: Rotate access log files every day, not at 500M.

Since logrotate runs in a daily cron, this practically means "daily,
but only if it's larger than 500M."  For large installs with large
traffic, this is effectively daily for 10 days; for small installs, it
is an unknown amount of time.

Switch to daily logfiles, defaulting to 14 days to match nginx; this
can be overridden using a zulip.conf setting.  This makes it easier to
ensure that access logs are only kept for a bounded period of time.
This commit is contained in:
Alex Vandiver 2022-04-28 16:23:27 -07:00 committed by Alex Vandiver
parent 561daee2a1
commit 7c023042cf
6 changed files with 31 additions and 11 deletions

View File

@ -791,6 +791,11 @@ Override the default uwsgi backlog of 128 connections.
Override the default `uwsgi` (Django) process count of 6 on hosts with
more than 3.5GiB of RAM, 4 on hosts with less.
#### `access_log_retention_days`
Number of days of access logs to keep, for both nginx and the application.
Defaults to 14 days.
### `[postfix]`
#### `mailname`

View File

@ -76,13 +76,14 @@ class zulip::nginx {
group => 'adm',
mode => '0750',
}
$access_log_retention_days = zulipconf('application_server','access_log_retention_days', 14)
file { '/etc/logrotate.d/nginx':
ensure => file,
require => Package[$zulip::common::nginx],
owner => 'root',
group => 'root',
mode => '0644',
source => 'puppet:///modules/zulip/logrotate/nginx',
content => template('zulip/logrotate/nginx.template.erb'),
}
package { 'certbot':
ensure => installed,

View File

@ -23,12 +23,13 @@ class zulip::profile::app_frontend {
content => template('zulip/nginx/zulip-enterprise.template.erb'),
notify => Service['nginx'],
}
$access_log_retention_days = zulipconf('application_server','access_log_retention_days', 14)
file { '/etc/logrotate.d/zulip':
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
source => 'puppet:///modules/zulip/logrotate/zulip',
content => template('zulip/logrotate/zulip.template.erb'),
}
file { '/etc/nginx/sites-enabled/zulip-enterprise':
ensure => link,

View File

@ -1,7 +1,7 @@
/var/log/nginx/*.log {
daily
missingok
rotate 14
rotate <%= @access_log_retention_days %>
compress
delaycompress
notifempty

View File

@ -32,8 +32,8 @@
/var/log/zulip/server.log
{
missingok
rotate 10
size 500M
rotate <%= @access_log_retention_days %>
daily
compress
delaycompress
notifempty

View File

@ -25,18 +25,31 @@ from typing import Protocol
from django.conf import settings
from scripts.lib.zulip_tools import BOLD, CYAN, ENDC, FAIL, GRAY, OKBLUE
from scripts.lib.zulip_tools import (
BOLD,
CYAN,
ENDC,
FAIL,
GRAY,
OKBLUE,
get_config,
get_config_file,
)
def parser() -> argparse.ArgumentParser:
parser = argparse.ArgumentParser(description="Search logfiles, ignoring commonly-fetched URLs.")
log_selection = parser.add_argument_group("File selection")
log_selection_options = log_selection.add_mutually_exclusive_group()
access_log_retention_days = int(
get_config(get_config_file(), "application_server", "access_log_retention_days", "14")
)
log_selection_options.add_argument(
"--log-files",
"-n",
help="Number of log files to search",
choices=range(1, 16),
choices=range(1, access_log_retention_days + 2),
metavar=f"[1-{access_log_retention_days+1}]",
type=int,
)
log_selection_options.add_argument(