Rework GDPR compliant logrotate config

Set the logrotate maxage parameter to purge_after_days
as well.

Rework additional retention rules of files in
/var/log/containers in the containerized logrotate
postrotate script. The rules are based on any of the
listed criteria met:

* time of last access of contents (atime) exceeds
purge_after_days,
* time of last modification of contents (mtime) exceeds
purge_after_days,
* time of last modification of the inode (metadata, ctime)
exceeds purge_after_days.

Forcibly purge expired files with each containerized
logrotate run triggered via cron. Note that the files creation
time (the Birth attribute) is not taken into account as it
cannot be accessed normally by system operators (depends on FS
type). Retention policies based on the creation time must
be managed elsewhere.

Related-Bug: #1771543

Change-Id: I9afa22f7dd344a29747206b286520a76d70d704b
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
(cherry picked from commit d032e6d5fc)
This commit is contained in:
Bogdan Dobrelya 2018-05-22 14:53:27 +02:00 committed by Alex Schultz
parent a3b6864456
commit 0cbcf8dfbe
3 changed files with 47 additions and 34 deletions

View File

@ -50,6 +50,14 @@
# [*user*]
# (optional) Defaults to 'root'. Configures cron job for logrotate.
#
# [*delaycompress*]
# (optional) Defaults to True.
# Configures the logrotate delaycompress parameter.
#
# [*compress*]
# (optional) Defaults to True.
# Configures the logrotate compress parameter.
#
# [*maxsize*]
# (optional) Defaults to '10M'.
# Configures the logrotate maxsize parameter.
@ -73,14 +81,6 @@
# DEPRECATED: (optional) Defaults to '10M'.
# Configures the logrotate size parameter.
#
# [*delaycompress*]
# (optional) Defaults to True.
# Configures the logrotate delaycompress parameter.
#
# [*compress*]
# (optional) Defaults to True.
# Configures the logrotate compress parameter.
#
class tripleo::profile::base::logging::logrotate (
$step = Integer(hiera('step')),
$ensure = present,
@ -91,24 +91,21 @@ class tripleo::profile::base::logging::logrotate (
$weekday = '*',
Integer $maxdelay = 90,
$user = 'root',
$delaycompress = true,
$compress = true,
$rotation = 'daily',
$maxsize = '10M',
$rotate = 14,
$purge_after_days = 14,
# DEPRECATED PARAMETERS
$size = undef,
$delaycompress = false,
$compress = true,
) {
if $step >= 4 {
if (! $compress or $delaycompress or $size != undef) {
warning('Size and delaycompress are DISABLED to enforce GDPR.')
if ($size != undef) {
warning('The size parameter is DISABLED to enforce GDPR.')
warning('Size configures maxsize instead of size.')
warning('Compress cannot be delayed or turned off.')
$maxsize = pick($size, $maxsize)
$compress = true
$delaycompress = false
}
if $maxdelay == 0 {
$sleep = ''

View File

@ -6,21 +6,33 @@ upgrade:
triggered via cron, if the rotated logs have been kept longer
than `purge_after_days` (defaults to a 14 days).
Containerized logrotate now always compresses the rotated
/var/log/containers logs and this can no longer be delayed
with delaycompress. Size parameter does not honor time-based
The logrotate maxage parameter is set to `purge_after_days`
as well.
The size parameter does not honor time-based
constraints and is disabled as not GDPR compliant. From now on,
it configures maxsize instead. Minsize is set to a 1 byte to
put all /var/log/containers logs under the containerized
logrotate control.
New param `rotation` additionally allows to alter logrotate
rotation interval, like 'hourly' or 'weekly'.
security:
- |
Forcibly purge rotated /var/log/containers logs after
`purge_after_days` (defaults to a 14 days). New param `rotation`
additionally allows to alter logrotate rotation interval.
Defaults to a 'daily'. Make sure to adjust `purge_after_days` as
needed.
Retention rules of files in /var/log/containers additionally
defined in the containerized logrotate postrotate script and
based on any of the listed criteria met:
Any files in /var/log/containers, if not managed by
the containerized logrotate, will be purged forcibly with each
containerized logrotate run triggered via cron.
* time of last access of contents (atime) exceeds
`purge_after_days`,
* time of last modification of contents (mtime) exceeds
`purge_after_days`,
* time of last modification of the inode (metadata, ctime)
exceeds `purge_after_days`.
Expired files will be purged forcibly with each containerized
logrotate run triggered via cron. Note that the files creation
time (the Birth attribute) is not taken into account as it
cannot be accessed normally by system operators (depends on FS
type). Retention policies based on the creation time must
be managed elsewhere.

View File

@ -1,6 +1,7 @@
/var/log/containers/*/*log /var/log/containers/*/*/*log {
<%= @rotation %>
rotate <%= @rotate %>
maxage <%= @purge_after_days %>
# minsize 1 is required for GDPR compliance, all files in
# /var/log/containers not managed with logrotate will be purged!
minsize 1
@ -9,17 +10,20 @@
maxsize <%= @maxsize %>
missingok
notifempty
# Do not use delaycompress as it's not compatible with the postrotate script.
# Compress always is required for the postrotate script compatibility.
<%- if @delaycompress %>
delaycompress
<%- end %>
<%- if @compress %>
compress
<%- end %>
sharedscripts
postrotate
/sbin/lsof -nPs +L1 +D /var/log/containers 2>&1|\
awk '/\S+\s+[0-9]+\s.*\/var\/log\/containers\/.*\(deleted\)/ {print $2}' |\
sort -u | /bin/xargs -n1 -r -t kill -HUP;
/usr/bin/find /var/log/containers -type f \
\( -not -name "*.gz" -and -not -name "*.[0-9]*" \) -exec rm -f {} \;;
/usr/bin/find /var/log/containers -type f \
-mtime +<%= @purge_after_days %> -exec rm -f {} \;
\( -mtime +<%= @purge_after_days %> -or \
-atime +<%= @purge_after_days %> -or \
-ctime +<%= @purge_after_days %> \) -exec rm -f {} \;;
/sbin/lsof -nPs +L1 +D /var/log 2>&1|\
awk '/\S+\s+[0-9]+\s.*\/var\/log\/.*\(deleted\)/ {print $2}' |\
/bin/xargs -n1 -r -t kill -HUP
endscript
}