From 13b3166e420a58be92c14d30910cbc8650053f41 Mon Sep 17 00:00:00 2001
From: Bogdan Dobrelya <bdobreli@redhat.com>
Date: Thu, 17 May 2018 12:53:03 +0200
Subject: [PATCH] Force GDPR compliance of containers logs

After purge_after_days, defaults to a 14, forcibly remove
any rotated and compressed logs of containerized services
in /var/log/containers. This overrides any related
containerized logrotate configuration used for
containerized services.

Allow to alter rotation interval for log files managed
via containerized logrotate. Defaults to 'daily'
and rotate 14 (days).

Use sharedscripts to clean up files in the postrotate
script only once.

Additionally, to enforce GDPR compliance of log files
in /var/log/containers, put them under logrotate management
(minsize 1) and always compress. Prohibit the size option
as it does not honor time-based contstraints required by
GDPR. Forcibly remove all files but those rotated and
compressed logs, via the postscript section.

Partial-bug: #1771543

Change-Id: Id8e4717a5ecda53bc9cd39f1c2efaa80b56bd45e
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
(cherry picked from commit e13654504adb93f7313942b4d839577d3ccd072d)
---
 manifests/profile/base/logging/logrotate.pp   | 49 ++++++++++++++-----
 ...ate-containers-purge-56143a979ba80b51.yaml | 26 ++++++++++
 .../logrotate/containers_logrotate.conf.erb   | 22 ++++++---
 3 files changed, 79 insertions(+), 18 deletions(-)
 create mode 100644 releasenotes/notes/logrotate-containers-purge-56143a979ba80b51.yaml

diff --git a/manifests/profile/base/logging/logrotate.pp b/manifests/profile/base/logging/logrotate.pp
index 45f2a77df..3da97117d 100644
--- a/manifests/profile/base/logging/logrotate.pp
+++ b/manifests/profile/base/logging/logrotate.pp
@@ -50,6 +50,29 @@
 #  [*user*]
 #    (optional) Defaults to 'root'. Configures cron job for logrotate.
 #
+#  [*maxsize*]
+#    (optional) Defaults to '10M'.
+#    Configures the logrotate maxsize parameter.
+#
+#  [*rotation*]
+#    (optional) Defaults to 'daily'.
+#    Configures the logrotate rotation interval.
+#
+#  [*rotate*]
+#    (optional) Defaults to 14.
+#    Configures the logrotate rotate parameter.
+#
+#  [*purge_after_days*]
+#    (optional) Defaults to 14.
+#    Configures forced purge period for rotated logs.
+#    Overrides the rotation and rotate settings.
+#
+# DEPRECATED PARAMETERS
+#
+#  [*size*]
+#    DEPRECATED: (optional) Defaults to '10M'.
+#    Configures the logrotate size parameter.
+#
 #  [*delaycompress*]
 #    (optional) Defaults to True.
 #    Configures the logrotate delaycompress parameter.
@@ -58,14 +81,6 @@
 #    (optional) Defaults to True.
 #    Configures the logrotate compress parameter.
 #
-#  [*size*]
-#    (optional) Defaults to '10M'.
-#    Configures the logrotate size parameter.
-#
-#  [*rotate*]
-#    (optional) Defaults to 14.
-#    Configures the logrotate rotate parameter.
-#
 class tripleo::profile::base::logging::logrotate (
   $step             = Integer(hiera('step')),
   $ensure           = present,
@@ -76,13 +91,25 @@ class tripleo::profile::base::logging::logrotate (
   $weekday          = '*',
   Integer $maxdelay = 90,
   $user             = 'root',
-  $delaycompress    = true,
-  $compress         = true,
-  $size             = '10M',
+  $rotation         = 'daily',
+  $maxsize          = '10M',
   $rotate           = 14,
+  $purge_after_days = 14,
+  # DEPRECATED PARAMETERS
+  $size             = undef,
+  $delaycompress    = false,
+  $compress         = true,
 ) {
 
   if $step >= 4 {
+    if (! $compress or $delaycompress or $size != undef) {
+      warning('Size and delaycompress are DISABLED to enforce GDPR.')
+      warning('Size configures maxsize instead of size.')
+      warning('Compress cannot be delayed or turned off.')
+      $maxsize = pick($size, $maxsize)
+      $compress = true
+      $delaycompress = false
+    }
     if $maxdelay == 0 {
       $sleep = ''
     } else {
diff --git a/releasenotes/notes/logrotate-containers-purge-56143a979ba80b51.yaml b/releasenotes/notes/logrotate-containers-purge-56143a979ba80b51.yaml
new file mode 100644
index 000000000..4639c6f96
--- /dev/null
+++ b/releasenotes/notes/logrotate-containers-purge-56143a979ba80b51.yaml
@@ -0,0 +1,26 @@
+---
+upgrade:
+  - |
+    Rotated logs of containerized services in /var/log/containers
+    will be purged with the next containerized logrotate run
+    triggered via cron, if the rotated logs have been kept longer
+    than `purge_after_days` (defaults to a 14 days).
+
+    Containerized logrotate now always compresses the rotated
+    /var/log/containers logs and this can no longer be delayed
+    with delaycompress. Size parameter does not honor time-based
+    constraints and is disabled as not GDPR compliant. From now on,
+    it configures maxsize instead. Minsize is set to a 1 byte to
+    put all /var/log/containers logs under the containerized
+    logrotate control.
+security:
+  - |
+    Forcibly purge rotated /var/log/containers logs after
+    `purge_after_days` (defaults to a 14 days). New param `rotation`
+    additionally allows to alter logrotate rotation interval.
+    Defaults to a 'daily'. Make sure to adjust `purge_after_days` as
+    needed.
+
+    Any files in /var/log/containers, if not managed by
+    the containerized logrotate, will be purged forcibly with each
+    containerized logrotate run triggered via cron.
diff --git a/templates/logrotate/containers_logrotate.conf.erb b/templates/logrotate/containers_logrotate.conf.erb
index 71a669e99..20bdcab7a 100644
--- a/templates/logrotate/containers_logrotate.conf.erb
+++ b/templates/logrotate/containers_logrotate.conf.erb
@@ -1,17 +1,25 @@
 /var/log/containers/*/*log /var/log/containers/*/*/*log {
+  <%= @rotation %>
   rotate <%= @rotate %>
-  size <%= @size %>
+  # minsize 1 is required for GDPR compliance, all files in
+  # /var/log/containers not managed with logrotate will be purged!
+  minsize 1
+  # Do not use size as it's not compatible with time-based rotation rules
+  # required for GDPR compliance.
+  maxsize <%= @maxsize %>
   missingok
   notifempty
-<%- if @delaycompress %>
-  delaycompress
-<%- end %>
-<%- if @compress %>
+  # Do not use delaycompress as it's not compatible with the postrotate script.
+  # Compress always is required for the postrotate script compatibility.
   compress
-<%- end %>
+  sharedscripts
   postrotate
     /sbin/lsof -nPs +L1 +D /var/log/containers 2>&1|\
     awk '/\S+\s+[0-9]+\s.*\/var\/log\/containers\/.*\(deleted\)/ {print $2}' |\
-    sort -u | /bin/xargs -n1 -r -t kill -HUP
+    sort -u | /bin/xargs -n1 -r -t kill -HUP;
+    /usr/bin/find /var/log/containers -type f \
+    \( -not -name "*.gz"  -and  -not -name "*.[0-9]*" \) -exec rm -f {} \;;
+    /usr/bin/find /var/log/containers -type f \
+    -mtime +<%= @purge_after_days %> -exec rm -f {} \;
   endscript
 }