This reimplements commit 67a7dc70f2.
Copytruncate becomes a default for containerized logrotate. The
solution based on signals processing goes away.
As long as key deployment framework components heat-engine and
mistral-engine do not tolerate SIGHUP copytruncate should be used.
There is more openstack services, like neutron-server, nova-scheduler
that cannot handle SIGHUP nicely yet.
Nor can we fall back to that predates the containerization of services
because of the following reasons:
* We cannot and should not use the restart command in postrotate as it
was before containerization of services. For that a container needs
to be privileged and granted a docker socket bind-mount, which is a
total security antipattern and defeats the very purpose of
containerization. Things may change with future adoption of Podman
and/or kubelet control plane though. If/when that happens, we might
consider an option for postrotate to terminate a process with
SIGTERM, to have the process instantly respawned via its systemd
unit/kubelet restart policies.
* Individual services' logrotate configs worth nothing, when still
being handled by a central logrotation container running crond. And
it needs to remain centralized as individual containers neither do
run crond nor contain logrotate, nor lightweight containers following
12-factors apps recommendations should do anything like that. Nor the
host logrotate/crond can do rotation of logs for containers as we do/
should not install required packages on the host, but only in
containers. See also the spec [0] explaining the reasoning better.
All of that makes copytruncate a global choice for logs rotation of
containerized services as we just cannont be sure, if a service foo
*really* does correct processing of SIGHUP. We leave that option for
future implementation in the hope things get fixed eventually. As well
as the aforementioned systemd/kublet option, or the option to provide
stdout only logging [0] and let the logrotate thing go.
[0] https://review.openstack.org/#/c/462900
Closes-Bug: #1795411
Related-Bug: #1276694
Change-Id: Ibdad7859a389d0ff37bbf7bfd9f4c521a05a5ea1
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2b223de04b