Merge pull request #56979 from hyperbolic2346/mwilson/apilb-log-rotate

Automatic merge from submit-queue (batch tested with PRs 56858, 57040, 56979, 57051, 57052). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. enabling log rotate for api logs in nginx **What this PR does / why we need it**: Prevent the load balancer from filling the disk with logs from the api server **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes # https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/449 **Special notes for your reviewer**: **Release note**: ```release-note Enabled log rotation for load balancer's api logs to prevent running out of disk space. ```
2025-07-23 19:56:01 +00:00 · 2017-12-16 16:34:44 -08:00 · 2017-12-16 16:34:44 -08:00 · cb127830ff
commit cb127830ff
parent 62c89368db 57059ea442
1 changed files with 35 additions and 0 deletions
--- a/cluster/juju/layers/kubeapi-load-balancer/reactive/load_balancer.py
+++ b/cluster/juju/layers/kubeapi-load-balancer/reactive/load_balancer.py
@ -21,6 +21,7 @@ import subprocess
 from charms import layer
 from charms.reactive import when, when_any, when_not
 from charms.reactive import set_state, remove_state
+from charms.reactive import hook
 from charmhelpers.core import hookenv
 from charmhelpers.core import host
 from charmhelpers.contrib.charmsupport import nrpe
@ -35,6 +36,25 @@ from subprocess import STDOUT
 from subprocess import CalledProcessError


+apilb_nginx = """/var/log/nginx.*.log {
+	daily
+	missingok
+	rotate 14
+	compress
+	delaycompress
+	notifempty
+	create 0640 www-data adm
+	sharedscripts
+	prerotate
+		if [ -d /etc/logrotate.d/httpd-prerotate ]; then \\
+			run-parts /etc/logrotate.d/httpd-prerotate; \\
+		fi \\
+	endscript
+	postrotate
+		invoke-rc.d nginx rotate >/dev/null 2>&1
+	endscript
+}"""
+
@when('certificates.available')
 def request_server_certificates(tls):
    '''Send the data that is required to create a server certificate for
@ -89,6 +109,14 @@ def close_old_port():
        hookenv.log('Port %d already closed, skipping.' % old_port)


+def maybe_write_apilb_logrotate_config():
+    filename = '/etc/logrotate.d/apilb_nginx'
+    if not os.path.exists(filename):
+        # Set log rotation for apilb log file
+        with open(filename, 'w+') as fp:
+            fp.write(apilb_nginx)
+
+
@when('nginx.available', 'apiserver.available',
      'certificates.server.cert.available')
 def install_load_balancer(apiserver, tls):
@ -123,9 +151,16 @@ def install_load_balancer(apiserver, tls):
                server_certificate=server_cert_path,
                server_key=server_key_path,
        )
+
+        maybe_write_apilb_logrotate_config()
        hookenv.status_set('active', 'Loadbalancer ready.')


+@hook('upgrade-charm')
+def upgrade_charm():
+    maybe_write_apilb_logrotate_config()
+
+
@when('nginx.available')
 def set_nginx_version():
    ''' Surface the currently deployed version of nginx to Juju '''