Bug 54247 – Rotate log of OPA output

Bug 54247 - Rotate log of OPA output


Summary:	Rotate log of OPA output

Status:	VERIFIED FIXED

Product:	UCS@school
Classification:	Unclassified
Component:	HTTP-API (Kelvin)
Version:	UCS@school 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Carlos García-Mauriño
QA Contact:	Daniel Tröder

URL:	https://git.knut.univention.de/univen...
Keywords:

Depends on:	53961
Blocks:
	Show dependency tree / graph

Reported:	2021-12-14 13:46 CET by Michael Grandjean
Modified:	2022-05-04 10:46 CEST (History)
CC List:	4 users (show)

See Also:	52504
What kind of report is it?:	Bug Report
What type of bug is this?:	4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?:	3: Will affect average number of installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.137
Enterprise Customer affected?:
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	bitesize
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Grandjean

2021-12-14 13:46:38 CET

With v1.5.1 of the Kelvin REST API, OPA was added including its own logfile. However, this does not seem to get rotated:

> root@ucs-001:~# ls -lah /var/log/univention/ucsschool-kelvin-rest-api/opa.log*
> -rw-r----- 1 root root 517M Dez 14 13:45 /var/log/univention/ucsschool-kelvin-rest-api/opa.log

+++ This bug was initially created as a clone of Bug #53961 +++

The output of the Open Policy Agent should be logged.

Comment 2 Carlos García-Mauriño

2022-05-04 08:52:16 CEST

Built image for 1.5.5 (Image ID: `4525cd0ea8fd`). New version of the app (1.5.5) is unpublished but ready for review. Tested and logrotation works.

Comment 3 Daniel Tröder

2022-05-04 10:41:50 CEST

Thank you, works very well.

Solution description:

* The logrotate executable is installed into the Kelvin Docker container.
* The cron daemon (and as a dependency syslog) is installed into the Kelvin Docker container.
* A crontab entry is created for the cron daemon to start logrotate every day, as a UCR template.
* The crontab entry can be modified through two appsettings, resulting in UCR changing the crontab file.

BTW: the starting of the cronjob only once per day (at 2:00 am) means, that changing the appsettings to rotate more often than once per day will not work. IMHO that is OK.

Comment 4 Daniel Tröder

2022-05-04 10:46:55 CEST

> * The crontab entry can be modified through two appsettings, resulting in UCR changing the crontab file.
Correction: The logrotate config is modified by appsettings/UCR, not the cronjob.