From 1add7efaa6d32c9f9c91cfda8796c26924cdfc18 Mon Sep 17 00:00:00 2001 From: Andy Fiddaman Date: Fri, 21 Jul 2023 21:58:30 +0000 Subject: [PATCH] Configure log rotation in all non-global zones --- .github/buildomat/jobs/package.sh | 2 +- illumos-utils/src/zone.rs | 5 ++- package-manifest.toml | 21 +++++++++++ smf/logadm/crontab.root | 1 + smf/logadm/logadm.conf | 58 +++++++++++++++++++++++++++++ tools/build-global-zone-packages.sh | 4 ++ 6 files changed, 89 insertions(+), 2 deletions(-) create mode 100644 smf/logadm/crontab.root create mode 100644 smf/logadm/logadm.conf diff --git a/.github/buildomat/jobs/package.sh b/.github/buildomat/jobs/package.sh index 97a3bbd7d08..fcc0f450b71 100755 --- a/.github/buildomat/jobs/package.sh +++ b/.github/buildomat/jobs/package.sh @@ -85,7 +85,7 @@ ptime -m cargo run --locked --release --bin omicron-package -- \ -t host target create -i standard -m gimlet -s asic ptime -m cargo run --locked --release --bin omicron-package -- \ -t host package -stamp_packages omicron-sled-agent maghemite propolis-server +stamp_packages omicron-sled-agent maghemite propolis-server overlay # Create global zone package @ /work/global-zone-packages.tar.gz ptime -m ./tools/build-global-zone-packages.sh "$tarball_src_dir" /work diff --git a/illumos-utils/src/zone.rs b/illumos-utils/src/zone.rs index 6b605eb571c..a3f73b39545 100644 --- a/illumos-utils/src/zone.rs +++ b/illumos-utils/src/zone.rs @@ -353,7 +353,10 @@ impl Zones { info!(log, "Installing Omicron zone: {}", zone_name); zone::Adm::new(zone_name) - .install(&[zone_image.as_ref()]) + .install(&[ + zone_image.as_ref(), + "/opt/oxide/overlay.tar.gz".as_ref(), + ]) .await .map_err(|err| AdmError { op: Operation::Install, diff --git a/package-manifest.toml b/package-manifest.toml index 0f3cf6b3c83..39f1e2f2fbe 100644 --- a/package-manifest.toml +++ b/package-manifest.toml @@ -63,6 +63,27 @@ source.rust.release = true source.paths = [ { from = "smf/installinator", to = "pkg" } ] output.type = "tarball" +# overlay is a set of packages that are overlaid onto all non-global zones. +[package.overlay] +service_name = "overlay" +source.type = "composite" +source.packages = [ + "logadm.tar.gz", +] +output.type = "zone" + +# The logadm package is an overlay for all non-global zones to reconfigure log +# rotation and the frequency with which it runs. +[package.logadm] +service_name = "logadm" +source.type = "local" +source.paths = [ + { from = "smf/logadm/crontab.root", to = "/var/spool/cron/crontabs/root" }, + { from = "smf/logadm/logadm.conf", to = "/etc/logadm.conf" }, +] +output.type = "zone" +output.intermediate_only = true + [package.omicron-nexus] service_name = "nexus" only_for_targets.image = "standard" diff --git a/smf/logadm/crontab.root b/smf/logadm/crontab.root new file mode 100644 index 00000000000..8ca52b8a628 --- /dev/null +++ b/smf/logadm/crontab.root @@ -0,0 +1 @@ +*/15 * * * /usr/sbin/logadm diff --git a/smf/logadm/logadm.conf b/smf/logadm/logadm.conf new file mode 100644 index 00000000000..8ed0095b494 --- /dev/null +++ b/smf/logadm/logadm.conf @@ -0,0 +1,58 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved. +# +# logadm.conf +# +# Default settings for system log file management. +# The -w option to logadm(8) is the preferred way to write to this file, +# but if you do edit it by hand, use "logadm -V" to check it for errors. +# +# The format of lines in this file is: +# +# For each logname listed here, the default options to logadm +# are given. Options given on the logadm command line override +# the defaults contained in this file. +# +# logadm typically runs early every morning via an entry in +# root's crontab (see crontab(1)). +# +/var/log/syslog -C 8 -p 1d -a 'kill -HUP `cat /var/run/syslog.pid`' +/var/adm/messages -C 4 -p 1d -a 'kill -HUP `cat /var/run/syslog.pid`' +/var/cron/log -c -s 512k -t /var/cron/olog +/var/lp/logs/lpsched -C 2 -N -t '$file.$N' +/var/fm/fmd/errlog -N -s 2m -M '/usr/sbin/fmadm -q rotate errlog && mv /var/fm/fmd/errlog.0- $nfile' +/var/fm/fmd/fltlog -N -A 6m -s 10m -M '/usr/sbin/fmadm -q rotate fltlog && mv /var/fm/fmd/fltlog.0- $nfile' +# +# Rotate the SMF logs if they exceed 100M and at least once a day. +smf_logs_size /var/svc/log/*.log -C 8 -s 100m -c +smf_logs_daily /var/svc/log/*.log -C 8 -p 4h -c +# +# The entry below is used by turnacct(8) +# +/var/adm/pacct -C 0 -N -a '/usr/lib/acct/accton pacct' -g adm -m 664 -o adm -p never +# +# The entry below manages the Dynamic Resource Pools daemon (poold(8)) logfile. +# +/var/log/pool/poold -N -s 512k -a 'pkill -HUP poold; true' +/var/fm/fmd/infolog -N -A 2y -S 50m -s 10m -M '/usr/sbin/fmadm -q rotate infolog && mv /var/fm/fmd/infolog.0- $nfile' +/var/fm/fmd/infolog_hival -N -A 2y -S 50m -s 10m -M '/usr/sbin/fmadm -q rotate infolog_hival && mv /var/fm/fmd/infolog_hival.0- $nfile' + diff --git a/tools/build-global-zone-packages.sh b/tools/build-global-zone-packages.sh index 6ca44ef3539..8589dcd270a 100755 --- a/tools/build-global-zone-packages.sh +++ b/tools/build-global-zone-packages.sh @@ -14,6 +14,7 @@ deps=( $tarball_src_dir/omicron-sled-agent.tar $tarball_src_dir/maghemite.tar $tarball_src_dir/propolis-server.tar.gz + $tarball_src_dir/overlay.tar.gz ) for dep in ${deps[@]}; do if [[ ! -e $dep ]]; then @@ -52,5 +53,8 @@ cd - # under /opt/oxide in the gz. cp "$tarball_src_dir/propolis-server.tar.gz" "$tmp_gz/root/opt/oxide" +# The zone overlay should also be bundled. +cp "$tarball_src_dir/overlay.tar.gz" "$tmp_gz/root/opt/oxide" + # Create the final output and we're done cd "$tmp_gz" && tar cvfz $out_dir/global-zone-packages.tar.gz oxide.json root