Fix journal remote playbook

Changes have been made and things have been learned about how best to configure and tune systemd when uploading remote journals. Overview: > The old setup was binding to users and groups which are not needed. > Journald was not setup to best recieve remote journals and with its default config will fill up disks remote target disks. > This playbook is leveraging the systemd-service common role in a way that is no longer needed given the upstream improvements we've made in the role. This change updates our playbook to ensure we're tuning the system accordingly and removing code we no longer need. Change-Id: I426dc8c29987e7b034a656e7d81321655ed6dbe2 Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2019-01-22 10:27:01 -06:00 · 2019-01-22 10:27:01 -06:00 · fd04ab82dd
commit fd04ab82dd
parent c3c46dabf7
1 changed files with 28 additions and 20 deletions
--- a/playbooks/infra-journal-remote.yml
+++ b/playbooks/infra-journal-remote.yml
@ -17,6 +17,11 @@
  hosts: hosts
  gather_facts: "{{ osa_gather_facts | default(True) }}"
  become: true
+  handlers:
+    - name: Restart systemd-journald
+      systemd:
+        name: systemd-journald
+        state: restarted
  pre_tasks:
    # At this time there's no suitable package available for systemd-journal-remote/gateway
    # When installing on SUSE 42.x. For now this playbook will omit suse when the package
@ -50,6 +55,29 @@
        owner: "systemd-journal-remote"
        group: "systemd-journal"

+    - name: Ensure receiving hosts are tuned
+      ini_file:
+        path: "/etc/systemd/journald.conf"
+        section: Journal
+        option: "{{ item.key }}"
+        value: "{{ item.value }}"
+        backup: yes
+      with_items:
+        - key: RuntimeMaxFiles
+          value: "{{ ((((groups['hosts'] | length) * 1.5) + (groups['hosts'] | length)) // 1) | int }}"
+        - key: RuntimeMaxFileSize
+          value: "5G"
+        - key: Compress
+          value: "yes"
+        - key: MaxFileSec
+          value: "1d"
+        - key: MaxRetentionSec
+          value: "2d"
+      when:
+        - (ansible_host == systemd_journal_remote_target)
+      notify:
+        - Restart systemd-journald
+
  roles:
    - role: "systemd_service"
      systemd_tempd_prefix: "openstack"
@ -68,16 +96,6 @@
            --compress
            --seal
            --output=/var/log/journal/remote/
-          config_overrides:
-            Unit:
-              Description: "Journal Remote Sink Service"
-              Documentation: "man:systemd-journal-remote(8) man:journal-remote.conf(5)"
-              Requires: "systemd-journal-remote.socket"
-            Service:
-              WatchdogSec: "3min"
-              LimitNOFILE: 16384
-              User: "systemd-journal-remote"
-              Group: "systemd-journal-remote"

        - service_name: "systemd-journal-upload"
          enabled: "{{ (ansible_host == systemd_journal_remote_target) | ternary('no', 'yes') }}"
@ -87,16 +105,6 @@
            --save-state
            --merge
            --url=http://{{ systemd_journal_remote_target }}:19532
-          config_overrides:
-            Unit:
-              Description: "Journal Remote Upload Service"
-              Documentation: "man:systemd-journal-upload(8)"
-              After: "network.target"
-            Service:
-              WatchdogSec: "3min"
-              LimitNOFILE: 16384
-              User: "systemd-journal-upload"
-              Group: "systemd-journal"

  vars:
    systemd_journal_remote_target: "{{ hostvars[groups['log_hosts'][0]]['ansible_host'] }}"