OpenStack Neutron Open vSwitch Charm

[Wishlist] Define log rotation for NSG log, if path is specified

Bug #1961116 reported by Drew Freiberger on 2022-02-16

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Neutron Open vSwitch Charm	New	Undecided	Unassigned

Bug Description

In a use case where we want to externalize the network security group logging from syslog or the neutron-openvswitch-agent.log, we should configure a generic log rotation for the specified file.

For instance, if I configure neutron-openvswitch or neutron-gateway with:

juju config neutron-openvswitch security-group-log-output-base=/var/log/nsg.log

It would help ensure reliability if a file such as /etc/logrotate.d/juju-nsg-log-output-base could be created with similar rotation specifications to /etc/logrotate.d/neutron-common.

As an example:

# Configuration file maintained by Juju. Local changes may be overwritten
/var/log/nsg.log {
    daily
    missingok
    compress
    delaycompress
    notifempty
    copytruncate
    rotate 60
}

Revision history for this message

Drew Freiberger (afreiberger) wrote on 2022-02-16 (last edit on 2022-02-16):

To clarify the point of externalizing the log, sometimes we may want a security team with unprivileged ssh access to the hypervisor to be able to read the log output, but /var/log/neutron and /var/log/syslog are not readable w/out privilege escalation.

Revision history for this message

Drew Freiberger (afreiberger) wrote on 2022-02-16:

Workaround is to manually create a logrotate.d file on each neutron-l3-agent unit.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.