StarlingX

  1. Bug #2009784
  2. Comment #1

Comment 1 for bug 2009784

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to config-files (master)

Reviewed: https://review.opendev.org/c/starlingx/config-files/+/877669
Committed: https://opendev.org/starlingx/config-files/commit/f1e378fe5c949421cfd3b0c08ba00af843e2f1dd
Submitter: "Zuul (22348)"
Branch: master

commit f1e378fe5c949421cfd3b0c08ba00af843e2f1dd
Author: Leonardo Fagundes Luz Serrano <email address hidden>
Date: Thu Mar 16 12:13:57 2023 -0300

    Setup fluxcd's log dir and logrotate

    - Armada has been replaced by Fluxcd, so the logrotate config can
    be adapted.

    - An entry was added to /etc/tmpfiles.d to create /var/log/flux
    during boot. Some more context in [1].

    - About the owner:group:
    The flux container processes are associated with the user:group
    'nobody:nogroup' as defined in their Dockerfiles [2,3], which is
    a default user with very restricted privileges [4].
    Since /var/log is owned by root, it does not allow flux to write files.
    To circumvent that, /var/log/flux has its ownership set to match
    the container processes.

    [1] https://review.opendev.org/c/starlingx/config-files/+/859666
    [2] https://github.com/fluxcd/source-controller/blob/v0.32.1/Dockerfile#L87
    [3] https://github.com/fluxcd/helm-controller/blob/v0.27.0/Dockerfile#L44
    [4] https://wiki.debian.org/SystemGroups

    Test Plan:
    PASS build custom iso and install. Flux log dir exists
         and has right owner:group.
    PASS logs rotate

    Partial-Bug: 2009784

    Signed-off-by: Leonardo Fagundes Luz Serrano <email address hidden>
    Change-Id: I8bf8bf5f42c78d6ddab8f0d65e6ffaff9a8ec555