- Armada has been replaced by Fluxcd, so the logrotate config can
be adapted.
- An entry was added to /etc/tmpfiles.d to create /var/log/flux
during boot. Some more context in [1].
- About the owner:group:
The flux container processes are associated with the user:group
'nobody:nogroup' as defined in their Dockerfiles [2,3], which is
a default user with very restricted privileges [4].
Since /var/log is owned by root, it does not allow flux to write files.
To circumvent that, /var/log/flux has its ownership set to match
the container processes.
Reviewed: https:/ /review. opendev. org/c/starlingx /config- files/+ /877669 /opendev. org/starlingx/ config- files/commit/ f1e378fe5c94942 1cfd3b0c08ba00a f843e2f1dd
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit f1e378fe5c94942 1cfd3b0c08ba00a f843e2f1dd
Author: Leonardo Fagundes Luz Serrano <email address hidden>
Date: Thu Mar 16 12:13:57 2023 -0300
Setup fluxcd's log dir and logrotate
- Armada has been replaced by Fluxcd, so the logrotate config can
be adapted.
- An entry was added to /etc/tmpfiles.d to create /var/log/flux
during boot. Some more context in [1].
- About the owner:group: nogroup' as defined in their Dockerfiles [2,3], which is
The flux container processes are associated with the user:group
'nobody:
a default user with very restricted privileges [4].
Since /var/log is owned by root, it does not allow flux to write files.
To circumvent that, /var/log/flux has its ownership set to match
the container processes.
[1] https:/ /review. opendev. org/c/starlingx /config- files/+ /859666 /github. com/fluxcd/ source- controller/ blob/v0. 32.1/Dockerfile #L87 /github. com/fluxcd/ helm-controller /blob/v0. 27.0/Dockerfile #L44 /wiki.debian. org/SystemGroup s
[2] https:/
[3] https:/
[4] https:/
Test Plan:
PASS build custom iso and install. Flux log dir exists
and has right owner:group.
PASS logs rotate
Partial-Bug: 2009784
Signed-off-by: Leonardo Fagundes Luz Serrano <email address hidden> 6ddab8f0d65e6ff aff9a8ec555
Change-Id: I8bf8bf5f42c78d