Project

General

Profile

Actions

tickets #129814

open

provo-mirror.i.o.o logrotate + OCSP

Added by crameleon over 1 year ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Core services and virtual infrastructure
Target version:
-
Start date:
2023-05-24
Due date:
% Done:

0%

Estimated time:

Description

I joined the machine due to a low disk space warning and found couple dozen gigabytes of nginx log files. I deleted all the archives in /var/log/ for now, but I wonder if the logrotate configuration shouldn't be set to more sane levels.
Do we really need one year of webserver logs?

There are lots of OCSP errors as well, the Let's Encrypt r3.o.lencr.org server seems to not be reachable using ping, though it is from my workstation. Other IPv6 servers on the internet are ping-able just fine from provo-mirror. Weirdly nginx logs "no route to host" although there does seem to be a route with ping (just no response).

Actions #1

Updated by crameleon over 1 year ago

  • Assignee deleted (opensuse-admin)
  • Private changed from Yes to No
Actions #2

Updated by pjessen over 1 year ago

crameleon wrote:

I joined the machine due to a low disk space warning and found couple dozen gigabytes of nginx log files. I deleted all the archives in /var/log/ for now, but I wonder if the logrotate configuration shouldn't be set to more sane levels.
Do we really need one year of webserver logs?

Almost certainly not :-) that sounds like the default configuration. Probably no one has felt really responsible for provo-mirror.
I would suggest keeping

  • 30 days of logs on the machine,
  • archiving for a year (on backup.i.o.o).

Where did you get a low disk-space warning from? nagios?

Actions #3

Updated by crameleon over 1 year ago

30 days of logs on the machine,

Sounds reasonable.

archiving for a year (on backup.i.o.o).

Through some rsync job similar to the one on pontifex2? If we want this on multiple machines it would be great to just set a flag somewhere in Salt... ;-)

Where did you get a low disk-space warning from? nagios?

Found it in Icinga.

Actions #4

Updated by pjessen over 1 year ago

crameleon wrote:

30 days of logs on the machine,

Sounds reasonable.

archiving for a year (on backup.i.o.o).

Through some rsync job similar to the one on pontifex2? If we want this on multiple machines it would be great to just set a flag somewhere in Salt... ;-)

Right and right. The rsync job on pontifex works really well, I am amazed I had not come across that logrotate pre-remove option before.

Where did you get a low disk-space warning from? nagios?

Found it in Icinga.

Shouldn't we have some sort of option for an email alert?

Actions

Also available in: Atom PDF