tickets #129814: provo-mirror.i.o.o logrotate + OCSP - openSUSE admin - openSUSE Project Management Tool

Custom queries

Events of the openSUSE Heroes
my assigned stuff
obs-admin-tickets
openQA Infrastructure Project
openqa-review - Closed tickets last updated by openqa-review, last 30 days
QA roadmap long-term
QA SLE functional
QA SLE Functional - closed in last 14 days
QA SLE Functional - High, need to be refined
QA SLE Functional - over cycle time median
QA SLE u
QA SLE y
QA tools (tag not necessary in openQA and subprojects)
QA tools tag (tag not necessary in openQA and subprojects; excluding tickets in "Ready" version as they are already on the backlog)
QAC - Backlog
QE tools team - backlog (dev)
QE tools team - backlog (ready issues)
QE tools team - backlog SLA high
QE tools team - backlog SLA immediate
QE tools team - backlog SLA no immediate/urgent in feedback/blocked
QE tools team - backlog SLA normal
QE tools team - backlog SLA urgent
QE tools team - backlog SLO high
QE tools team - backlog SLO normal
QE tools team - backlog SLO urgent
QE tools team - backlog, high-level view (epics and higher)
QE tools team - backlog, non-reactive work, needs parent
QE tools team - backlog, top-level view (all sagas)
QE tools team - closed within last 14 days
QE tools team - closed within last 60 days
QE tools team - closed yesterday
QE Tools Team - Collaborative Session
QE tools team - due date forecast
QE tools team - exceeding due-date
QE tools team - infrastructure backlog
QE tools team - next - sorted by update time
QE tools team - next issues
QE tools team - non-estimated (unblocked) issues (dev)
QE tools team - non-estimated (unblocked) issues (infra)
QE tools team - ready issues - Workable
QE tools team - ready, not assigned/blocked/low
QE tools team - SLO high forecast
QE tools team - update forecast
QE tools team - updated by priority
QE tools team - what members of the team are working on - Feedback (not-low)
QE Tools Team Backlog By Assignee
Tools Team Retrospective
Tools Team Retrospective (not estimated or assigned)

Actions

Copy link

tickets #129814

open

provo-mirror.i.o.o logrotate + OCSP

Added by crameleon over 1 year ago. Updated over 1 year ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Core services and virtual infrastructure

Target version:

Start date:

2023-05-24

Due date:

% Done:

Estimated time:

Description

I joined the machine due to a low disk space warning and found couple dozen gigabytes of nginx log files. I deleted all the archives in /var/log/ for now, but I wonder if the logrotate configuration shouldn't be set to more sane levels.
Do we really need one year of webserver logs?

There are lots of OCSP errors as well, the Let's Encrypt r3.o.lencr.org server seems to not be reachable using ping, though it is from my workstation. Other IPv6 servers on the internet are ping-able just fine from provo-mirror. Weirdly nginx logs "no route to host" although there does seem to be a route with ping (just no response).

History
Notes
Property changes

Actions

Copy link

Updated by crameleon over 1 year ago

Assignee deleted (~~opensuse-admin~~)
Private changed from Yes to No

Actions

Copy link

Updated by pjessen over 1 year ago

crameleon wrote:

I joined the machine due to a low disk space warning and found couple dozen gigabytes of nginx log files. I deleted all the archives in /var/log/ for now, but I wonder if the logrotate configuration shouldn't be set to more sane levels.
Do we really need one year of webserver logs?

Almost certainly not :-) that sounds like the default configuration. Probably no one has felt really responsible for provo-mirror.
I would suggest keeping

30 days of logs on the machine,
archiving for a year (on backup.i.o.o).

Where did you get a low disk-space warning from? nagios?

Actions

Copy link

Updated by crameleon over 1 year ago

30 days of logs on the machine,

Sounds reasonable.

archiving for a year (on backup.i.o.o).

Through some rsync job similar to the one on pontifex2? If we want this on multiple machines it would be great to just set a flag somewhere in Salt... ;-)

Where did you get a low disk-space warning from? nagios?

Found it in Icinga.

Actions

Copy link

Updated by pjessen over 1 year ago

crameleon wrote:

30 days of logs on the machine,

Sounds reasonable.

archiving for a year (on backup.i.o.o).

Through some rsync job similar to the one on pontifex2? If we want this on multiple machines it would be great to just set a flag somewhere in Salt... ;-)

Right and right. The rsync job on pontifex works really well, I am amazed I had not come across that logrotate pre-remove option before.

Where did you get a low disk-space warning from? nagios?

Found it in Icinga.

Shouldn't we have some sort of option for an email alert?

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

openSUSE admin

Tags

Custom queries

tickets #129814

provo-mirror.i.o.o logrotate + OCSP

Updated by crameleon over 1 year ago

Updated by pjessen over 1 year ago

Updated by crameleon over 1 year ago

Updated by pjessen over 1 year ago