Bug 500700 - TPS logs are not rotated
TPS logs are not rotated
Status: CLOSED CURRENTRELEASE
Product: Dogtag Certificate System
Classification: Community
Component: TPS (Show other bugs)
unspecified
All Linux
high Severity medium
: ---
: ---
Assigned To: Ade Lee
Chandrasekar Kannan
: FutureFeature
Depends On:
Blocks: 445047
  Show dependency treegraph
 
Reported: 2009-05-13 14:20 EDT by Chandrasekar Kannan
Modified: 2015-01-04 18:38 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-04 16:34:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch for rolling logs and TPS shutdown if log is full (52.52 KB, patch)
2010-02-08 16:05 EST, Ade Lee
no flags Details | Diff
updated patch for rolling logs and TPS shutdown if log id full (55.70 KB, patch)
2010-02-09 14:30 EST, Ade Lee
no flags Details | Diff
change to ensure roated signed audit log starts with a signature (1.74 KB, patch)
2010-02-18 13:18 EST, Ade Lee
no flags Details | Diff

  None (edit)
Description Chandrasekar Kannan 2009-05-13 14:20:39 EDT
- none of the TPS logs are rotated.
- fwiw, log rotation is available as a feature in CA and other subsystems.
Comment 1 Marc Sauton 2009-10-22 16:26:17 EDT
could we document logrotate configuration to use operating system feature like usually done for mysql, apache, and so
see man logrotate

httpd example, from /etc/logrotate.d/httpd:

/var/log/httpd/*log {
    missingok
    notifempty
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/httpd/httpd.pid 2>/dev/null` 2> /dev/null || true
    endscript
}
Comment 5 Ade Lee 2010-02-08 16:05:56 EST
Created attachment 389624 [details]
patch for rolling logs and TPS shutdown if log is full

jmagne, please review

This includes changes to add :
-- log rotation to TPS
-- log expiration thread
-- TPS shuts down if audit log full (BZ 562893)
Comment 6 Jack Magne 2010-02-09 14:25:43 EST
Attachment (id=389624) +jmagne
Comment 7 Ade Lee 2010-02-09 14:30:54 EST
Created attachment 389830 [details]
updated patch for rolling logs and TPS shutdown if log id full

updated patch (already +'ed by jmagne)
Comment 8 Ade Lee 2010-02-09 14:33:53 EST
Checked into 8.1 tip

[builder@goofy-vm4 tps]$ svn ci -m "BZ500700 and BZ562893: tps log rotation and tps shutdown if audit logs full"
Sending        tps/Makefile.am
Sending        tps/Makefile.in
Sending        tps/doc/CS.cfg
Sending        tps/src/engine/RA.cpp
Sending        tps/src/include/engine/RA.h
Adding         tps/src/include/main/LogFile.h
Adding         tps/src/include/main/RollingLogFile.h
Adding         tps/src/main/LogFile.cpp
Adding         tps/src/main/RollingLogFile.cpp
Transmitting file data .........
Committed revision 967.
Comment 9 Ade Lee 2010-02-09 14:58:13 EST
Notes to QE/ Doc

The following parameters have been added to CS.cfg for the TPS (where * is audit, debug or error):

logging.*.file.type: can be LogFile or RollingLogFile 
logging.*.rolloverInterval: interval to roll over logs (seconds, 0 to disable)
logging.*.maxFileSize: size at which file rollover occurs, in kB
logging.*.expirationTime: maximum age of log, older unmodified logs are 
   deleted (in seconds, 0 to disable)

If the file type is LogFile, then we have the existing behaviour which is a plain log file that does not roll over or expire.

If the file type is RollingLogFile, then the file will roll over (save the file to <log_file_name>.<date> and start writing in a new file) if :

a) The log file exceeds maxFileSize
b) Every rolloverInterval (assuming the log file is non-empty).  Setting rolloverInterval to 0 disables this.

In addition, if expirationTime >0, then we will look to see if there are any logs that have been rotated (which have filename of form <filename>.<date>) and which have not been modified within expiration_time.  If so, then the file will have expired and will be deleted.

The default settings for these parameters are shown below:
logging.*.file.type: RollingLogFile 
logging.*.rolloverInterval: 30 days
logging.*.maxFileSize: 2 MB
logging.*.expirationTime: 0 (disabled)

One thing that QE should confirm is that for audit logs, if the log is rolled over, the new log starts with a signature message.  In fact, QE should confirm that a series of rolled -over logs are verified correctly using AuditVerify.
Comment 11 Ade Lee 2010-02-18 13:18:00 EST
Created attachment 394961 [details]
change to ensure roated signed audit log starts with a signature

this was mistakenly left out in the checkin ..

jmagne, please review
Comment 12 Jack Magne 2010-02-18 13:43:26 EST
Attachment (id=394961) +jmagne
Comment 13 Ade Lee 2010-02-18 14:44:39 EST
[builder@goofy-vm4 tps]$ svn ci -m "BZ500700 - ensure rotated signed audit logs start with a signature"
Sending        tps/src/main/RollingLogFile.cpp
Transmitting file data .
Committed revision 981.
Comment 14 Asha Akkiangady 2010-03-18 10:46:00 EDT
Tested TPS log files rotation for audit, debug and error log files. 

Log files rollover when the log file exceeds maxFileSize and every rolloverInterval.

When the file size is 0 bytes, files are not rolled over.

When the expirationTime >0, the logs that have been rotated and 
those that have not been modified within expiration_time are deleted. We have a minor bug https://bugzilla.redhat.com/show_bug.cgi?id=567415, which deletes rotated files that suffix or prefix with any character.
 
In the case of Signed audit logs, when the log is rolled over, the new log starts with a signature message.  Series of rolled over logs are verified using AuditVerify. 


Marking this bug verified.

Note You need to log in before you can comment on or make changes to this bug.