logrotate service enhancements #159187
logrotate service enhancements #159187
Conversation
github-actions
bot
added
6.topic: nixos
martinetd
force-pushed
the
logrotate
branch
2 times, most recently
from
2ca7fc4 to
6bef29d
Compare
ofborg
bot
added
10.rebuild-darwin: 0
| configFile = pkgs.writeText "logrotate.conf" (concatStringsSep "\n" ((map mkConf paths) ++ [ cfg.extraConfig ])); | ||
| configFile = pkgs.writeText "logrotate.conf" ( | ||
| concatStringsSep "\n" ( | ||
| [ "missingok" "notifempty" cfg.extraConfig ] ++ (map mkConf paths) |
There was a problem hiding this comment.
Good to know these are set by default 👀
wtmp and btmp are created by systemd, so the rules are more appropriate there.
They can be disabled explicitly with something like
services.ogrotate.paths = {
"/var/log/btmp".enable = false;
"/var/log/wtmp".enable = false;
};
if required.
logrotate global options only affect rules following them - as such, services.logrotate.extraConfig being added last makes the option only useful for adding new paths but not for setting global options (e.g. 'dateext' so all logs are rotate with a date suffix). Moving this first solves this problem, and we can then use this instead of default paths config to append missingok/notifempty.
github-actions
bot
added
8.has: changelog
8.has: documentation
|
@martinetd thanks for this PR :) { passthru.tests = { nixos-logrotate = nixosTests.logrotate; }; }And then build them with (onFullSupported "nixos.tests.logrotate")to the Release-critical builds for the NixOS channel to have it tested by |
make sure the service is enabled by default and works.
|
@ju1m thanks for the review! @aanderse There's one last question pending if we want a convention like |
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: |
|
It's been 10 days so I guess we've given it enough time, @aanderse would you like to merge this? |
|
@ofborg test switchTest |
|
Damn it. Anyway this breaks the test with |
|
Thanks for the report, I think the problem is that enabling logrotate enables the service when it should only be enabling the timer; looking at the machine logs starts logrotate all the time |
Unless I'm mistaken, it is effectively on by default due to the btmp/wtmp paths defined for systemd? As described in more detail in #162001 this change adds 60 MB to installation media closures as well as quite some build time (note the root cause isn't this PR per se). Although the size problem can be remediated in multiple ways, in context of this PR I can't help but note:
As for item 2, a quick check of Arch / Debian / CentOS shows:
I suggest at least following up with a PR to set |
Indeed. The goal is also to integrate logrotate more closely with other services, in my case the real reason for wanting to enable it was nginx logs growing out of control -- services producing logs should take care of cleaning them up.
Thanks for bringing this up, I didn't realize logrotate was effectively this big... I've never used the mail sending feature of logrotate myself so didn't even know it had one :/
oh, I was looking at a very old debian for reference which doesn't have the minsize 1M rule. I think it makes sense to add. FWIW fedora does the same (it's rotated in /etc/logrotate.d/wtmp or btmp owned by logrotate package). |
align with upstream logrotate which added the minsize rule at some point. This avoids needlessly rotating the files too often as brought up in NixOS#159187 (comment)
| services.logrotate.paths = { | ||
| "/var/log/btmp" = mapAttrs (_: mkDefault) { | ||
| frequency = "monthly"; | ||
| keep = 1; | ||
| extraConfig = '' | ||
| create 0660 root ${config.users.groups.utmp.name} | ||
| ''; | ||
| }; | ||
| "/var/log/wtmp" = mapAttrs (_: mkDefault) { | ||
| frequency = "monthly"; | ||
| keep = 1; | ||
| extraConfig = '' | ||
| create 0664 root ${config.users.groups.utmp.name} | ||
| ''; | ||
| }; | ||
| }; |
There was a problem hiding this comment.
imo these should only be enabled if logrotate is enabled otherwise this just pulls in unnecessary dependencies
i don't have mailutils or guile on my system and i have lots of packages and modules enabled
There was a problem hiding this comment.
We can't (afaik) make logrotate enable depend on the presence of any path defined and make these (adding paths) depend on logrotate.enable as that'd bring a circular dependency. It could probably be possible by kludging this but the fact that logrotate is so big is a problem in itself that should be fixed, and we shouldn't use the size as a reason to disable this in my opinion. It could make sense to minimize the number of moving parts on minimal systems, but I don't think that's what you are arguing for?
logrotate itself is tiny (121kB), please see my suggestion in #162001 for mailutils so we won't bring it in needlessly and let's continue the discussion there.
This is what it looks like after moving the mailutils dependency from the package's to an optional service option:
$ nix path-info -rSsh ./result
/nix/store/8ckxc8biqqfdwyhr0w70jgrcb4h7a4y5-libunistring-0.9.10 1.6M 1.6M
/nix/store/w2id1hwv4vv7hvp4slgsyrydrjbfqdxc-libidn2-2.3.2 254.7K 1.8M
/nix/store/4s21k8k7p1mfik0b33r2spq5hq7774k1-glibc-2.33-108 29.9M 31.7M
/nix/store/9igigiz42g7w2i605dd5k1spxy9nkf48-attr-2.5.1 78.7K 31.8M
/nix/store/1xjldbdb814annhpmcwz7h6z6y3lay15-acl-2.3.1 108.9K 31.9M
/nix/store/ix20p57nyz6hdcfbnbhxwsmdh8a2r6rh-gzip-1.11 148.1K 31.8M
/nix/store/zwrw0fv1n4hdk017xqxy6s80kmn6g52q-popt-1.18 168.7K 31.8M
/nix/store/bifjan2fvp6k9p3jk4fyv1bykynsj623-logrotate-3.19.0 118.5K 32.3M
@cmm thanks for pointing this out! Interesting side effect... It looks like extra-container/eval-config.nix only uses a subset of modules which doesn't include the user/groups . . . but even adding the user/group just fails with "services.logrotate doesn't exist" next, so it'd need some kind of knob, or moving back to logrotate. |
I just cursorily tried to play with a neat tool and it didn't work, no idea beyond that. perhaps the author (that'd be @erikarvstedt) has some? |
Motivation for this change
There are quite a few independent changes here, if anything generates a lot of discussion I'll be happy to drop any single patch and split it into a different PR, but it's all related overall.
services.logrotate.paths."/var/log/nginx/*.log".enable = falsebut that's more annoying to type than e.g.services.nginx.rotateLogs = false(if we add such a flag, I'd say we need to come up with a convention for other services to all use the same attribute, and also add it to systemd for wtmp/btmp -- I think it'd make sense and will be happy to gate this with a mkIf)services.logrotate.extraConfigbut it appends lines, and global options only affect paths following them so options were ignored. I've moved extraConfig first, andmade use of it instead of paths default extraConfigmoved notifempty/missingok to be similar to it as I couldn't figure how to append lines by default (setting the default value would remove lines if set elsewhere, which isn't what the previous path extraConfig was doing).passthru.testsfor packages, is there an equivalent for nixos modules?cc @ju1m @aanderse @ryantm who participated in previous logrotate PR
cc @Mic92 who last touched the nginx module
Things done