From c8e99821f1746ad667e29d10e94d550bd4b38324 Mon Sep 17 00:00:00 2001 From: Jose Date: Thu, 12 Feb 2026 21:21:23 +0100 Subject: [PATCH 1/4] =?UTF-8?q?docs=20=F0=9F=93=9D:=20Add=20'API=20Utiliti?= =?UTF-8?q?es'=20section=20and=20update=20directory=20structure?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit adds a new section for API utilities in the documentation and updates the project's directory structure to better organize related files. --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 8753a83..2bfd15b 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,7 @@ | Swap handling | ✅ | ✅ | ✅ | | Logrotate protection | ✅ | ✅ | ✅ | | Powertop auto-tune | ✅ | ✅ | ✅ | +| API utilities | ✅ | ✅ | ✅ | ## 📂 Directory Structure @@ -44,7 +45,8 @@ ansible_role_proxmox_provision/ │ ├── powertop.yml # powertop setup │ ├── repos.yml # Repository setup │ ├── subscription.yml # Subscription nag removal -│ └── swap.yml # Swap setup +│ ├── swap.yml # Swap setup +│ └── utilities.yml # API utilities installation ├── templates/ # Jinja2 templates └── vars/ # Non-overridable variables └── main.yml @@ -114,10 +116,8 @@ See the [LICENSE](LICENSE) file for details. ## TODO -⏳ Make the nag patch checksum-based (auto-repatch after upgrades) ⏳ add molecule tests to prove idempotency ⏳ make the patch handler trigger on pve-manager upgrades -❌ Add kernel power-saving tunables ? 🔄 Split into VE version–aware tags ? 🕒 refactor ✗ debug From a684702d7fd1f57f67e6dfa4ef36dbd939f65eae Mon Sep 17 00:00:00 2001 From: Jose Date: Thu, 12 Feb 2026 21:23:13 +0100 Subject: [PATCH 2/4] =?UTF-8?q?refactor=20=E2=99=BB=EF=B8=8F:=20Refactor?= =?UTF-8?q?=20logrotate=20configuration=20for=20better=20organization=20an?= =?UTF-8?q?d=20maintainability.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit refactors the logrotate configuration by installing and customizing policies, replacing the logrotate command with a service restart in handlers, and adding new templates for Proxmox firewall and general logs. This improves the overall structure and manageability of the logrotate settings. --- defaults/main.yml | 15 +++- handlers/main.yml | 8 +- tasks/logrotate.yml | 135 ++++++---------------------- templates/pve-firewall-logrotate.j2 | 25 ++++++ templates/pve-logrotate.j2 | 26 ++++++ 5 files changed, 96 insertions(+), 113 deletions(-) create mode 100644 templates/pve-firewall-logrotate.j2 create mode 100644 templates/pve-logrotate.j2 diff --git a/defaults/main.yml b/defaults/main.yml index ea0e3a3..1b6636e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -12,5 +12,16 @@ proxmox_min_ram_mb_for_no_swap: 16384 proxmox_enable_powertop: true # Logrotate -proxmox_logrotate_maxsize: "100M" -proxmox_logrotate_rotate: 7 +proxmox_logrotate_enabled: true + +proxmox_logrotate_rotate: 4 +proxmox_logrotate_maxsize: 100M +proxmox_logrotate_frequency: daily + +proxmox_logrotate_compress: true +proxmox_logrotate_delaycompress: true +proxmox_logrotate_missingok: true +proxmox_logrotate_notifempty: true + +# Destination override file +proxmox_logrotate_file: /etc/logrotate.d/99-proxmox-custom \ No newline at end of file diff --git a/handlers/main.yml b/handlers/main.yml index e48a179..44c8bd2 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -15,6 +15,8 @@ ansible.builtin.systemd_service: daemon_reexec: true -- name: Logrotate reload - ansible.builtin.command: logrotate /etc/logrotate.conf - changed_when: false +- name: Restart logrotate + ansible.builtin.service: + name: logrotate + state: restarted + become: true diff --git a/tasks/logrotate.yml b/tasks/logrotate.yml index 355835f..1d5e450 100644 --- a/tasks/logrotate.yml +++ b/tasks/logrotate.yml @@ -1,111 +1,30 @@ --- - -- name: logrotate | Configure all main Proxmox logs - - vars: - proxmox_logrotate_files: - - /etc/logrotate.conf - - /etc/logrotate.d/pve - - /etc/logrotate.d/pve-firewall - loop: "{{ proxmox_logrotate_files }}" - loop_control: - loop_var: item - - block: - - - name: logrotate | Check if exists {{ item }} - ansible.builtin.stat: - path: "{{ item }}" - register: logrotate_file - - - name: logrotate | Configure {{ item }} - when: logrotate_file.stat.exists - block: - - - name: logrotate | Backup once {{ item }} - ansible.builtin.copy: - src: "{{ item }}" - dest: "{{ item }}.original" - owner: root - group: root - mode: "0644" - remote_src: true - args: - creates: "{{ item }}.original" - - - name: logrotate | Ensure daily rotation - ansible.builtin.replace: - path: "{{ item }}" - regexp: '^\s*weekly' - replace: 'daily' - notify: Logrotate reload - - - name: logrotate | Set rotate (number of retained logs) - ansible.builtin.lineinfile: - path: "{{ item }}" - regexp: '^(\s*rotate\s+).*' - line: ' rotate {{ proxmox_logrotate_rotate }}' - state: present - insertafter: '^\s*daily' - notify: Logrotate reload - - - name: logrotate | Ensure maxsize is set - ansible.builtin.lineinfile: - path: "{{ item }}" - regexp: '^(\s*maxsize\s+).*' - line: ' maxsize {{ proxmox_logrotate_maxsize }}' - state: present - insertafter: '^\s*rotate' - notify: Logrotate reload - - - name: logrotate | Ensure Compress - ansible.builtin.lineinfile: - path: "{{ item }}" - regexp: '^\s*compress\b' - line: ' compress' - state: present - insertafter: '^\s*maxsize' - notify: Logrotate reload - - - name: logrotate | Ensure delaycompress - ansible.builtin.lineinfile: - path: "{{ item }}" - regexp: '^\s*delaycompress\b' - line: ' delaycompress' - state: present - insertafter: '^\s*compress' - notify: Logrotate reload - -# only for logrotate.conf - -- name: logrotate | Uncomment dateext if commented - ansible.builtin.replace: - path: /etc/logrotate.conf - regexp: '^\s*#\s*(dateext)\b' - replace: '\1' - notify: Logrotate reload - -- name: logrotate | Uncomment compress if commented - ansible.builtin.replace: - path: /etc/logrotate.conf - regexp: '^\s*#\s*(compress)\b' - replace: '\1' - notify: Logrotate reload - -- name: logrotate | Ensure missingok is present - ansible.builtin.lineinfile: - path: /etc/logrotate.conf - regexp: '^\s*missingok\b' - line: 'missingok' +- name: "Proxmox | Ensure logrotate is installed" + ansible.builtin.apt: + name: logrotate state: present - insertafter: EOF - notify: Logrotate reload + update_cache: yes + become: true + when: proxmox_logrotate_enabled -- name: logrotate | Ensure notifempty is present - ansible.builtin.lineinfile: - path: /etc/logrotate.conf - regexp: '^\s*notifempty\b' - line: 'notifempty' - state: present - insertafter: EOF - notify: Logrotate reload +- name: logrotate | pve logrotate policy + ansible.builtin.template: + src: pve-logrotate.j2 + dest: "/etc/logrotate.d/99-pve-custom" + owner: root + group: root + mode: "0644" + become: true + when: proxmox_logrotate_enabled + notify: Restart logrotate + +- name: logrotate | pve-firewall logrotate policy + ansible.builtin.template: + src: pve-firewall-logrotate.j2 + dest: "/etc/logrotate.d/99-pve-firewall-custom" + owner: root + group: root + mode: "0644" + become: true + when: proxmox_logrotate_enabled + notify: Restart logrotate diff --git a/templates/pve-firewall-logrotate.j2 b/templates/pve-firewall-logrotate.j2 new file mode 100644 index 0000000..055eb69 --- /dev/null +++ b/templates/pve-firewall-logrotate.j2 @@ -0,0 +1,25 @@ +# Managed by Ansible - Proxmox Logrotate Policy +# Do not edit manually + +/var/log/pve-firewall.log { { + rotate {{ proxmox_logrotate_rotate }} + {{ proxmox_logrotate_frequency }} + maxsize {{ proxmox_logrotate_maxsize }} +{% if proxmox_logrotate_compress %} + compress +{% endif %} +{% if proxmox_logrotate_delaycompress %} + delaycompress +{% endif %} +{% if proxmox_logrotate_missingok %} + missingok +{% endif %} +{% if proxmox_logrotate_notifempty %} + notifempty +{% endif %} + sharedscripts + create 640 root adm + postrotate + invoke-rc.d pvefw-logger restart 2>/dev/null >/dev/null || true + endscript +} \ No newline at end of file diff --git a/templates/pve-logrotate.j2 b/templates/pve-logrotate.j2 new file mode 100644 index 0000000..12b5f75 --- /dev/null +++ b/templates/pve-logrotate.j2 @@ -0,0 +1,26 @@ +# Managed by Ansible - Proxmox Logrotate Policy +# Do not edit manually + +/var/log/pveproxy/access.log { + rotate {{ proxmox_logrotate_rotate }} + {{ proxmox_logrotate_frequency }} + maxsize {{ proxmox_logrotate_maxsize }} +{% if proxmox_logrotate_compress %} + compress +{% endif %} +{% if proxmox_logrotate_delaycompress %} + delaycompress +{% endif %} +{% if proxmox_logrotate_missingok %} + missingok +{% endif %} +{% if proxmox_logrotate_notifempty %} + notifempty +{% endif %} + create 640 www-data www-data + sharedscripts + postrotate + /bin/systemctl try-reload-or-restart pveproxy.service + /bin/systemctl try-reload-or-restart spiceproxy.service + endscript +} \ No newline at end of file From c7a4e36b887f525ea2f808f156de323129a46ad3 Mon Sep 17 00:00:00 2001 From: Jose Date: Thu, 12 Feb 2026 21:25:12 +0100 Subject: [PATCH 3/4] =?UTF-8?q?chore=20=F0=9F=93=A6:=20Update=20proxmox=5F?= =?UTF-8?q?logrotate=5Ffile=20path=20in=20defaults?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit updates the default path for the `proxmox_logrotate_file` variable to ensure it aligns with the latest configuration standards. --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 1b6636e..390e6ac 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -24,4 +24,4 @@ proxmox_logrotate_missingok: true proxmox_logrotate_notifempty: true # Destination override file -proxmox_logrotate_file: /etc/logrotate.d/99-proxmox-custom \ No newline at end of file +proxmox_logrotate_file: /etc/logrotate.d/99-proxmox-custom From c6288877e8275ba209602f76d5a748d41917a1b6 Mon Sep 17 00:00:00 2001 From: Jose Date: Thu, 12 Feb 2026 21:27:42 +0100 Subject: [PATCH 4/4] =?UTF-8?q?refactor=20=E2=99=BB=EF=B8=8F:=20Refactor?= =?UTF-8?q?=20task=20names=20for=20clarity=20and=20consistency?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Renamed task labels to be more descriptive and consistent across the project, improving readability and maintainability. --- tasks/logrotate.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tasks/logrotate.yml b/tasks/logrotate.yml index 1d5e450..1d3899a 100644 --- a/tasks/logrotate.yml +++ b/tasks/logrotate.yml @@ -1,5 +1,5 @@ --- -- name: "Proxmox | Ensure logrotate is installed" +- name: logrotate | Ensure logrotate is installed ansible.builtin.apt: name: logrotate state: present @@ -7,7 +7,7 @@ become: true when: proxmox_logrotate_enabled -- name: logrotate | pve logrotate policy +- name: logrotate | PVE logrotate policy ansible.builtin.template: src: pve-logrotate.j2 dest: "/etc/logrotate.d/99-pve-custom" @@ -18,7 +18,7 @@ when: proxmox_logrotate_enabled notify: Restart logrotate -- name: logrotate | pve-firewall logrotate policy +- name: logrotate | PVE-firewall logrotate policy ansible.builtin.template: src: pve-firewall-logrotate.j2 dest: "/etc/logrotate.d/99-pve-firewall-custom"