From a684702d7fd1f57f67e6dfa4ef36dbd939f65eae Mon Sep 17 00:00:00 2001 From: Jose Date: Thu, 12 Feb 2026 21:23:13 +0100 Subject: [PATCH] =?UTF-8?q?refactor=20=E2=99=BB=EF=B8=8F:=20Refactor=20log?= =?UTF-8?q?rotate=20configuration=20for=20better=20organization=20and=20ma?= =?UTF-8?q?intainability.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit refactors the logrotate configuration by installing and customizing policies, replacing the logrotate command with a service restart in handlers, and adding new templates for Proxmox firewall and general logs. This improves the overall structure and manageability of the logrotate settings. --- defaults/main.yml | 15 +++- handlers/main.yml | 8 +- tasks/logrotate.yml | 135 ++++++---------------------- templates/pve-firewall-logrotate.j2 | 25 ++++++ templates/pve-logrotate.j2 | 26 ++++++ 5 files changed, 96 insertions(+), 113 deletions(-) create mode 100644 templates/pve-firewall-logrotate.j2 create mode 100644 templates/pve-logrotate.j2 diff --git a/defaults/main.yml b/defaults/main.yml index ea0e3a3..1b6636e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -12,5 +12,16 @@ proxmox_min_ram_mb_for_no_swap: 16384 proxmox_enable_powertop: true # Logrotate -proxmox_logrotate_maxsize: "100M" -proxmox_logrotate_rotate: 7 +proxmox_logrotate_enabled: true + +proxmox_logrotate_rotate: 4 +proxmox_logrotate_maxsize: 100M +proxmox_logrotate_frequency: daily + +proxmox_logrotate_compress: true +proxmox_logrotate_delaycompress: true +proxmox_logrotate_missingok: true +proxmox_logrotate_notifempty: true + +# Destination override file +proxmox_logrotate_file: /etc/logrotate.d/99-proxmox-custom \ No newline at end of file diff --git a/handlers/main.yml b/handlers/main.yml index e48a179..44c8bd2 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -15,6 +15,8 @@ ansible.builtin.systemd_service: daemon_reexec: true -- name: Logrotate reload - ansible.builtin.command: logrotate /etc/logrotate.conf - changed_when: false +- name: Restart logrotate + ansible.builtin.service: + name: logrotate + state: restarted + become: true diff --git a/tasks/logrotate.yml b/tasks/logrotate.yml index 355835f..1d5e450 100644 --- a/tasks/logrotate.yml +++ b/tasks/logrotate.yml @@ -1,111 +1,30 @@ --- - -- name: logrotate | Configure all main Proxmox logs - - vars: - proxmox_logrotate_files: - - /etc/logrotate.conf - - /etc/logrotate.d/pve - - /etc/logrotate.d/pve-firewall - loop: "{{ proxmox_logrotate_files }}" - loop_control: - loop_var: item - - block: - - - name: logrotate | Check if exists {{ item }} - ansible.builtin.stat: - path: "{{ item }}" - register: logrotate_file - - - name: logrotate | Configure {{ item }} - when: logrotate_file.stat.exists - block: - - - name: logrotate | Backup once {{ item }} - ansible.builtin.copy: - src: "{{ item }}" - dest: "{{ item }}.original" - owner: root - group: root - mode: "0644" - remote_src: true - args: - creates: "{{ item }}.original" - - - name: logrotate | Ensure daily rotation - ansible.builtin.replace: - path: "{{ item }}" - regexp: '^\s*weekly' - replace: 'daily' - notify: Logrotate reload - - - name: logrotate | Set rotate (number of retained logs) - ansible.builtin.lineinfile: - path: "{{ item }}" - regexp: '^(\s*rotate\s+).*' - line: ' rotate {{ proxmox_logrotate_rotate }}' - state: present - insertafter: '^\s*daily' - notify: Logrotate reload - - - name: logrotate | Ensure maxsize is set - ansible.builtin.lineinfile: - path: "{{ item }}" - regexp: '^(\s*maxsize\s+).*' - line: ' maxsize {{ proxmox_logrotate_maxsize }}' - state: present - insertafter: '^\s*rotate' - notify: Logrotate reload - - - name: logrotate | Ensure Compress - ansible.builtin.lineinfile: - path: "{{ item }}" - regexp: '^\s*compress\b' - line: ' compress' - state: present - insertafter: '^\s*maxsize' - notify: Logrotate reload - - - name: logrotate | Ensure delaycompress - ansible.builtin.lineinfile: - path: "{{ item }}" - regexp: '^\s*delaycompress\b' - line: ' delaycompress' - state: present - insertafter: '^\s*compress' - notify: Logrotate reload - -# only for logrotate.conf - -- name: logrotate | Uncomment dateext if commented - ansible.builtin.replace: - path: /etc/logrotate.conf - regexp: '^\s*#\s*(dateext)\b' - replace: '\1' - notify: Logrotate reload - -- name: logrotate | Uncomment compress if commented - ansible.builtin.replace: - path: /etc/logrotate.conf - regexp: '^\s*#\s*(compress)\b' - replace: '\1' - notify: Logrotate reload - -- name: logrotate | Ensure missingok is present - ansible.builtin.lineinfile: - path: /etc/logrotate.conf - regexp: '^\s*missingok\b' - line: 'missingok' +- name: "Proxmox | Ensure logrotate is installed" + ansible.builtin.apt: + name: logrotate state: present - insertafter: EOF - notify: Logrotate reload + update_cache: yes + become: true + when: proxmox_logrotate_enabled -- name: logrotate | Ensure notifempty is present - ansible.builtin.lineinfile: - path: /etc/logrotate.conf - regexp: '^\s*notifempty\b' - line: 'notifempty' - state: present - insertafter: EOF - notify: Logrotate reload +- name: logrotate | pve logrotate policy + ansible.builtin.template: + src: pve-logrotate.j2 + dest: "/etc/logrotate.d/99-pve-custom" + owner: root + group: root + mode: "0644" + become: true + when: proxmox_logrotate_enabled + notify: Restart logrotate + +- name: logrotate | pve-firewall logrotate policy + ansible.builtin.template: + src: pve-firewall-logrotate.j2 + dest: "/etc/logrotate.d/99-pve-firewall-custom" + owner: root + group: root + mode: "0644" + become: true + when: proxmox_logrotate_enabled + notify: Restart logrotate diff --git a/templates/pve-firewall-logrotate.j2 b/templates/pve-firewall-logrotate.j2 new file mode 100644 index 0000000..055eb69 --- /dev/null +++ b/templates/pve-firewall-logrotate.j2 @@ -0,0 +1,25 @@ +# Managed by Ansible - Proxmox Logrotate Policy +# Do not edit manually + +/var/log/pve-firewall.log { { + rotate {{ proxmox_logrotate_rotate }} + {{ proxmox_logrotate_frequency }} + maxsize {{ proxmox_logrotate_maxsize }} +{% if proxmox_logrotate_compress %} + compress +{% endif %} +{% if proxmox_logrotate_delaycompress %} + delaycompress +{% endif %} +{% if proxmox_logrotate_missingok %} + missingok +{% endif %} +{% if proxmox_logrotate_notifempty %} + notifempty +{% endif %} + sharedscripts + create 640 root adm + postrotate + invoke-rc.d pvefw-logger restart 2>/dev/null >/dev/null || true + endscript +} \ No newline at end of file diff --git a/templates/pve-logrotate.j2 b/templates/pve-logrotate.j2 new file mode 100644 index 0000000..12b5f75 --- /dev/null +++ b/templates/pve-logrotate.j2 @@ -0,0 +1,26 @@ +# Managed by Ansible - Proxmox Logrotate Policy +# Do not edit manually + +/var/log/pveproxy/access.log { + rotate {{ proxmox_logrotate_rotate }} + {{ proxmox_logrotate_frequency }} + maxsize {{ proxmox_logrotate_maxsize }} +{% if proxmox_logrotate_compress %} + compress +{% endif %} +{% if proxmox_logrotate_delaycompress %} + delaycompress +{% endif %} +{% if proxmox_logrotate_missingok %} + missingok +{% endif %} +{% if proxmox_logrotate_notifempty %} + notifempty +{% endif %} + create 640 www-data www-data + sharedscripts + postrotate + /bin/systemctl try-reload-or-restart pveproxy.service + /bin/systemctl try-reload-or-restart spiceproxy.service + endscript +} \ No newline at end of file