From f46dc430b95ba4ee441caf368248b70d632bbb0d Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sat, 26 Mar 2022 12:58:38 +0100
Subject: [PATCH] fix(system-upgrade): Prevent logs from spoiling a node

This patch installs a log rotate function that prevents the
/var/log/messages log to become gigabytes in size and rotating them away
with a maximum size of 100M.

The reason for this is to prevent the host system from getting issues
due to excessive logging and rendering a host unusable.
---
 .../system-upgrades/kustomization.yaml        |  1 +
 infrastructure/system-upgrades/logrotate.yaml | 57 +++++++++++++++++++
 2 files changed, 58 insertions(+)
 create mode 100644 infrastructure/system-upgrades/logrotate.yaml

diff --git a/infrastructure/system-upgrades/kustomization.yaml b/infrastructure/system-upgrades/kustomization.yaml
index 7d47ea412..0e54a079c 100644
--- a/infrastructure/system-upgrades/kustomization.yaml
+++ b/infrastructure/system-upgrades/kustomization.yaml
@@ -8,4 +8,5 @@ resources:
   - kubelet.yaml
   - longhorn-lvm.yaml
   - longhorn-setup.yaml
+  - logrotate.yaml
   - fedora-temperature-management.yaml
diff --git a/infrastructure/system-upgrades/logrotate.yaml b/infrastructure/system-upgrades/logrotate.yaml
new file mode 100644
index 000000000..40bd69e80
--- /dev/null
+++ b/infrastructure/system-upgrades/logrotate.yaml
@@ -0,0 +1,57 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: logrotate-setup
+  namespace: system-upgrade
+type: Opaque
+stringData:
+  logrotate.conf: |
+    /var/log/cron
+    /var/log/maillog
+    /var/log/messages
+    /var/log/secure
+    /var/log/spooler
+    {
+        maxsize 250M
+        missingok
+        sharedscripts
+        postrotate
+            /usr/bin/systemctl kill -s HUP rsyslog.service >/dev/null 2>&1 || true
+        endscript
+    }
+
+  upgrade.sh: |
+    #!/bin/sh
+    set -e
+    set -x
+    secrets="$(dirname $0)"
+    cp $secrets/logrotate.conf /etc/logrotate.d/rsyslog
+    rm /etc/logrotate.d/kubernetes-survival
+---
+apiVersion: upgrade.cattle.io/v1
+kind: Plan
+metadata:
+  name: logrotate-setup
+  namespace: system-upgrade
+spec:
+  concurrency: 1
+  nodeSelector:
+    matchExpressions:
+      - key: feature.node.kubernetes.io/system-os_release.ID
+        operator: In
+        values:
+          - "fedora"
+      - key: feature.node.kubernetes.io/system-os_release.VERSION_ID.major
+        operator: In
+        values:
+          - "35"
+  serviceAccountName: system-upgrade
+  secrets:
+    - name: logrotate-setup
+      path: /host/run/system-upgrade/secrets/logrotate-setup
+  version: "1.0.0"
+  upgrade:
+    image: docker.io/library/fedora:35
+    command: ["chroot", "/host"]
+    args: ["sh", "/run/system-upgrade/secrets/logrotate-setup/upgrade.sh"]
-- 
GitLab