Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
OSDOCS-9437: adds custom audit log policies MicroShift
- Loading branch information
1 parent
a1bfa14
commit 5774462
Showing
5 changed files
with
89 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
:_mod-docs-content-type: ASSEMBLY | ||
[id="microshift-audit-logs-config"] | ||
= Customizing audit logging policies | ||
include::_attributes/attributes-microshift.adoc[] | ||
:context: microshift-audit-logs-config | ||
|
||
toc::[] | ||
|
||
You can use configuration values to control audit log file rotation and retention. | ||
|
||
include::modules/microshift-audit-logs-config-intro.adoc[leveloffset=+1] | ||
|
||
//TODO: add Administrator edits MicroShift config file to specify desired audit logging policy profile | ||
|
||
include::modules/microshift-audit-logs-config-proc.adoc[leveloffset=+1] | ||
|
||
//TODO: add Administrator restarts MicroShift service to apply changes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
// Text snippet included in the following assemblies: | ||
// | ||
// * microshift_configuring/microshift-audit-logs-config.adoc | ||
|
||
:_mod-docs-content-type: CONCEPT | ||
[id="microshift-audit-logs-config-intro_{context}"] | ||
= About setting limits on audit log files | ||
|
||
Using configuration values to control audit log file rotation and retention can help keep far-edge devices from exceeding limited storage capacities. On such devices, logging data accumulation can limit host system or cluster workloads, potentially bricking a device. Setting audit log policies can help ensure that critical processing space is continually available. | ||
|
||
Together, the values specified in a customized audit log policy enable you to enforce the size, number, and age limits of audit log backups. Field values are processed independently of one another and without prioritization. You can set fields in combination to define a maximum storage limit for retained logs. For example: | ||
|
||
* Set both `maxFileSize` and `maxFiles` to create a log storage upper limit. | ||
* Set a `maxFileAge` value to automatically delete files older than the timestamp in the file name, regardless of the `maxFiles` value. | ||
[id="Default-audit-log-values_{context}"] | ||
== Default audit log values | ||
|
||
{microshift-short} includes the following default audit log rotation values: | ||
|
||
The `maxFileSize` default is 200Mb. | ||
The `maxFiles` default is 10 files. | ||
The `maxFileAge` default is 0, disabling the age limit. | ||
|
||
Therefore, the default maximum storage consumption of audit logs is 2000Mb, provided that all files are less than 10 days old. | ||
|
||
If you do not specify a value for a field, the default value is used. If you remove a field previously set, the default value is restored after the next {microshift-short} service restart. | ||
|
||
|
||
//TODO add more concept as needed |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
// Text snippet included in the following assemblies: | ||
// | ||
// * microshift_configuring/microshift-audit-logs-config.adoc | ||
|
||
:_mod-docs-content-type: PROCEDURE | ||
[id="microshift-configuring-audit-log-values_{context}"] | ||
= Configuring audit log values | ||
|
||
//TODO: add procedure to edit MicroShift config file to specify max file size, number of files total, and max age of files for logs | ||
|
||
.Procedure | ||
|
||
. Add the `apiServer` stanza to your {microshift-short} configuration file. If you need to make the file, run the following command: | ||
+ | ||
[source,terminal] | ||
---- | ||
$ sudo cat /etc/microshift/config.yaml | ||
---- | ||
+ | ||
.Example configuration | ||
[source,terminal] | ||
---- | ||
apiServer: | ||
auditLog: | ||
maxFileSize: 200 <1> | ||
maxFiles: 1 <2> | ||
maxFileAge: 7 <3> | ||
---- | ||
<1> The maximum audit log file size in megabytes. If the value is 0, the limit is disabled. In this example, if the live log reaches the 200Mb limit, it is rotated, causing any existing log backup to be deleted. | ||
<2> The maximum number of rotated audit log files to retain. After the limit is reached, the log files in order from oldest to newest are deleted until the specified limits are reached. When the value is 0, the limit is disabled. In this example, the value `1` results in only 1 file of size `maxFileSize` being retained in addition to the current active log. | ||
<3> Specifies the maximum time in days that log files are kept. Files older than this limit will be deleted. When the value is 0, the limit is disabled. In this example, after a log file is more than 7 days old, it is deleted. The deletion happens regardless of whether the live log has reached the maximum file size as give in the `maxFileSize` field value. | ||
|
||
. If you are configuring audit log policies on a running instance, restart {microshift-short} by entering the following command: | ||
+ | ||
[source,terminal] | ||
---- | ||
$ sudo systemctl restart microsohift | ||
---- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters