Merge pull request #56979 from hyperbolic2346/mwilson/apilb-log-rotate

Automatic merge from submit-queue (batch tested with PRs 56858, 57040, 56979, 57051, 57052). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

enabling log rotate for api logs in nginx

**What this PR does / why we need it**:
Prevent the load balancer from filling the disk with logs from the api server
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/449
**Special notes for your reviewer**:

**Release note**:

```release-note
Enabled log rotation for load balancer's api logs to prevent running out of disk space.
```

cluster/juju/layers/kubeapi-load-balancer/reactive/load_balancer.py

@@ -21,6 +21,7 @@ import subprocess
 from charms import layer
 from charms.reactive import when, when_any, when_not
 from charms.reactive import set_state, remove_state
+from charms.reactive import hook
 from charmhelpers.core import hookenv
 from charmhelpers.core import host
 from charmhelpers.contrib.charmsupport import nrpe
@@ -35,6 +36,25 @@ from subprocess import STDOUT
 from subprocess import CalledProcessError
 
 
+apilb_nginx = """/var/log/nginx.*.log {
+	daily
+	missingok
+	rotate 14
+	compress
+	delaycompress
+	notifempty
+	create 0640 www-data adm
+	sharedscripts
+	prerotate
+		if [ -d /etc/logrotate.d/httpd-prerotate ]; then \\
+			run-parts /etc/logrotate.d/httpd-prerotate; \\
+		fi \\
+	endscript
+	postrotate
+		invoke-rc.d nginx rotate >/dev/null 2>&1
+	endscript
+}"""
+
 @when('certificates.available')
 def request_server_certificates(tls):
     '''Send the data that is required to create a server certificate for
@@ -89,6 +109,14 @@ def close_old_port():
         hookenv.log('Port %d already closed, skipping.' % old_port)
 
 
+def maybe_write_apilb_logrotate_config():
+    filename = '/etc/logrotate.d/apilb_nginx'
+    if not os.path.exists(filename):
+        # Set log rotation for apilb log file
+        with open(filename, 'w+') as fp:
+            fp.write(apilb_nginx)
+
+
 @when('nginx.available', 'apiserver.available',
       'certificates.server.cert.available')
 def install_load_balancer(apiserver, tls):
@@ -123,9 +151,16 @@ def install_load_balancer(apiserver, tls):
                 server_certificate=server_cert_path,
                 server_key=server_key_path,
         )
+
+        maybe_write_apilb_logrotate_config()
         hookenv.status_set('active', 'Loadbalancer ready.')
 
 
+@hook('upgrade-charm')
+def upgrade_charm():
+    maybe_write_apilb_logrotate_config()
+
+
 @when('nginx.available')
 def set_nginx_version():
     ''' Surface the currently deployed version of nginx to Juju '''