From 62b8c8b45d1e2ba9f0c097dbff64b2675584cd8e Mon Sep 17 00:00:00 2001
From: Kevin Carter <kevin.carter@rackspace.com>
Date: Mon, 23 Jul 2018 14:08:05 -0500
Subject: [PATCH] Add logrotate to the elasticstack

To ensure we're not creating too many logs files the logrotate config
has been added to truncate and compress log files every other day
with a max retention priod of 5 days.

Change-Id: I0dd85a334dba48e9fce3aad67ead867e2f46cb02
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
---
 elk_metrics_6x/installElastic.yml     | 13 +++++++++++--
 elk_metrics_6x/installLogstash.yml    | 11 ++++++++++-
 elk_metrics_6x/templates/logrotate.j2 | 12 ++++++++++++
 3 files changed, 33 insertions(+), 3 deletions(-)
 create mode 100644 elk_metrics_6x/templates/logrotate.j2

diff --git a/elk_metrics_6x/installElastic.yml b/elk_metrics_6x/installElastic.yml
index 0f7530cd..84032bbe 100644
--- a/elk_metrics_6x/installElastic.yml
+++ b/elk_metrics_6x/installElastic.yml
@@ -25,9 +25,10 @@
       tags:
         - always
 
-    - name: Set heap facts
+    - name: Set elasticsearch facts
       set_fact:
         elastic_heap_size: "{{ ((h_mem | int) > 30720) | ternary(30720, h_mem) }}"
+        elastic_log_rotate_path: "/var/log/elasticsearch"
       tags:
         - always
 
@@ -90,9 +91,12 @@
 
     - name: Ensure elasticsearch is installed
       apt:
-        name: elasticsearch
+        name: "{{ item }}"
         state: "{{ elk_package_state | default('present') }}"
         update_cache: yes
+      with_items:
+        - logrotate
+        - elasticsearch
       register: _apt_task
       until: _apt_task is success
       retries: 3
@@ -163,6 +167,11 @@
         group: "elasticsearch"
         mode: "0750"
 
+    - name: Create logrotate config
+      template:
+        src: "templates/logrotate.j2"
+        dest: "/etc/logrotate.d/elasticsearch"
+
   handlers:
     - name: Enable and restart elastic
       systemd:
diff --git a/elk_metrics_6x/installLogstash.yml b/elk_metrics_6x/installLogstash.yml
index 6c228b49..ef706156 100644
--- a/elk_metrics_6x/installLogstash.yml
+++ b/elk_metrics_6x/installLogstash.yml
@@ -36,6 +36,7 @@
       set_fact:
         elastic_heap_size: "{{ ((q_mem | int) > 30720) | ternary(30720, q_mem) }}"
         logstash_queue_size: "{{ (((q_storage | int) > 16) | ternary(16, q_storage) | int) * 1024 }}"
+        elastic_log_rotate_path: "/var/log/logstash"
       tags:
         - always
 
@@ -84,9 +85,12 @@
 
     - name: Ensure Logstash is installed
       apt:
-        name: logstash
+        name: "{{ item }}"
         state: "{{ elk_package_state | default('present') }}"
         update_cache: yes
+      with_items:
+        - logrotate
+        - logstash
       register: _apt_task
       until: _apt_task is success
       retries: 3
@@ -242,6 +246,11 @@
         group: "logstash"
         mode: "0750"
 
+    - name: Create logrotate config
+      template:
+        src: "templates/logrotate.j2"
+        dest: "/etc/logrotate.d/logstash"
+
   handlers:
     - name: Enable and restart logstash
       systemd:
diff --git a/elk_metrics_6x/templates/logrotate.j2 b/elk_metrics_6x/templates/logrotate.j2
new file mode 100644
index 00000000..5915449a
--- /dev/null
+++ b/elk_metrics_6x/templates/logrotate.j2
@@ -0,0 +1,12 @@
+{{ elastic_log_rotate_path }}/*.log
+{
+        copytruncate
+        weekly
+        missingok
+        rotate 2
+        compress
+        dateext
+        maxage 5
+        notifempty
+        nocreate
+}