fix: syslog-ng logrotate, add filter for kube, update access.conf

2022-05-23 16:12:09 +02:00 · 2022-05-23 16:12:09 +02:00 · 4e997b7688
parent 990c407b44
commit 4e997b7688
6 changed files with 26 additions and 3 deletions
--- a/7
+++ b/7
@ -31,3 +31,10 @@ age-seal:
 		git restore $${f}.age 2>/dev/null && \
 		age --decrypt -i ~/.ssh/git.age $$f.age | diff -q - $$f 2>/dev/null 1>&2 && \
 		rm -f $$f || ( rm -f $$f.age; age --encrypt $$keys -o $$f.age $$f && rm -f $$f; ); done
+
+# Just a reference how it could work, requires root though
+scan-image:
+	modprobe nbd
+	qemu-nbd -c /dev/nbd0 --read-only alpine-cloud-images/work/images/aws/3.15.4-x86_64-bios-cloudinit-aws-kubezero/image.qcow2
+	mount /dev/nbd0 /mnt/temp/
+	trivy rootfs /mnt/temp
--- a/cleanup_amis.sh
+++ b/cleanup_amis.sh
@ -1,6 +1,9 @@
 #!/bin/bash
 #set -x

+echo "Are you really sure as AMIs might be used by customers !!"
+read
+
 TAG_FILTER="Name=tag:project,Values=zdt-alpine"

 #for r in $(aws ec2 describe-regions --query "Regions[].{Name:RegionName}" --output text); do
--- a/overlay/zdt/configs/access.conf.age
+++ b/overlay/zdt/configs/access.conf.age
--- a/overlay/zdt/scripts/setup-common
+++ b/overlay/zdt/scripts/setup-common
@ -23,13 +23,20 @@ sed -i -e "s/^[\s#]*rc_cgroup_mode=.*/rc_cgroup_mode=\"unified\"/" $TARGET/etc/r
 # Setup syslog-ng json logging
 cp $SETUP/syslog-ng.conf $TARGET/etc/syslog-ng/syslog-ng.conf
 cp $SETUP/syslog-ng.logrotate.conf $TARGET/etc/logrotate.d/syslog-ng
+echo 'syslog set to json logging'
+
+# Change logrotate to run hourly rather than daily
+mv $TARGET/etc/periodic/daily/logrotate $TARGET/etc/periodic/hourly/
+echo 'Switch logrotate to run hourly rather than daily'

 # Install cloudbender shutdown hook
 cp $SETUP/cloudbender.stop  $TARGET/etc/local.d
 mkdir -p $TARGET/etc/cloudbender/shutdown.d
+echo 'Installed cloudbender shutdown hook'

 # Install tools
 cp $SETUP/route53.py  $TARGET/usr/local/bin
+echo 'Installed route53.py'

 # ps_mem
 #wget https://raw.githubusercontent.com/pixelb/ps_mem/master/ps_mem.py
--- a/overlay/zdt/scripts/setup.d/syslog-ng.conf
+++ b/overlay/zdt/scripts/setup.d/syslog-ng.conf
@ -13,4 +13,10 @@ source s_sys { system(); internal();};

 destination d_mesg { file("/var/log/messages" template("$(format-json time=\"$UNIXTIME\" facility=\"$FACILITY\" host=\"$LOGHOST\" ident=\"$PROGRAM\" pid=\"$PID\" level=\"$PRIORITY\" message=\"$MESSAGE\")\n")); };

-log { source(s_sys); destination(d_mesg); };
+# filter ipvs loggging each SYN to closed port
+# IPVS: rr: TCP 10.52.82.199:31021 - no destination available
+filter f_drop_ipvs { not (facility(kern) and match("IPVS: rr:.*no destination available" value("MESSAGE"))); };
+# "message":"net_ratelimit: 16 callbacks suppressed"
+filter f_drop_ipvs_ratelimit { not (facility(kern) and match("net_ratelimit:.*callbacks suppressed" value("MESSAGE"))); };
+
+log { source(s_sys); filter(f_drop_ipvs); filter(f_drop_ipvs_ratelimit); destination(d_mesg); };
--- a/overlay/zdt/scripts/setup.d/syslog-ng.logrotate.conf
+++ b/overlay/zdt/scripts/setup.d/syslog-ng.logrotate.conf
@ -1,13 +1,13 @@
 /var/log/messages
 {
+    nodateext
    rotate 2
    missingok
    notifempty
    compress
    maxsize 64M
-    daily
    sharedscripts
    postrotate
-      invoke-rc.d syslog-ng reload > /dev/null
+      rc-service syslog-ng reload > /dev/null
    endscript
 }