Skip to content

Disable query logging default#128

Open
ixs wants to merge 3 commits intosaltstack-formulas:masterfrom
bawuenet:no_default_querylog
Open

Disable query logging default#128
ixs wants to merge 3 commits intosaltstack-formulas:masterfrom
bawuenet:no_default_querylog

Conversation

@ixs
Copy link

@ixs ixs commented May 3, 2019

By default, the bind formula will configure the named process to
write all queries into a query.log file which potentially is outside
the normal log-rotated dirs, thus filling up the disk.

This is rather unexpected on high traffic DNS servers.

Disable by default, can be explicity reenabled by setting enable_logging
to True.

Rework jinja logic to make enable_logging and use_extensive_logging mutually
exclusive rather than having them "stacked". It makes no sense to have the
fine-grained use_extensive_logging configuration depend on the coarse-grained
enable_logging toggle.

I am actually tempted to rename enable_logging to enable_query_log which is a
much clearer description of the functionality. Comments?
Somewhat related, log_dir is /var/log/something for every OS except Red Hat
where it is defined as /var/named/data... Any reason not to fix that
inconsistency other than the use of the chrooted functionality on Red Hat?

@ixs
Disable query logging default
633cbb3 
By default, the bind formula will configure the named process to
write all queries into a query.log file which potentially is outside
the normal log-rotated dirs, thus filling up the disk.

This is rather unexpected on high traffic DNS servers.

Disable by default, can be explicity reenabled by setting enable_logging
to True.

Rework jinja logic to make enable_logging and use_extensive_logging mutually
exclusive rather than having them "stacked". It makes no sense to have the
fine-grained use_extensive_logging configuration depend on the coarse-grained
enable_logging toggle.

I am actually tempted to rename enable_logging to enable_query_log which is a
much clearer description of the functionality. Comments?
Somewhat related, log_dir is /var/log/something for every OS except Red Hat
where it is defined as /var/named/data... Any reason not to fix that
inconsistency other than the use of the chrooted functionality on Red Hat?
@javierbertoli
Copy link
Member

javierbertoli commented May 3, 2019

I like the approach you took, it LGTM 👍

rename enable_logging to enable_query_log
My only concern is backward compatibility, which we're trying to respect lately in the formulas. I'd say one possibility would be to

  1. add a new parameter enable_query_log which effectively controls the query logging (what you propose)
  2. if the old parameter enable_logging is set:
    2.a. set enable_query_log to the value on enable_logging (for backward compatibility)
    2.b. trigger a deprecation warning message for the parameter enable_logging

Perhaps this can be done in another PR

ixs added 2 commits May 4, 2019 01:20
@ixs
Fix missing logging_config for Arch, RedHat and SuSE.
5685a5e 
logging_config was only defined for Debian and xBSD resulting in
rendering errors on other OS families.

This commit fixes saltstack-formulas#115
@ixs
Deprecation check and test fixup
1ce4378 
Add a deprecation message if enable_logging is used instead of enable_query_log.
Abort if both enable_logging/enable_query_log is enabled with use_extensive_logging
as these are mutually exclusive now.

Fixup tests to _not_ look for the querylog line.
@ixs ixs force-pushed the no_default_querylog branch from 7e2652a to 1ce4378 Compare May 4, 2019 00:03
@ixs
Copy link
Author

ixs commented May 4, 2019

@javierbertoli Did that. As there's no pillar.set (contrary to grains.set) I did a bit of a workaround.

Have a look, should be passing checks now as well.

@ixs
Copy link
Author

ixs commented May 8, 2019

@javierbertoli ping?

javierbertoli
javierbertoli reviewed May 8, 2019
View reviewed changes
test/integration/default/config_spec.rb
its('content') { should match /^zone\ "100\.51\.198\.in-addr\.arpa"\ {\n\ \ type\ master;\n\ \ file\ "#{zones_directory}\/100\.51\.198\.in-addr\.arpa";\n\ \ \n\ \ notify\ no;\n\};/ }
# Match logging
its('content') { should match /^logging\ \{\n\ \ channel\ "querylog"\ {\n\ \ \ \ file\ "#{log_directory}\/query\.log";\n\ \ \ \ print-time\ yes;\n\ \ \};\n\ \ category\ queries\ \{\ querylog;\ \};\n\};/ }
its('content') { should_not match /^logging\ \{\n\ \ channel\ "querylog"\ {\n\ \ \ \ file\ "#{log_directory}\/query\.log";\n\ \ \ \ print-time\ yes;\n\ \ \};\n\ \ category\ queries\ \{\ querylog;\ \};\n\};/ }
Copy link
Member

@javierbertoli javierbertoli May 8, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As you're moving the logging config to another file, can you either add some tests to make sure the logging_config file/s are created properly, or open an issue so we don't forget to add tests for this? Perhaps I can find some time to add them

Copy link
Author

@ixs ixs May 9, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay. Let me rework this a bit...

@n-rodriguez
Copy link

n-rodriguez commented Jan 13, 2020

Hi there! Any news?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@javierbertoli javierbertoli javierbertoli left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ixs @javierbertoli @n-rodriguez