Disable rsyslog duplication of systemd-journal

[agrare]

By default systemd-journal is non-persistent and rsyslog is configured to copy everything from the journal to /var/log/syslog.

If you have a /var/log/journal/ directory on persistent storage then systemd-journal will automatically persist journal files but rsyslog doesn't also automatically disable copying to syslog

TODO:

• Live test of an rpm upgrade

Fixes #411

[Fryguy]

@bdunne Please review.

[agrare]

Okay with the sed scriptlet here this is what imjournal module section of rsyslog.conf looks like after dnf install

#### MODULES ####

module(load="imuxsock"    # provides support for local system logging (e.g. via logger command)
       SysSock.Use="off") # Turn off message reception via local log socket; 
                          # local messages are retrieved through imjournal now.
#module(load="imjournal"            # provides access to the systemd journal
#       UsePid="system" # PID nummber is retrieved as the ID of the process the journal entry originates from
#       StateFile="imjournal.state") # File to store the position in the journal
#module(load="imklog") # reads kernel messages (the same are read from journald)
#module(load="immark") # provides --MARK-- message capability

# Provides UDP syslog reception
# for parameters see http://www.rsyslog.com/doc/imudp.html
#module(load="imudp") # needs to be done just once
#input(type="imudp" port="514")

And confirmed that after restarting rsyslog.service journal messages are no longer duplicated to /var/log/messages

[agrare]

Okay retested after adding the systemctl restart rsyslog.service line

[agrare]

If you aren't a sed expert (which I am not), this means "starting at this regex" (/^module(load="imjournal"/) until this regex (/StateFile="imjournal.state")/), substitute the start of the line with # (s|^|#|)

[Fryguy]

And confirmed that after restarting rsyslog.service journal messages are no longer duplicated to /var/log/messages

Just to clarify. I thought this would prevent them from being written to /var/log/journal ? Only reason I'm asking is that /var/log/messages is in the settings as one of the places we collect logs from, so will this affect log collection?

[agrare]

@Fryguy we also pull logs from /var/log/journal/ and we already use journalctl on uploaded log bundles

[Fryguy]

LGTM - @bdunne Please also review.

[agrare]

Hey @bdunne could you take a look at this?

[kbrock]

This looks great. anything special to help get it in?

[miq-bot]

This pull request has been automatically marked as stale because it has not been updated for at least 3 months.

If these changes are still valid, please remove the stale label, make any changes requested by reviewers (if any), and ensure that this issue is being looked at by the assigned/reviewer(s).

[miq-bot]

Checked commits agrare/manageiq-rpm_build@cc27bb7~...f2bd3c8 with ruby 3.1.5, rubocop 1.56.3, haml-lint 0.51.0, and yamllint
0 files checked, 0 offenses detected
Everything looks fine. 🍰