Enable logging for local openldap service

Currently local openldap service (slapd) doesn't have logs at all. This change enables logging for the service. Test Plan: PASS: Verify the logs are generated in /var/log/slapd.log after system is successfully deployed. PASS: Verify that standard openldap operations are logged, such as adding users, searching for users. PASS: Verify log file is rotated when reaching the configured size. Closes-Bug: 2017796 Signed-off-by: Andy Ning <andy.ning@windriver.com> Change-Id: I277f25e855a51da1865d7cf995b0e447fb1e53be
2023-04-26 11:47:22 -04:00
parent f1e378fe5c
commit a72bf7dbdf
5 changed files with 25 additions and 3 deletions
--- a/openldap-config/debian/deb_folder/openldap-config.install
+++ b/openldap-config/debian/deb_folder/openldap-config.install
@@ -2,6 +2,7 @@ initscript /usr/share/starlingx/openldap
 slapd.conf /usr/share/starlingx/openldap
 initial_config.ldif /usr/share/starlingx/openldap
 slapd.syslog-ng.conf /usr/share/starlingx/openldap
+slapd.logrotate /usr/share/starlingx/openldap
 slapd.sysconfig /usr/share/starlingx/openldap
 slapd.service /etc/systemd/system
 sudo.schema /etc/ldap/schema
--- a/openldap-config/debian/deb_folder/postinst
+++ b/openldap-config/debian/deb_folder/postinst
@@ -6,6 +6,7 @@ cp /usr/share/starlingx/openldap/initscript /etc/init.d/openldap
 cp /usr/share/starlingx/openldap/slapd.conf /etc/ldap/slapd.conf
 cp /usr/share/starlingx/openldap/initial_config.ldif /etc/ldap/initial_config.ldif
 cp /usr/share/starlingx/openldap/slapd.syslog-ng.conf /etc/syslog-ng/conf.d/slapd.conf
+cp /usr/share/starlingx/openldap/slapd.logrotate /etc/logrotate.d
 cp /usr/share/starlingx/openldap/slapd.sysconfig /etc/default/slapd

 chmod 755 /etc/init.d/slapd
@@ -13,6 +14,7 @@ chmod 740 /etc/ldap/
 chmod 600 /etc/ldap/slapd.conf
 chmod 600 /etc/ldap/initial_config.ldif
 chmod 644 /etc/syslog-ng/conf.d/slapd.conf
+chmod 644 /etc/logrotate.d/slapd.logrotate
 chmod 644 /etc/systemd/system/slapd.service
 chmod 644 /etc/default/slapd

--- a/openldap-config/source-debian/slapd.conf
+++ b/openldap-config/source-debian/slapd.conf
@@ -91,7 +91,7 @@ access to *
       by self write
       by * read

-loglevel none
+loglevel stats

 overlay ppolicy
 ppolicy_default "cn=default,ou=policies,dc=cgcs,dc=local"
--- a/openldap-config/source-debian/slapd.logrotate
+++ b/openldap-config/source-debian/slapd.logrotate
@@ -0,0 +1,19 @@
+#
+# Copyright (c) 2023 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+/var/log/slapd.log
+{
+  nodateext
+  size 10M
+  start 1
+  rotate 20
+  missingok
+  notifempty
+  compress
+  sharedscripts
+  postrotate
+    systemctl reload syslog-ng > /dev/null 2>&1 || true
+  endscript
+}
--- a/openldap-config/source-debian/slapd.syslog-ng.conf
+++ b/openldap-config/source-debian/slapd.syslog-ng.conf
@@ -1,8 +1,8 @@
 # slapd log destination
-destination d_daemon_slapd { file("/var/log/daemon.log" persist-name("slapd") template(t_preformatted)); };
+destination d_slapd { file("/var/log/slapd.log"); };

 # slapd log filters
 filter f_slapd    { facility(local4) and program(slapd); };

 # slapd log path
-log {source(s_src); filter(f_slapd); destination(d_daemon_slapd); };
+log {source(s_src); filter(f_slapd); destination(d_slapd); };