mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-02-04 08:13:38 +00:00
80a203bd23
- None disables logging altogether. This is useful when we want to prevent FreedomBox from collecting IP addresses of visitors and other sensitive information. - Volatile logs are kept in RAM until the system is rebooted. Only 5% of RAM will be used at most and only 2 days worth of logs are kept. - Permanent will store logs into /var/log/journal. systemd-journald defaults will apply. 10% of disk capacity is used at most, capped at 4GiB. Also logging will stop if free space is below 15%. Maximum of 100 files are kept. No time based cleanup is done. Tests: - Set the logging mode to disabled. Observe that `journalctl -f` does not show any logs (say when performing plinth actions). - Set the logging mode to volatile. Observe that `journalctl` shows that logging is set to /run/log/journal/ and 5% of available memory is set as maximum. - Set the logging mode to persistent. Observe that `journalctl` shows that logging is set to /var/log/journal/ and 10% of disk space is set as maximum. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
59 lines
1.7 KiB
Python
59 lines
1.7 KiB
Python
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
"""Configure miscellaneous system settings."""
|
|
|
|
import pathlib
|
|
|
|
import augeas
|
|
|
|
from plinth import action_utils
|
|
from plinth.actions import privileged
|
|
|
|
JOURNALD_FILE = pathlib.Path('/etc/systemd/journald.conf.d/50-freedombox.conf')
|
|
|
|
|
|
def load_augeas():
|
|
"""Initialize Augeas."""
|
|
aug = augeas.Augeas(flags=augeas.Augeas.NO_LOAD +
|
|
augeas.Augeas.NO_MODL_AUTOLOAD)
|
|
aug.transform('Puppet', str(JOURNALD_FILE))
|
|
aug.set('/augeas/context', '/files' + str(JOURNALD_FILE))
|
|
aug.load()
|
|
return aug
|
|
|
|
|
|
def get_logging_mode() -> str:
|
|
"""Return the logging mode as none, volatile or persistent."""
|
|
aug = load_augeas()
|
|
storage = aug.get('Journal/Storage')
|
|
if storage in ('volatile', 'persistent', 'none'):
|
|
return storage
|
|
|
|
# journald's default is 'auto'. On Debian systems, 'auto' is same
|
|
# 'persistent' because /var/log/journal exists by default.
|
|
return 'persistent'
|
|
|
|
|
|
@privileged
|
|
def set_logging_mode(mode: str) -> None:
|
|
"""Set the current logging mode."""
|
|
if mode not in ('volatile', 'persistent', 'none'):
|
|
raise ValueError('Invalid mode')
|
|
|
|
aug = load_augeas()
|
|
aug.set('Journal/Storage', mode)
|
|
if mode == 'volatile':
|
|
aug.set('Journal/RuntimeMaxUse', '5%')
|
|
aug.set('Journal/MaxFileSec', '6h')
|
|
aug.set('Journal/MaxRetentionSec', '2day')
|
|
else:
|
|
aug.remove('Journal/RuntimeMaxUse')
|
|
aug.remove('Journal/MaxFileSec')
|
|
aug.remove('Journal/MaxRetentionSec')
|
|
|
|
JOURNALD_FILE.parent.mkdir(exist_ok=True)
|
|
aug.save()
|
|
|
|
# systemd-journald is socket activated, it may not be running and it does
|
|
# not support reload.
|
|
action_utils.service_try_restart('systemd-journald')
|