From b3a22d90495561baec558bf619a93fe0f94be58a Mon Sep 17 00:00:00 2001
From: Michal Konecny <mkonecny@redhat.com>
Date: Nov 06 2024 15:12:16 +0000
Subject: [ipa/server] Add logrotate config for krb5kdc


The log files for krb5kdc had around 1 GB each on ipa01.stg. To prevent this in
future let us replace the original config with one that is compressing the old logs.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>

---

diff --git a/roles/ipa/server/files/logrotate_krb5kdc b/roles/ipa/server/files/logrotate_krb5kdc
new file mode 100644
index 0000000..3d9fd6b
--- /dev/null
+++ b/roles/ipa/server/files/logrotate_krb5kdc
@@ -0,0 +1,10 @@
+var/log/krb5kdc.log {
+    missingok
+    notifempty
+    monthly
+    rotate 12
+    compress
+    postrotate
+        systemctl reload krb5kdc.service || true
+    endscript
+}
diff --git a/roles/ipa/server/tasks/main.yml b/roles/ipa/server/tasks/main.yml
index b04a3e2..d57d48e 100644
--- a/roles/ipa/server/tasks/main.yml
+++ b/roles/ipa/server/tasks/main.yml
@@ -613,6 +613,12 @@
   - config
   - krb5
 
+- name: Copy the new krb5 logrotate config
+  ansible.builtin.copy:
+    src: logrotate_krb5kdc
+    dest: /etc/logrotate.d/krb5kdc
+    mode: '0644'
+    backup: yes
 
 - import_tasks: scripts.yml