logdog: include /var/log/kdump in the logdog tarball

[arnaldo2792]

Issue number:
N / A

Description of changes:

51cb5257 logdog: include `/var/log/kdump` in the logdog taball

This commit adds /var/log/kdump so that logdog collects crash kernel dumps when they exist.

61402201 logdog: change default output directory for tarball

This commit changes the default output directory for the tarball created by logdog, from /tmp to /var/log/support.

Testing done:

In aws-dev, which has kdump support enabled: I verified that the files generated by prairiedog were collected by logdog:

tar --list -f /.bottlerocket/rootfs/var/log/support/bottlerocket-logs.tar.gz | grep var:
bottlerocket-logs/var
bottlerocket-logs/var/log
bottlerocket-logs/var/log/kdump
bottlerocket-logs/var/log/kdump/dmesg.log
bottlerocket-logs/var/log/kdump/vmcore.dump
bottlerocket-logs/var/log/kdump/prairiedog.log

In aws-ecs-1, which doesn't have kdump support enabled, I verified that logdog still works:

tar --list -f /.bottlerocket/rootfs/var/log/support/bottlerocket-logs.tar.gz
bottlerocket-logs/
bottlerocket-logs/logdog.errors
bottlerocket-logs/containerd-config
bottlerocket-logs/containerd-config-host
bottlerocket-logs/df
bottlerocket-logs/df-inodes
bottlerocket-logs/dmesg
bottlerocket-logs/iptables-filter
bottlerocket-logs/iptables-nat
bottlerocket-logs/journalctl-boots
bottlerocket-logs/journalctl.errors
bottlerocket-logs/journalctl.log
bottlerocket-logs/proc-mounts
bottlerocket-logs/settings.json
bottlerocket-logs/signpost
bottlerocket-logs/wicked
bottlerocket-logs/os-release
bottlerocket-logs/docker-info
bottlerocket-logs/docker-daemon.json
bottlerocket-logs/ecs-config.json
bottlerocket-logs/ecs-tasks

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

[webern]

👍

[bcressey]

This is an existing problem but the kdump use case exacerbates it - we write the archive to /tmp which is a memory-backed tmpfs.

It'd be better to write it somewhere under /var, preferably in a directory labeled secret_t.

[arnaldo2792]

Forced pushes include:

• Move logdog's output from tmp to /var/log/support with proper permissions
• Fix documentation to reflect the change
• Sorry for the spam, I forgot the Sign Off line, and had to amend the commits

[webern]

This is an existing problem but the kdump use case exacerbates it - we write the archive to /tmp which is a memory-backed tmpfs.

It'd be better to write it somewhere under /var, preferably in a directory labeled secret_t.

It's still accessible from 'outside' sudo sheltie under /.bottlerocket? Just trying to make sure I can still use SSH to get the tarball from my local machine via admin container.

[arnaldo2792]

It's still accessible from 'outside' sudo sheltie under /.bottlerocket? Just trying to make sure I can still use SSH to get the tarball from my local machine via admin container.

Yes:

agarrcia@ ~> ssh ec2-user@HOST "cat /.bottlerocket/rootfs/var/log/support/bottlerocket-logs.tar.gz" > bottlerocket-logs.tar.gz
agarrcia@ ~> file bottlerocket-logs.tar.gz
bottlerocket-logs.tar.gz: gzip compressed data, original size modulo 2^32 224256

[webern]

Nice.

nit: one of the commit messages has a spelling error taball.

[arnaldo2792]

Forced push fixes commits' messages