logrotate: T4250: Fixed logrotate config generation

* Removed `/var/log/auth.log` and `/var/log/messages` from
`/etc/logrotate.d/rsyslog`, because they conflict with VyOS-controlled
items what leads to service error.
* Removed generation config file for `/var/log/messages` from
`system-syslog.py` - this should be done from `syslom logs` now.
* Generate each logfile from `system syslog file` to a dedicated
logrotate config file.
* Fixed logrotate config file names in
`/etc/rsyslog.d/vyos-rsyslog.conf`.
* Added default logrotate settins for `/var/log/messages`

4 files changed, 31 insertions, 8 deletions

diff --git a/data/templates/syslog/logrotate.tmpl b/data/templates/syslog/logrotate.tmpl
index f758265e4..c1b951e8b 100644
--- a/data/templates/syslog/logrotate.tmpl
+++ b/data/templates/syslog/logrotate.tmpl
@@ -1,12 +1,11 @@
-{% for file in files %}
-{{files[file]['log-file']}} {
+{{ config_render['log-file'] }} {
   missingok
   notifempty
   create
-  rotate {{files[file]['max-files']}}
-  size={{files[file]['max-size']//1024}}k
+  rotate {{ config_render['max-files'] }}
+  size={{ config_render['max-size'] // 1024 }}k
   postrotate
     invoke-rc.d rsyslog rotate > /dev/null
   endscript
 }
-{% endfor %}
+
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst
index 1a4c830cc..1ca6687a3 100644
--- a/debian/vyos-1x.postinst
+++ b/debian/vyos-1x.postinst
@@ -93,3 +93,7 @@ for file in $DELETE; do
         rm -f ${file}
     fi
 done
+
+# Remove logrotate items controlled via CLI and VyOS defaults
+sed -i '/^\/var\/log\/messages$/d' /etc/logrotate.d/rsyslog
+sed -i '/^\/var\/log\/auth.log$/d' /etc/logrotate.d/rsyslog
diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system-syslog.py
index 3d8a51cd8..309b4bdb0 100755
--- a/src/conf_mode/system-syslog.py
+++ b/src/conf_mode/system-syslog.py
@@ -17,6 +17,7 @@
 import os
 import re
 
+from pathlib import Path
 from sys import exit
 
 from vyos.config import Config
@@ -89,7 +90,7 @@ def get_config(config=None):
                     filename: {
                         'log-file': '/var/log/user/' + filename,
                         'max-files': '5',
-                        'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/' + filename,
+                        'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/vyos-rsyslog-generated-' + filename,
                         'selectors': '*.err',
                         'max-size': 262144
                     }
@@ -205,10 +206,17 @@ def generate(c):
     conf = '/etc/rsyslog.d/vyos-rsyslog.conf'
     render(conf, 'syslog/rsyslog.conf.tmpl', c)
 
+    # cleanup current logrotate config files
+    logrotate_files = Path('/etc/logrotate.d/').glob('vyos-rsyslog-generated-*')
+    for file in logrotate_files:
+        file.unlink()
+
     # eventually write for each file its own logrotate file, since size is
     # defined it shouldn't matter
-    conf = '/etc/logrotate.d/vyos-rsyslog'
-    render(conf, 'syslog/logrotate.tmpl', c)
+    for filename, fileconfig in c.get('files', {}).items():
+        if fileconfig['log-file'].startswith('/var/log/user/'):
+            conf = '/etc/logrotate.d/vyos-rsyslog-generated-' + filename
+            render(conf, 'syslog/logrotate.tmpl', { 'config_render': fileconfig })
 
 
 def verify(c):
diff --git a/src/etc/logrotate.d/vyos-rsyslog b/src/etc/logrotate.d/vyos-rsyslog
new file mode 100644
index 000000000..3c087b94e
--- /dev/null
+++ b/src/etc/logrotate.d/vyos-rsyslog
@@ -0,0 +1,12 @@
+/var/log/messages {
+    create
+    missingok
+    nomail
+    notifempty
+    rotate 10
+    size 1M
+    postrotate
+        # inform rsyslog service about rotation
+        /usr/lib/rsyslog/rsyslog-rotate
+    endscript
+}