[Pkg-puppet-devel] reports retention policy

thomas at goirand.fr thomas at goirand.fr
Wed Aug 28 14:50:09 BST 2024 


On Aug 28, 2024 3:39 PM, Antoine Beaupré 

> @zigo: what would 7 days look like on your end? 


It looks like 4 times better than 30 days, though with 100 attached puppet agent, that still represent 40GB of reports for me: still too much, forcing me to tweak the default. 


> I must admit I don't remember looking in those files at all, certainly 

> not recently, and I don't know if the 30 days (essentially arbitrary) 

> limit makes sense for "forensics and troubleshooting"... 


That is my point: nobody looks at them... 


The only thing we do is check if reports are old, meaning puppet didn't run! 


cheers, 


Thomas Goirand 



On Aug 28, 2024 3:39 PM, Antoine Beaupré <anarcat at debian.org> wrote:

On 2024-08-28 09:26:07, Jérôme Charaoui wrote: 

[...] 

>> I also would like to ask: what do you do with so many puppet run 
>> reports? Do you read them during your week-ends, maybe? :) 
> 
> These reports could be useful for forensics and troubleshooting. 
> 
> We can argue all day long but it seems obvious that we're not going to 
> be able to agree about the appropriate retention policy, so this is my plan: 
> 
> - Remove the cron job from the package 
> - Ship a systemd service/timer pair to cleanup reports, disabled on 
> install 

I don't see what this gives us: it's the worst of both worlds. Both zigo 
and I agree that we need *some* default retention, we just disagree on 
defaults. 

> - Ship an example file to override the service to change retention time 
> - Properly announce the new service/timer pair in NEWS 
> - Document how to enable all this in README.Debian, and how to change 
> the retention time with a service unit override 

At this point, I'm starting to lean towards zigo's position, to be 
honest: why *do* we need 30 days of reports? Aren't those better in 
PuppetDB? 

@zigo: what would 7 days look like on your end? 

I must admit I don't remember looking in those files at all, certainly 
not recently, and I don't know if the 30 days (essentially arbitrary) 
limit makes sense for "forensics and troubleshooting"... 

Could you expand on what, exactly, you are using those reports for right 
now lavamind? :) 

Right now, on our 100-server puppetmaster, we *have* no reports that I 
can find at all. So I kind of doubt we're using those at all! 

a. 

-- 
During times of universal deceit, telling the truth becomes a 
revolutionary act.       - Georges Orwell 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-puppet-devel/attachments/20240828/226d1850/attachment.htm>

More information about the Pkg-puppet-devel mailing list