From 4455fe6b626d0ed7caf72ef0ff0dd53868d14c2a Mon Sep 17 00:00:00 2001
From: Kazuhiro MUSASHI <simoom634@yahoo.co.jp>
Date: Sat, 2 Jul 2022 20:39:31 +0900
Subject: [PATCH] Deploy `/etc/logrotate.d/vault`.

---
 cookbooks/vault/files/etc/logrotate.d/vault | 16 ++++++++++++++++
 cookbooks/vault/setup.rb                    |  6 ++++++
 2 files changed, 22 insertions(+)
 create mode 100644 cookbooks/vault/files/etc/logrotate.d/vault

diff --git a/cookbooks/vault/files/etc/logrotate.d/vault b/cookbooks/vault/files/etc/logrotate.d/vault
new file mode 100644
index 0000000..33d56df
--- /dev/null
+++ b/cookbooks/vault/files/etc/logrotate.d/vault
@@ -0,0 +1,16 @@
+/opt/vault/logs/audit.log {
+  rotate 30
+  daily
+  # Do not execute rotate if the log file is empty.
+  notifempty
+  missingok
+  compress
+  # Set compress on next rotate cycl to prevent entry loss when performing compression.
+  delaycompress
+  postrotate
+    /usr/bin/pkill -HUP vault
+  endscript
+  extension log
+  dateext
+  dateformat %Y-%m-%d.
+}
diff --git a/cookbooks/vault/setup.rb b/cookbooks/vault/setup.rb
index 2c0e2ce..6ae000d 100644
--- a/cookbooks/vault/setup.rb
+++ b/cookbooks/vault/setup.rb
@@ -20,3 +20,9 @@ end
     mode '644'
   end
 end
+
+remote_file '/etc/logrotate.d/vault' do
+  owner 'root'
+  group 'root'
+  mode '644'
+end