#213 Consider limiting journal size
Opened 9 months ago by mclasen. Modified 2 months ago

This issue has been raised again recently, so I wondered if we should discuss it in the workstation context:

https://github.com/systemd/systemd/issues/17382


This is a lot less of a problem for us now that we have one big space pool between / and /home with Btrfs. I'm not sure we really need to do anything anymore.

Assuming that systemd isn't doing anything funky, the F34 "Enable btrfs transparent zstd compression by default" feature should also help here - my 4GB journal (since July 31) compresses at 'zstd -1' to 318M.

So, I don't think disk usage is a big problem (though there are plenty of upgraded systems with uncompressed split / and /home.) There may still be an argument from a "retain unexpected and unnecessary amounts of information" point of view , but that would argue more for time limits than size limits.

yes, I agree that time limits are more interesting

That said since the amount of log data produced is somewhat predictable and time limit would in practice also function as as disk usage limiter in practice.

systemd-journald sets nodatacow (chattr +C) on /var/log/journal/ if it's on Btrfs, so these are not compressed. The typical write pattern is small enough that it's not compressible anyway, we typically get a new 4KiB extent every time something gets written to the journal.

My understanding of systemd-journald compression is that it only applies to coredumps, not the journal itself.

I think 60 days is a reasonable retention time frame.

I'm in favor of a retention time limit. I would have picked one year, but I'm fine with 60 days or anything in between.

Metadata Update from @catanzaro:
- Issue tagged with: meeting-request

8 months ago

In a "Workstation" product context log retention time is bound by data retention laws which makes it what no less than a year as @catanzaro would have picked.

If this was a "Desktop" product as in a personal computer used to handle daily tasks by individual users, 6 months would probably have been a sane default ( or even as low as 3 months ) but then you also would have completely different installation set and applications.

There is a difference between a workstation and a desktop, they have completely different scopes,target audience, different requirements and set of defaults and it often feels like the workstation group is trying to use these two different roles interchangeably, which in turn leads to at best a barely adequate product for those two different audiences.

tbh I don't know what the difference between a workstation and a desktop is. But I'll bite: what data retention laws do you think apply to the systemd journal...?

The data retention law that affects it bound by the regulatory or legal requirements for retaining it in the enterprise environment in which the workstation product is expected to be deployed in.

What arguably the workstation working group lacks is a clearly defined data retention policy, which outlines which information is being collected, how long that information is being kept and how the information is being disposed when it’s no longer needed, to have consistent collection/retention/erasure practices within the scope of the workstation product.

The journal would then be configured to match the scope of such document as would other components that make up the workstation product. ( like default's in web browser, file history duration, the deletion period of trash and temporary files etc. ).

Default Fedora 34 installation on 2021-01-20 is currently using 1.7G, max 4.0G, 2.2G free for the systemd journal. This represents 178 boots. If this is 3x more frequent booting and accumulation of logs than the typical case, then the typical case would have ~12 months of logging capacity.

man journald.conf lists MaxRetentionSec= which could take a value of e.g. 2month, 8week, 60day, etc.

Note: btrfs compression has no effect on systemd journals. (a) typical journal write is much less than 4KiB which is the minimum block size, thus no advantage of compression so it's skipped; (b) systemd enables nodatacow for journals by default, and nodatacow also means no compression.

Workstation WG doesn't seem to have a strong opinion on this.

Action: Chris to raise another trial balloon on devel@

Metadata Update from @catanzaro:
- Issue untagged with: meeting-request
- Issue tagged with: pending-action

7 months ago

I don't have a strong opinion or deep understanding of the issue, but my immediate reaction was that 4GB is rather a lot of log and maybe 6 months worth might be sufficient for most cases.

i am often short of diskspace.

Metadata Update from @petersen:
- Issue untagged with: pending-action

7 months ago

Metadata Update from @petersen:
- Issue tagged with: pending-action

7 months ago

Followup to devel@ list has yielded no additional replies after 14 days. I think the next step is to propose 6 month retention as a Fedora wide change proposal for the Fedora 35 cycle.

A journal file, could contain up to 1 month of entries. Once a journal file contains an entry subject to max retention time, the entire file is deleted. Therefore, assuming no other Max values are reached, there are a few options:

MaxRetentionSec=6month
This means a range of 5-6 months.

--

MaxRetentionSec=6month
MaxFileSec=1week
This means a range of 5 months plus 3 weeks to 6 months.

--

MaxRetentionSec=27week
MaxFileSec=1week
This means a range of 6 months to 6 months plus 1 week.

@chrismurphy Could we set that to 1 year, since that's relatively similar to the lifespan of a Fedora release?

SystemMaxUse defaults to 4G which is approximately a year of typical logging. Setting MaxRetentionSec=1year would have minimal effect. And it also wouldn't achieve one of the proposed goals, which was to make the retention more consistent. The heavier logging cases will still hit 4G before 1 year and thus in practice we'd see something like a 6 month float unless we also bump SystemMaxUse, probably by double the current value.

Since the range of opinions ranges from 2 weeks to 1 year, and the original proposal by @mattdm is six months retention, and logrotate defaults to 4 weeks retention, I think there'd be broader support for change to 6 months than anything else.

Sure, it's not a hill I'm willing to die on.

Action: Chris to raise another trial balloon on devel@

Did this happen?

Metadata Update from @aday:
- Issue assigned to chrismurphy

2 months ago

Login to comment on this ticket.

Metadata