Merge pull request #1966 from drakenator/logrotate

Log rotation system service
2025-06-24 22:11:33 +00:00 · 2017-07-10 12:15:21 +10:00 · 2017-07-10 12:15:21 +10:00 · cbe24ca06b
commit cbe24ca06b
parent de8faafb72 8289d4e1bb
9 changed files with 122 additions and 1 deletions
--- a/docs/os/system-services/custom-system-services/index.md
+++ b/docs/os/system-services/custom-system-services/index.md
@ -104,6 +104,61 @@ delete the files in `/var/lib/rancher/cache`.

 The image that you specify in the service yml file needs to be pullable - either from a private registry, or on the Docker Hub.

+### Service cron
+
+RancherOS has a system cron service based on [Container Crontab](https://github.com/rancher/container-crontab). This can be used to start, restart or stop system containers.
+
+To use this on your service, add a `cron.schedule` label to your service's description:
+
+```
+my-service:
+  image: namespace/my-service:v1.0.0
+  command: my-command
+  labels:
+    io.rancher.os.scope: "system"
+    cron.schedule: "0 * * * * ?"
+```
+
+For a cron service that can be used with user Docker containers, see the `crontab` system service.
+
+### Service log rotation
+
+RancherOS provides a built in `logrotate` container that makes use of logrotate(8) to rotate system logs. This is called on an hourly basis by the `system-cron` container.
+
+If you would like to make use of system log rotation for your system service, do the following.
+
+Add `system-volumes` to your service description's `volumes_from` section. You could also use a volume group containing `system-volumes` e.g. `all-volumes`.
+
+```
+my-service:
+  image: namespace/my-service:v1.0.0
+  command: my-command
+  labels:
+    io.rancher.os.scope: "system"
+  volumes_from:
+    - system-volumes
+```
+
+Next, add an entry point script to your image and copy your logrotate configs to `/etc/logrotate.d/` on startup.
+
+Example Dockerfile:
+```
+FROM alpine:latest
+COPY logrotate-myservice.conf entrypoint.sh /
+ENTRYPOINT ["/entrypoint.sh"]
+```
+
+Example entrypoint.sh (Ensure that this script has the execute bit set).
+```
+#!/bin/sh
+
+cp logrotate-myservice.conf /etc/logrotate.d/myservice
+
+exec "$@"
+```
+
+Your service's log rotation config will now be included when the system logrotate runs. You can view logrotate output with `system-docker logs logrotate`.
+
 ### Creating your own Console

 Once you have your own Services repository, you can add a new service to its index.yml, and then add a `<service-name>.yml` file to the directory starting with the first letter.
--- a/images/02-logrotate/Dockerfile
+++ b/images/02-logrotate/Dockerfile
@ -0,0 +1,5 @@
+FROM rancher/os-base
+COPY logrotate.d/ /usr/share/logrotate/logrotate.d/
+COPY logrotate.conf /etc/logrotate.conf
+COPY entrypoint.sh /usr/bin/entrypoint.sh
+ENTRYPOINT ["/usr/bin/entrypoint.sh"]
--- a/images/02-logrotate/entrypoint.sh
+++ b/images/02-logrotate/entrypoint.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+
+cp /usr/share/logrotate/logrotate.d/* /etc/logrotate.d
+
+exec /usr/bin/ros entrypoint "$@"
--- a/images/02-logrotate/logrotate.conf
+++ b/images/02-logrotate/logrotate.conf
@ -0,0 +1,3 @@
+compress
+
+include /etc/logrotate.d
--- a/images/02-logrotate/logrotate.d/docker
+++ b/images/02-logrotate/logrotate.d/docker
@ -0,0 +1,8 @@
+/var/log/docker.log
+/var/log/system-docker.log
+{
+	rotate 7
+	daily
+	missingok
+	copytruncate
+}
--- a/images/02-syslog/Dockerfile
+++ b/images/02-syslog/Dockerfile
@ -0,0 +1,4 @@
+FROM rancher/os-base
+COPY logrotate.d/ /usr/share/logrotate/logrotate.d/
+COPY entrypoint.sh /usr/bin/entrypoint.sh
+ENTRYPOINT ["/usr/bin/entrypoint.sh"]
--- a/images/02-syslog/entrypoint.sh
+++ b/images/02-syslog/entrypoint.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+
+cp /usr/share/logrotate/logrotate.d/* /etc/logrotate.d
+
+exec /usr/bin/ros entrypoint "$@"
--- a/images/02-syslog/logrotate.d/syslog
+++ b/images/02-syslog/logrotate.d/syslog
@ -0,0 +1,13 @@
+/var/log/messages
+/var/log/secure
+/var/log/syslog
+{
+	rotate 7
+	daily
+	delaycompress
+	missingok
+	sharedscripts
+	postrotate
+		/usr/bin/ros service kill --signal SIGHUP syslog
+	endscript
+}
--- a/os-config.tpl.yml
+++ b/os-config.tpl.yml
@ -161,6 +161,19 @@ rancher:
      read_only: true
      volumes:
      - /var/lib/docker:/var/lib/docker
+    logrotate:
+      image: {{.OS_REPO}}/os-logrotate:{{.VERSION}}{{.SUFFIX}}
+      command: /usr/sbin/logrotate -v /etc/logrotate.conf
+      labels:
+        io.rancher.os.createonly: "true"
+        io.rancher.os.scope: system
+        io.rancher.os.before: system-cron
+        cron.schedule: "@hourly"
+      uts: host
+      privileged: true
+      volumes_from:
+      - command-volumes
+      - system-volumes
    media-volumes:
      image: {{.OS_REPO}}/os-base:{{.VERSION}}{{.SUFFIX}}
      command: echo
@ -215,7 +228,7 @@ rancher:
      - command-volumes
      - system-volumes
    syslog:
-      image: {{.OS_REPO}}/os-base:{{.VERSION}}{{.SUFFIX}}
+      image: {{.OS_REPO}}/os-syslog:{{.VERSION}}{{.SUFFIX}}
      command: rsyslogd -n
      labels:
        io.rancher.os.scope: system
@ -227,6 +240,15 @@ rancher:
      volumes_from:
      - command-volumes
      - system-volumes
+    system-cron:
+      image: rancher/container-crontab:v0.1.0
+      labels:
+        io.rancher.os.scope: system
+      uts: host
+      privileged: true
+      restart: always
+      volumes:
+       - /var/run/system-docker.sock:/var/run/docker.sock
    system-volumes:
      image: {{.OS_REPO}}/os-base:{{.VERSION}}{{.SUFFIX}}
      command: echo
@ -241,6 +263,7 @@ rancher:
      - /dev:/host/dev
      - /etc/docker:/etc/docker
      - /etc/hosts:/etc/hosts
+      - /etc/logrotate.d:/etc/logrotate.d
      - /etc/resolv.conf:/etc/resolv.conf
      - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt.rancher
      - /etc/selinux:/etc/selinux