diff --git a/docs/os/system-services/custom-system-services/index.md b/docs/os/system-services/custom-system-services/index.md index 634ad70c..13b7c201 100644 --- a/docs/os/system-services/custom-system-services/index.md +++ b/docs/os/system-services/custom-system-services/index.md @@ -104,6 +104,61 @@ delete the files in `/var/lib/rancher/cache`. The image that you specify in the service yml file needs to be pullable - either from a private registry, or on the Docker Hub. +### Service cron + +RancherOS has a system cron service based on [Container Crontab](https://github.com/rancher/container-crontab). This can be used to start, restart or stop system containers. + +To use this on your service, add a `cron.schedule` label to your service's description: + +``` +my-service: + image: namespace/my-service:v1.0.0 + command: my-command + labels: + io.rancher.os.scope: "system" + cron.schedule: "0 * * * * ?" +``` + +For a cron service that can be used with user Docker containers, see the `crontab` system service. + +### Service log rotation + +RancherOS provides a built in `logrotate` container that makes use of logrotate(8) to rotate system logs. This is called on an hourly basis by the `system-cron` container. + +If you would like to make use of system log rotation for your system service, do the following. + +Add `system-volumes` to your service description's `volumes_from` section. You could also use a volume group containing `system-volumes` e.g. `all-volumes`. + +``` +my-service: + image: namespace/my-service:v1.0.0 + command: my-command + labels: + io.rancher.os.scope: "system" + volumes_from: + - system-volumes +``` + +Next, add an entry point script to your image and copy your logrotate configs to `/etc/logrotate.d/` on startup. + +Example Dockerfile: +``` +FROM alpine:latest +COPY logrotate-myservice.conf entrypoint.sh / +ENTRYPOINT ["/entrypoint.sh"] +``` + +Example entrypoint.sh (Ensure that this script has the execute bit set). +``` +#!/bin/sh + +cp logrotate-myservice.conf /etc/logrotate.d/myservice + +exec "$@" +``` + +Your service's log rotation config will now be included when the system logrotate runs. You can view logrotate output with `system-docker logs logrotate`. + ### Creating your own Console Once you have your own Services repository, you can add a new service to its index.yml, and then add a `.yml` file to the directory starting with the first letter. diff --git a/images/02-logrotate/Dockerfile b/images/02-logrotate/Dockerfile new file mode 100644 index 00000000..74325f8c --- /dev/null +++ b/images/02-logrotate/Dockerfile @@ -0,0 +1,5 @@ +FROM rancher/os-base +COPY logrotate.d/ /usr/share/logrotate/logrotate.d/ +COPY logrotate.conf /etc/logrotate.conf +COPY entrypoint.sh /usr/bin/entrypoint.sh +ENTRYPOINT ["/usr/bin/entrypoint.sh"] diff --git a/images/02-logrotate/entrypoint.sh b/images/02-logrotate/entrypoint.sh new file mode 100755 index 00000000..3742e270 --- /dev/null +++ b/images/02-logrotate/entrypoint.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +cp /usr/share/logrotate/logrotate.d/* /etc/logrotate.d + +exec /usr/bin/ros entrypoint "$@" diff --git a/images/02-logrotate/logrotate.conf b/images/02-logrotate/logrotate.conf new file mode 100644 index 00000000..1ced117a --- /dev/null +++ b/images/02-logrotate/logrotate.conf @@ -0,0 +1,3 @@ +compress + +include /etc/logrotate.d diff --git a/images/02-logrotate/logrotate.d/docker b/images/02-logrotate/logrotate.d/docker new file mode 100644 index 00000000..33f0965e --- /dev/null +++ b/images/02-logrotate/logrotate.d/docker @@ -0,0 +1,8 @@ +/var/log/docker.log +/var/log/system-docker.log +{ + rotate 7 + daily + missingok + copytruncate +} diff --git a/images/02-syslog/Dockerfile b/images/02-syslog/Dockerfile new file mode 100644 index 00000000..9334f448 --- /dev/null +++ b/images/02-syslog/Dockerfile @@ -0,0 +1,4 @@ +FROM rancher/os-base +COPY logrotate.d/ /usr/share/logrotate/logrotate.d/ +COPY entrypoint.sh /usr/bin/entrypoint.sh +ENTRYPOINT ["/usr/bin/entrypoint.sh"] diff --git a/images/02-syslog/entrypoint.sh b/images/02-syslog/entrypoint.sh new file mode 100755 index 00000000..3742e270 --- /dev/null +++ b/images/02-syslog/entrypoint.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +cp /usr/share/logrotate/logrotate.d/* /etc/logrotate.d + +exec /usr/bin/ros entrypoint "$@" diff --git a/images/02-syslog/logrotate.d/syslog b/images/02-syslog/logrotate.d/syslog new file mode 100644 index 00000000..8dd65584 --- /dev/null +++ b/images/02-syslog/logrotate.d/syslog @@ -0,0 +1,13 @@ +/var/log/messages +/var/log/secure +/var/log/syslog +{ + rotate 7 + daily + delaycompress + missingok + sharedscripts + postrotate + /usr/bin/ros service kill --signal SIGHUP syslog + endscript +} diff --git a/os-config.tpl.yml b/os-config.tpl.yml index bb9b2eff..65982b91 100644 --- a/os-config.tpl.yml +++ b/os-config.tpl.yml @@ -161,6 +161,19 @@ rancher: read_only: true volumes: - /var/lib/docker:/var/lib/docker + logrotate: + image: {{.OS_REPO}}/os-logrotate:{{.VERSION}}{{.SUFFIX}} + command: /usr/sbin/logrotate -v /etc/logrotate.conf + labels: + io.rancher.os.createonly: "true" + io.rancher.os.scope: system + io.rancher.os.before: system-cron + cron.schedule: "@hourly" + uts: host + privileged: true + volumes_from: + - command-volumes + - system-volumes media-volumes: image: {{.OS_REPO}}/os-base:{{.VERSION}}{{.SUFFIX}} command: echo @@ -215,7 +228,7 @@ rancher: - command-volumes - system-volumes syslog: - image: {{.OS_REPO}}/os-base:{{.VERSION}}{{.SUFFIX}} + image: {{.OS_REPO}}/os-syslog:{{.VERSION}}{{.SUFFIX}} command: rsyslogd -n labels: io.rancher.os.scope: system @@ -227,6 +240,15 @@ rancher: volumes_from: - command-volumes - system-volumes + system-cron: + image: rancher/container-crontab:v0.1.0 + labels: + io.rancher.os.scope: system + uts: host + privileged: true + restart: always + volumes: + - /var/run/system-docker.sock:/var/run/docker.sock system-volumes: image: {{.OS_REPO}}/os-base:{{.VERSION}}{{.SUFFIX}} command: echo @@ -241,6 +263,7 @@ rancher: - /dev:/host/dev - /etc/docker:/etc/docker - /etc/hosts:/etc/hosts + - /etc/logrotate.d:/etc/logrotate.d - /etc/resolv.conf:/etc/resolv.conf - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt.rancher - /etc/selinux:/etc/selinux