Merge pull request #1966 from drakenator/logrotate

Log rotation system service
2025-06-27 15:26:50 +00:00 · 2017-07-10 12:15:21 +10:00 · 2017-07-10 12:15:21 +10:00 · cbe24ca06b
commit cbe24ca06b
parent de8faafb72 8289d4e1bb
9 changed files with 122 additions and 1 deletions
--- a/docs/os/system-services/custom-system-services/index.md
+++ b/docs/os/system-services/custom-system-services/index.md
@ -104,6 +104,61 @@ delete the files in `/var/lib/rancher/cache`.
 The image that you specify in the service yml file needs to be pullable - either from a private registry, or on the Docker Hub.
 ### Service cron
 RancherOS has a system cron service based on [Container Crontab](https://github.com/rancher/container-crontab). This can be used to start, restart or stop system containers.
 To use this on your service, add a `cron.schedule` label to your service's description:
 ```
 my-service:
  image: namespace/my-service:v1.0.0
  command: my-command
  labels:
    io.rancher.os.scope: "system"
    cron.schedule: "0 * * * * ?"
 ```
 For a cron service that can be used with user Docker containers, see the `crontab` system service.
 ### Service log rotation
 RancherOS provides a built in `logrotate` container that makes use of logrotate(8) to rotate system logs. This is called on an hourly basis by the `system-cron` container.
 If you would like to make use of system log rotation for your system service, do the following.
 Add `system-volumes` to your service description's `volumes_from` section. You could also use a volume group containing `system-volumes` e.g. `all-volumes`.
 ```
 my-service:
  image: namespace/my-service:v1.0.0
  command: my-command
  labels:
    io.rancher.os.scope: "system"
  volumes_from:
    - system-volumes
 ```
 Next, add an entry point script to your image and copy your logrotate configs to `/etc/logrotate.d/` on startup.
 Example Dockerfile:
 ```
 FROM alpine:latest
 COPY logrotate-myservice.conf entrypoint.sh /
 ENTRYPOINT ["/entrypoint.sh"]
 ```
 Example entrypoint.sh (Ensure that this script has the execute bit set).
 ```
 #!/bin/sh
 cp logrotate-myservice.conf /etc/logrotate.d/myservice
 exec "$@"
 ```
 Your service's log rotation config will now be included when the system logrotate runs. You can view logrotate output with `system-docker logs logrotate`.
 ### Creating your own Console
 Once you have your own Services repository, you can add a new service to its index.yml, and then add a `<service-name>.yml` file to the directory starting with the first letter.
--- a/images/02-logrotate/Dockerfile
+++ b/images/02-logrotate/Dockerfile
@ -0,0 +1,5 @@
 FROM rancher/os-base
 COPY logrotate.d/ /usr/share/logrotate/logrotate.d/
 COPY logrotate.conf /etc/logrotate.conf
 COPY entrypoint.sh /usr/bin/entrypoint.sh
 ENTRYPOINT ["/usr/bin/entrypoint.sh"]
--- a/images/02-logrotate/entrypoint.sh
+++ b/images/02-logrotate/entrypoint.sh
@ -0,0 +1,5 @@
 #!/bin/bash
 cp /usr/share/logrotate/logrotate.d/* /etc/logrotate.d
 exec /usr/bin/ros entrypoint "$@"
--- a/images/02-logrotate/logrotate.conf
+++ b/images/02-logrotate/logrotate.conf
@ -0,0 +1,3 @@
 compress
 include /etc/logrotate.d
--- a/images/02-logrotate/logrotate.d/docker
+++ b/images/02-logrotate/logrotate.d/docker
@ -0,0 +1,8 @@
 /var/log/docker.log
 /var/log/system-docker.log
 {
 	rotate 7
 	daily
 	missingok
 	copytruncate
 }
--- a/images/02-syslog/Dockerfile
+++ b/images/02-syslog/Dockerfile
@ -0,0 +1,4 @@
 FROM rancher/os-base
 COPY logrotate.d/ /usr/share/logrotate/logrotate.d/
 COPY entrypoint.sh /usr/bin/entrypoint.sh
 ENTRYPOINT ["/usr/bin/entrypoint.sh"]
--- a/images/02-syslog/entrypoint.sh
+++ b/images/02-syslog/entrypoint.sh
@ -0,0 +1,5 @@
 #!/bin/bash
 cp /usr/share/logrotate/logrotate.d/* /etc/logrotate.d
 exec /usr/bin/ros entrypoint "$@"
--- a/images/02-syslog/logrotate.d/syslog
+++ b/images/02-syslog/logrotate.d/syslog
@ -0,0 +1,13 @@
 /var/log/messages
 /var/log/secure
 /var/log/syslog
 {
 	rotate 7
 	daily
 	delaycompress
 	missingok
 	sharedscripts
 	postrotate
 		/usr/bin/ros service kill --signal SIGHUP syslog
 	endscript
 }
--- a/os-config.tpl.yml
+++ b/os-config.tpl.yml
@ -161,6 +161,19 @@ rancher:
      read_only: true
      volumes:
      - /var/lib/docker:/var/lib/docker
    logrotate:
      image: {{.OS_REPO}}/os-logrotate:{{.VERSION}}{{.SUFFIX}}
      command: /usr/sbin/logrotate -v /etc/logrotate.conf
      labels:
        io.rancher.os.createonly: "true"
        io.rancher.os.scope: system
        io.rancher.os.before: system-cron
        cron.schedule: "@hourly"
      uts: host
      privileged: true
      volumes_from:
      - command-volumes
      - system-volumes
    media-volumes:
      image: {{.OS_REPO}}/os-base:{{.VERSION}}{{.SUFFIX}}
      command: echo
@ -215,7 +228,7 @@ rancher:
      - command-volumes
      - system-volumes
    syslog:
-      image: {{.OS_REPO}}/os-base:{{.VERSION}}{{.SUFFIX}}
+      image: {{.OS_REPO}}/os-syslog:{{.VERSION}}{{.SUFFIX}}
      command: rsyslogd -n
      labels:
        io.rancher.os.scope: system
@ -227,6 +240,15 @@ rancher:
      volumes_from:
      - command-volumes
      - system-volumes
    system-cron:
      image: rancher/container-crontab:v0.1.0
      labels:
        io.rancher.os.scope: system
      uts: host
      privileged: true
      restart: always
      volumes:
       - /var/run/system-docker.sock:/var/run/docker.sock
    system-volumes:
      image: {{.OS_REPO}}/os-base:{{.VERSION}}{{.SUFFIX}}
      command: echo
@ -241,6 +263,7 @@ rancher:
      - /dev:/host/dev
      - /etc/docker:/etc/docker
      - /etc/hosts:/etc/hosts
      - /etc/logrotate.d:/etc/logrotate.d
      - /etc/resolv.conf:/etc/resolv.conf
      - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt.rancher
      - /etc/selinux:/etc/selinux