logrotate.j2

Overview

The logrotate.j2 file is a shell script template designed to configure log rotation specifically for environments running inside Docker or containerized setups. Its primary function is to ensure that log files stored in a designated directory (/logsdir) are rotated regularly based on size and quantity parameters. This prevents excessive disk space usage by logs and maintains system performance.

The script performs environment checks to verify it runs inside a Docker container, sets up log rotation configuration files for logrotate, adjusts relevant file permissions, and schedules periodic execution of log rotation and permissions fixes using crond.

Detailed Explanation of Script Components

Docker Environment Check

if [[ -f /.dockerenv ]] || grep -Eq '(lxc|docker)' /proc/1/cgroup; then
    echo -n
else
    echo "Docker only!"
    exit 1
fi

• Purpose: Determines if the script is running inside a Docker container.

• How it works:

  • Checks for the presence of the file /.dockerenv, which is commonly present in Docker containers.

  • Alternatively, it inspects /proc/1/cgroup for strings like lxc or docker.

• Outcome:

  • If inside Docker, continues silently.

  • Otherwise, outputs "Docker only!" and exits with status code 1.

• Usage Note: Ensures the script does not run outside intended container environments.

Logrotate Configuration Setup

rm /etc/logrotate.d/*
cat >/etc/logrotate.d/node <<EOF
/logsdir/*.log {
    missingok
    rotate {{ LOG_ROTATE_AMOUNT }}
    size {{ LOG_ROTATE_SIZE }}
    notifempty
    copytruncate
}
EOF

• Purpose: Creates a logrotate configuration file named node under /etc/logrotate.d.

• Details:

  • Cleans out existing configurations in /etc/logrotate.d/.

  • Writes a new config targeting all .log files in /logsdir.

• Parameters (Jinja2 placeholders):

  • {{ LOG_ROTATE_AMOUNT }}: Number of log files to keep before deletion.

  • {{ LOG_ROTATE_SIZE }}: Minimum size threshold for triggering rotation.

• logrotate options explained:

  • missingok: Don’t error out if log files are missing.

  • rotate: Specifies number of rotated log files to keep.

  • size: Rotate only if log file exceeds this size.

  • notifempty: Skip rotation if log file is empty.

  • copytruncate: Truncates the original file after copying, allowing log writing to continue uninterrupted.

• Usage Example:
  If LOG_ROTATE_AMOUNT=5 and LOG_ROTATE_SIZE=10M, up to 5 rotated logs of at least 10 megabytes each will be kept.

Permissions Management

chown 0:0 /etc/logrotate.d
chown 0:0 /etc/logrotate.d/node

chmod 755 /etc/logrotate.d
chmod 644 /etc/logrotate.d/node

chmod 755 /logsdir

• Purpose: Ensures correct ownership and permissions for logrotate configuration and log directories.

• Details:

  • Sets ownership of /etc/logrotate.d and the node config file to user and group ID 0 (root).

  • Applies directory permissions 755 (rwxr-xr-x) to /etc/logrotate.d and /logsdir.

  • Applies file permissions 644 (rw-r--r--) to the node config file.

• Importance: Prevents permission issues when logrotate runs and when logs are written or rotated.

Cron Jobs Setup

echo "59 * * * * /bin/chmod 755 /logsdir" > /etc/crontabs/root
echo "0 * * * * /usr/sbin/logrotate -v /etc/logrotate.conf" >> /etc/crontabs/root

• Purpose: Schedules automated tasks to maintain log directory permissions and execute log rotation.

• Cron jobs configured:

  • At minute 59 of every hour: Fix permissions on /logsdir to 755.

  • At minute 0 of every hour: Run logrotate verbosely using the main config /etc/logrotate.conf.

• Usage: Ensures log directory permissions remain consistent and logs are rotated hourly.

Starting Cron Daemon

echo "Starting crond"
crond -f

• Purpose: Starts the cron daemon in the foreground.

• Effect: Enables scheduled cron jobs to run as configured within the container.

• Context: Running in foreground mode (-f) keeps the container process alive.

Interaction with Other System Components

• Logrotate daemon: Configured via /etc/logrotate.d/node and scheduled via cron to manage log files within /logsdir.

• Cron daemon (crond): Runs scheduled commands to enforce permissions and execute log rotation.

• Filesystem: Modifies /logsdir directory and /etc/logrotate.d configuration files.

• Docker environment: Script only executes inside Docker containers, ensuring containerized log management.

Visual Diagram

flowchart TD
A[Start Script] --> B{Check Docker Env}
B -- Yes --> C[Remove Existing /etc/logrotate.d/*]
B -- No --> D[Print "Docker only!" & Exit]
C --> E[Write /etc/logrotate.d/node config]
E --> F[Set Ownership & Permissions]
F --> G[Write Cron Jobs to /etc/crontabs/root]
G --> H[Start crond in Foreground]
style B fill:#f9f,stroke:#333,stroke-width:2px
style D fill:#faa,stroke:#333,stroke-width:2px
style H fill:#bbf,stroke:#333,stroke-width:2px

• The diagram illustrates the main script flow:

  • Verify Docker environment.

  • Prepare logrotate configuration.

  • Configure permissions.

  • Schedule cron jobs.

  • Launch cron daemon.

Usage Notes

• The placeholders {{ LOG_ROTATE_AMOUNT }} and {{ LOG_ROTATE_SIZE }} must be provided via templating before deployment.

• The script assumes that /logsdir exists and contains log files to be rotated.

• Designed to be used as an entrypoint or initialization script within container images requiring log rotation.

• Permissions and cron jobs ensure ongoing maintenance without manual intervention.

For further detail on logrotate options and cron scheduling, refer to Logrotate Configuration and Cron Scheduling. For container environment detection specifics, see Docker Environment Detection.