|
|
@ -0,0 +1,53 @@ |
|
|
|
|
|
#!/bin/bash |
|
|
|
|
|
|
|
|
|
|
|
## Should be executable N time in a row with same result. |
|
|
|
|
|
|
|
|
|
|
|
. lib/common |
|
|
|
|
|
|
|
|
|
|
|
set -e |
|
|
|
|
|
|
|
|
|
|
|
LOGS=/var/log/letsencrypt |
|
|
|
|
|
|
|
|
|
|
|
## XXXvlab: hum it seems apache logging is run as root, so well... |
|
|
|
|
|
# logs_creds=$(cached_cmd_on_base_image apache "stat -c '%u %g' '$LOGS'") || { |
|
|
|
|
|
# debug "Failed to query for www-data gid in ${DARKYELLOW}apache${NORMAL} base image." |
|
|
|
|
|
# return 1 |
|
|
|
|
|
# } |
|
|
|
|
|
|
|
|
|
|
|
rotated_count=$(relation-get rotated-count 2>/dev/null) || true |
|
|
|
|
|
rotated_count=${rotated_count:-52} |
|
|
|
|
|
|
|
|
|
|
|
## Here, we rely on ``delaycompress`` option and the fact that letsencrypt is |
|
|
|
|
|
## run-once type of service to ensure logrotation will play it safely with the |
|
|
|
|
|
## log writing process. |
|
|
|
|
|
|
|
|
|
|
|
## XXXvlab: a lot of this intelligence should be moved away into ``logrotate`` charm |
|
|
|
|
|
DST="$CONFIGSTORE/$TARGET_SERVICE_NAME/etc/logrotate.d/$SERVICE_NAME" |
|
|
|
|
|
file_put "$DST" <<EOF |
|
|
|
|
|
/var/log/docker/$SERVICE_NAME/letsencrypt.log |
|
|
|
|
|
{ |
|
|
|
|
|
weekly |
|
|
|
|
|
missingok |
|
|
|
|
|
dateext |
|
|
|
|
|
dateyesterday |
|
|
|
|
|
dateformat _%Y-%m-%d |
|
|
|
|
|
extension .log |
|
|
|
|
|
rotate $rotated_count |
|
|
|
|
|
compress |
|
|
|
|
|
delaycompress |
|
|
|
|
|
notifempty |
|
|
|
|
|
create 640 root root |
|
|
|
|
|
sharedscripts |
|
|
|
|
|
} |
|
|
|
|
|
EOF |
|
|
|
|
|
|
|
|
|
|
|
config-add "\ |
|
|
|
|
|
services: |
|
|
|
|
|
$MASTER_TARGET_SERVICE_NAME: |
|
|
|
|
|
volumes: |
|
|
|
|
|
- $DST:/etc/logrotate.d/docker-${SERVICE_NAME}:ro |
|
|
|
|
|
- $SERVICE_DATASTORE$LOGS:/var/log/docker/$SERVICE_NAME:rw |
|
|
|
|
|
$MASTER_BASE_SERVICE_NAME: |
|
|
|
|
|
volumes: |
|
|
|
|
|
- $SERVICE_DATASTORE$LOGS:$LOGS:rw |
|
|
|
|
|
" |
