logrotate openemr container

[stephenwaite]

hi @jesdynf , this has probably been discussed before but looking at /var/log/apache2 and these files seem to be growing from day 1
-rw-r--r-- 1 root wheel 886116 Dec 18 23:28 ssl_error.log
-rw-r--r-- 1 root wheel 34341324 Dec 20 03:58 error.log
-rw-r--r-- 1 root wheel 24270142 Dec 21 14:37 access.log
do you have a suggestion on rotating since logrotate isn't installed in the docker?
thanks

[jesdynf]

With any luck, Alpine has a logrotate package -- that /does/ seem sort of essential. If it does, install from apk and submit a logrotate.conf you like?

[stephenwaite]

hi @jesdynf, the default .conf that is installed looks fine

[jesdynf]

So should we install logrotate on the default OpenEMR docker, @bradymiller ?

[bradymiller]

hi @stephenwaite and @jesdynf . Doesn't more need to be done than simply installing this? Or will it work on the apache logs automatically after installing logrotate?

[ghost]

Brady you need to add a file specific to Apache to /etc/logrotate.d/<apacheFileToCreate> It’s just default logrotate syntax for that file Anything you put in there will be run daily, and by default logs rotate like once every week I think with maybe a week’s backup kept If you look in that folder btw should see a few other examples to guide you

…

On Sun, Jul 28, 2019 at 1:33 AM Brady Miller ***@***.***> wrote: hi @stephenwaite <https://github.com/stephenwaite> and @jesdynf <https://github.com/jesdynf> . Doesn't more need to be done than simply installing this? Or will it work on the apache logs automatically after installing logrotate? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#161?email_source=notifications&email_token=AAZTUEXOXVKLM6TIAXXN2EDQBU4T7A5CNFSM4GLYTOX2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD26YNBQ#issuecomment-515737222>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAZTUEUQTXAT5C2BGS7VNOLQBU4T7ANCNFSM4GLYTOXQ> .

[ghost]

Also this as discussed http://httpd.apache.org/docs/current/programs/rotatelogs.html Simpler 1 liner alternative

…

On Sun, Jul 28, 2019 at 1:39 AM Dan Ehrlich ***@***.***> wrote: Brady you need to add a file specific to Apache to /etc/logrotate.d/<apacheFileToCreate> It’s just default logrotate syntax for that file Anything you put in there will be run daily, and by default logs rotate like once every week I think with maybe a week’s backup kept If you look in that folder btw should see a few other examples to guide you On Sun, Jul 28, 2019 at 1:33 AM Brady Miller ***@***.***> wrote: > hi @stephenwaite <https://github.com/stephenwaite> and @jesdynf > <https://github.com/jesdynf> . Doesn't more need to be done than simply > installing this? Or will it work on the apache logs automatically after > installing logrotate? > > — > You are receiving this because you are subscribed to this thread. > Reply to this email directly, view it on GitHub > <#161?email_source=notifications&email_token=AAZTUEXOXVKLM6TIAXXN2EDQBU4T7A5CNFSM4GLYTOX2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD26YNBQ#issuecomment-515737222>, > or mute the thread > <https://github.com/notifications/unsubscribe-auth/AAZTUEUQTXAT5C2BGS7VNOLQBU4T7ANCNFSM4GLYTOXQ> > . >

[stephenwaite]

pretty sure it works automatically and sanely when you install logrotate

[bradymiller]

I think @stephenwaite is right on just needing to install it, since the following script is found after install:

/var/www/localhost/htdocs/openemr # cat /etc/logrotate.d/apache2 
/var/log/apache2/*log {
    missingok
    notifempty
    sharedscripts
    delaycompress
    postrotate
        /etc/init.d/apache2 --quiet --ifstarted reload > /dev/null 2>/dev/null || true
    endscript
}

[bradymiller]

and here is default logrotate.conf:

/var/www/localhost/htdocs/openemr # cat /etc/logrotate.conf 
# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# use date as a suffix of the rotated file
dateext

# exclude alpine files
tabooext + .apk-new

# uncomment this if you want your log files compressed
compress

# main log file
/var/log/messages {}

# apk packages drop log rotation information into this directory
include /etc/logrotate.d

# system-specific logs may be also be configured here.

[bradymiller]

the postrotate command from the apache logrotate script does not seem to work on the docker, though, when I try it:
/etc/init.d/apache2 --quiet --ifstarted reload
get following:

sh: /etc/init.d/apache2: not found

Which I am guessing would end up with bad things happening if that command does not work after a log rotate.

[bradymiller]

Also, @danehrlich1 , regarding the simple one liner, please let me know what the one liner would actually be :)
(I don't have time to research this :) )

[stephenwaite]

hmmm, looks like we'll need to apk add openrc --no-cache, slippery slope :)

[bradymiller]

Issue with openrc:

/var/www/localhost/htdocs/openemr # /etc/init.d/apache2 reload
/lib/rc/sh/openrc-run.sh: line 100: can't create /sys/fs/cgroup/blkio/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 100: can't create /sys/fs/cgroup/cpu/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 100: can't create /sys/fs/cgroup/cpu,cpuacct/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 100: can't create /sys/fs/cgroup/cpuacct/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 100: can't create /sys/fs/cgroup/cpuset/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 100: can't create /sys/fs/cgroup/devices/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 100: can't create /sys/fs/cgroup/freezer/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 100: can't create /sys/fs/cgroup/hugetlb/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 100: can't create /sys/fs/cgroup/memory/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 100: can't create /sys/fs/cgroup/net_cls/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 100: can't create /sys/fs/cgroup/net_cls,net_prio/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 100: can't create /sys/fs/cgroup/net_prio/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 100: can't create /sys/fs/cgroup/perf_event/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 100: can't create /sys/fs/cgroup/pids/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 100: can't create /sys/fs/cgroup/rdma/tasks: Read-only file system
/lib/rc/sh/openrc-run.sh: line 100: can't create /sys/fs/cgroup/systemd/tasks: Read-only file system
 * You are attempting to run an openrc service on a
 * system which openrc did not boot.
 * You may be inside a chroot or you may have used
 * another initialization system to boot this system.
 * In this situation, you will get unpredictable results!
 * If you really want to do this, issue the following command:
 * touch /run/openrc/softlevel

[bradymiller]

Issue with logrotate after do the following forced run:

/var/www/localhost/htdocs/openemr # logrotate -vf /etc/logrotate.d/apache2
reading config file /etc/logrotate.d/apache2
Reading state from file: /var/lib/logrotate.status
Allocating hash table for state file, size 64 entries

Handling 1 logs

rotating pattern: /var/log/apache2/*log  forced from command line (no old logs will be kept)
empty log files are not rotated, old logs are removed
considering log /var/log/apache2/access.log
Creating new state
  Now: 2019-07-30 23:19
  Last rotated at 2019-07-30 23:00
  log needs rotating
considering log /var/log/apache2/error.log
Creating new state
  Now: 2019-07-30 23:19
  Last rotated at 2019-07-30 23:00
  log needs rotating
considering log /var/log/apache2/ssl_access.log
Creating new state
  Now: 2019-07-30 23:19
  Last rotated at 2019-07-30 23:00
  log does not need rotating (log is empty)
considering log /var/log/apache2/ssl_error.log
Creating new state
  Now: 2019-07-30 23:19
  Last rotated at 2019-07-30 23:00
  log needs rotating
considering log /var/log/apache2/ssl_request.log
Creating new state
  Now: 2019-07-30 23:19
  Last rotated at 2019-07-30 23:00
  log does not need rotating (log is empty)
rotating log /var/log/apache2/access.log, log->rotateCount is 0
dateext suffix '-20190730'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
renaming /var/log/apache2/access.log.1 to /var/log/apache2/access.log.2 (rotatecount 1, logstart 1, i 1), 
old log /var/log/apache2/access.log.1 does not exist
renaming /var/log/apache2/access.log.0 to /var/log/apache2/access.log.1 (rotatecount 1, logstart 1, i 0), 
old log /var/log/apache2/access.log.0 does not exist
log /var/log/apache2/access.log.2 doesn't exist -- won't try to dispose of it
rotating log /var/log/apache2/error.log, log->rotateCount is 0
dateext suffix '-20190730'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
renaming /var/log/apache2/error.log.1 to /var/log/apache2/error.log.2 (rotatecount 1, logstart 1, i 1), 
old log /var/log/apache2/error.log.1 does not exist
renaming /var/log/apache2/error.log.0 to /var/log/apache2/error.log.1 (rotatecount 1, logstart 1, i 0), 
old log /var/log/apache2/error.log.0 does not exist
log /var/log/apache2/error.log.2 doesn't exist -- won't try to dispose of it
rotating log /var/log/apache2/ssl_error.log, log->rotateCount is 0
dateext suffix '-20190730'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
renaming /var/log/apache2/ssl_error.log.1 to /var/log/apache2/ssl_error.log.2 (rotatecount 1, logstart 1, i 1), 
old log /var/log/apache2/ssl_error.log.1 does not exist
renaming /var/log/apache2/ssl_error.log.0 to /var/log/apache2/ssl_error.log.1 (rotatecount 1, logstart 1, i 0), 
old log /var/log/apache2/ssl_error.log.0 does not exist
log /var/log/apache2/ssl_error.log.2 doesn't exist -- won't try to dispose of it
renaming /var/log/apache2/access.log to /var/log/apache2/access.log.1
disposeName will be /var/log/apache2/access.log.1
renaming /var/log/apache2/error.log to /var/log/apache2/error.log.1
disposeName will be /var/log/apache2/error.log.1
renaming /var/log/apache2/ssl_error.log to /var/log/apache2/ssl_error.log.1
disposeName will be /var/log/apache2/ssl_error.log.1
running postrotate script
removing old log /var/log/apache2/access.log.1
removing old log /var/log/apache2/error.log.1
removing old log /var/log/apache2/ssl_error.log.1
/var/www/localhost/htdocs/openemr # cat /var/log/apache2/error.log
cat: can't open '/var/log/apache2/error.log': No such file or directory
/var/www/localhost/htdocs/openemr # cat /var/log/apache2/error.log
cat: can't open '/var/log/apache2/error.log': No such file or directory

Note this zapped all the logs and they now appear to have nowhere to go :)

/var/www/localhost/htdocs/openemr # ls -al /var/log/apache2/
total 8
drwxr-s---    2 root     wheel         4096 Jul 30 23:19 .
drwxr-xr-x    3 root     root          4096 Jul 30 23:15 ..
-rw-r--r--    1 root     wheel            0 Jul 30 23:15 ssl_access.log
-rw-r--r--    1 root     wheel            0 Jul 30 23:15 ssl_request.log

[bradymiller]

Gonna bump this issue to 5.0.3 goal since 5.0.2 is gonna be released in next couple days hopefully and don't want any last minute bugs getting in :)

[jesdynf]

FYI 98c2b5f addresses this but it's not in 6.1.0 yet, I just stuck it in 7.0.0 for now.

[jesdynf]

And it's in 6.1.0, will be in production containers next time they're cycled.

[stephenwaite]