3

My logrotate container gives me following errors:

error: Ignoring activity_logs because it is writable by group or others.
error: Ignoring httpd because it is writable by group or others.
error: Ignoring reminder_cron because it is writable by group or others.

activity_logs and reminder_cron are present in /opt/logs directory, wheras httpd is present inside /var/log/httpd

Following are the permissions of the folders, when mounted inside logrotate container:

drwxr-xr-x    2 root     root            64 Aug 27 04:08 logs
drwxrwxr-x    2 root     root            64 Sep  1 20:45 httpd

Logrotate runs with root user

I am trying to setup centralized logrotate for all my docker containers. Following is my docker-compose.yml file:

version: '3'
services:

  server:
    image: private-apache:latest
    command: /usr/sbin/apachectl -DFOREGROUND
    ports:
      - "XXXX:XXXX"
    volumes:
      - ./html:/var/www/html
      - ./opt:/opt
      - ./logs/httpd:/var/log/httpd
      - ./data/tmp:/tmp
    links:
      - mysql
      - redis
      - beanstalkd
      - rsyslog
    restart: always

  logrotate:
    image: private-logrotate:latest
    command: /usr/sbin/crond -f
    volumes:
      - ./logs/rsyslog/var/log:/var/log
      - ./opt/logs:/opt/logs
      - ./logs/httpd:/var/log/httpd
    restart: always

  rsyslog:
    image: private-rsyslog:latest
    ports:
      - "XXX:XXX"
    volumes:
      - ./logs/rsyslog/var/log:/var/log
    restart: always
    depends_on:
      - logrotate

  mysql:
    image: private-mysql:latest
    privileged: false
    ports:
      - "XXXX:XXXX"
    volumes:
      - ./data/mysql:/var/lib/mysql
      - ./data/tmp:/tmp
    environment:
      - MYSQL_ROOT_PASSWORD=password
      - MYSQL_DATABASE=databasename
    restart: always

  redis:
      image: private-redis:latest
      ports:
        - "XXXX:XXXX"
      volumes:
        - ./data/redis:/var/lib/redis
      restart: always

  beanstalkd:
      image: private-beanstalkd:latest
      restart: always
      ports:
        - "XXXX:XXXX"

The server container and rsyslog container generate logs with different users. logrotate container has no idea about those users, hence putting su inside /etc/logrotate.d/httpd,/etc/logrotate.d/activity_log and /etc/logrotate.d/reminder_cron is not possible. I would like to know is it possible to force logrotate to ignore these errors and rotate the logs from mounted volumes. Or is there any better way fo doing this.

The idea is to have a central logrotate for all the containers

Lankesh Zade
  • 83
  • 9

0 Answers0