From: Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au>
To: Brett Neumeier <bneumeier@gmail.com>,
Laurent Bercot <ska-supervision@skarnet.org>
Cc: "supervision@list.skarnet.org" <supervision@list.skarnet.org>
Subject: Re: A better method than daisy-chaining logging files?
Date: Mon, 17 Jun 2019 16:25:15 +1000 [thread overview]
Message-ID: <8447f17e-0960-196d-bdf5-64a3d203cff0@heuristicsystems.com.au> (raw)
In-Reply-To: <CAGSetNuDw_Uy_2x-r-Oj4XGEXbeBzg5vg0dH0y-pC4_OU+Lgbw@mail.gmail.com>
On 31/05/2019 10:52 pm, Brett Neumeier wrote:
> On Fri, May 31, 2019 at 4:21 AM Laurent Bercot <ska-supervision@skarnet.org>
> wrote:
>
>>> I just attempted to link an apache24 instance to its log files via a
>>> bundle, which isn't acceptable to s6-rc-compile.
>> My advice is to use s6-rc's producer/consumer mechanism for one
>> of the log streams, and use a named pipe for the other one, without
>> cramming it into the s6-rc mechanism. That would typically mean:
>>
>> - configure apache24 to output its access log to stdout
>> - declare apache24 as a producer for apache24-access-log and
>> apache24-access-log as a consumer for apache24
>> - apache24-access-log is a simple s6-log invocation, reading
>> from its stdin
>> - mkfifo /var/run/apache24/error-fifo (with appropriate rights)
>> - declare that apache24 outputs its error log to
>> /var/run/apache24/error-fifo
>> - apache24-error-log has its run script doing something like:
>> redirfd -r 0 /var/run/apache24/error-fifo s6-log your-logging-script
>> - manually list apache24-error-log in apache24's dependencies, so
>> apache24 doesn't start before apache24-error-log. (The pipeline
>> mechanism automatically adds apache24-access-log to apache24's deps.)
>> - manually define any bundles you want.
>>
>
> For what it's worth, I use approximately this setup on my s6- and
> s6-rc-managed nginx server. The only difference is that I have nginx using
> /dev/stdout as its _error_ stream; and then I have a service that creates a
> separate fifo for each site defined in the nginx configuration. Nginx
> writes each access log to the appropriate fifo, and there's a separate
> s6-log process consuming from each of the fifos. I have had no problems
> whatever with that setup, it works like a charm and was really pretty
> straightforward to set up.
>
> In fact, I find that there are a lot of services I want to run that can
> either log to syslog or write to a specific filesystem location, and the
> same "service writes to a fifo, s6-log reads from the fifo" mechanism works
> fine for all of them. Since I use that pattern so frequently, I create a
> `/run/log-fifos` directory to contain all the fifos. I think that makes the
> entire mechanism pretty obvious and transparent, which is my general goal
> with system administration.
>
> Cheers,
>
> Brett
>
Thank-you both for your sound advise. I did in fact implement Laurent's
suggestions, unfortunately I was a flu early-adopter here in Australia.
Brett, I think I'm more on the same page now and upon reflection, my
question was pretty much a newbie as I'd failed to fully grasp that that
s6-rc is not independent of s6 and that s6 dependencies are my friend
which they now are.
My setup is a little more complicated. I have FreeBSD jails running the
service, and create a shared mount point where the service runs within
the jail, communicates to a nullfs device where the fifo queue resides.
It all works nicely until there is a rotation, which I induce with
# s6-svc -a /run/scan/apache24-error-log
The result is a directory containing
-rw-r--r-- 1 mylogger www 0B Jun 17 15:34 state
-rw-r--r-- 1 mylogger www 0B Jun 17 15:34 lock
-rwxr--r-- 1 mylogger www 329B Jun 17 15:34 previous
-rw-r--r-- 1 mylogger www 0B Jun 17 15:34 current
and an error message
s6-log: warning: unable to finish previous .s to logdir
/var/log/httpd/error: Operation not permitted
I've su'ed into the /var/log/httpd/error as "logger" and I'm able to
create and compress files within the directory; so there are no
permission issues. And both execlineb and s6-log are installed with 766
privs.
Does s6-log require root:wheel privs to perform functions within the log
directory?
FYI: and largely for those trying to use *BSD and slightly challenging
setup:
The final logger is
#!/usr/local/bin/execlineb -P
s6-setuidgid mylogger
redirfd -r 0 /m/jail3/fifo/apache24-error
s6-log -b n14 r7000 s100000 S3000000 /var/log/httpd/error
# /m is specially mounted and accessible. :)
And the apache24 httpd.conf contains
ErrorLog "/fifo/apache24-error"
For *BSD folks
mkdir -p /m/jails3/fifo /jails/jail3/fifo
mount -t nullfs /m/jail3/fifo /jails/jail3/fifo
Kind regards, Dewayne
next prev parent reply other threads:[~2019-06-17 6:25 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-31 5:24 Dewayne Geraghty
2019-05-31 9:22 ` Laurent Bercot
2019-05-31 12:52 ` Brett Neumeier
2019-06-17 6:25 ` Dewayne Geraghty [this message]
2019-06-17 17:58 ` Laurent Bercot
2019-06-17 22:15 ` Dewayne Geraghty
2019-06-18 6:35 ` Laurent Bercot
2019-06-18 7:27 ` Dewayne Geraghty
2019-06-18 7:26 ` Joan Picanyol i Puig
2019-06-18 7:48 ` Dewayne Geraghty
2019-06-18 20:52 ` Joan Picanyol i Puig
2019-06-19 7:05 ` Dewayne Geraghty
2019-06-20 6:09 ` Laurent Bercot
2019-06-18 7:53 ` Dewayne Geraghty
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8447f17e-0960-196d-bdf5-64a3d203cff0@heuristicsystems.com.au \
--to=dewayne.geraghty@heuristicsystems.com.au \
--cc=bneumeier@gmail.com \
--cc=ska-supervision@skarnet.org \
--cc=supervision@list.skarnet.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).