From a6bf447f9ebc188884021bf2c947d7d1a0efd342 Mon Sep 17 00:00:00 2001 From: Ryan Sundberg Date: Sat, 1 Jul 2017 15:08:08 -0700 Subject: [PATCH 1/5] Start syslog-ng before runit, and stop after runit. When syslog-ng is managed as an runit service, application logs may be lost during shutdown, when the syslog-ng service stops before the app exits. This change uses the my_init.d directory to manage syslog-ng at a lower runlevel than runit. --- image/services/syslog-ng/syslog-ng.init | 10 +++++++ image/services/syslog-ng/syslog-ng.runit | 32 --------------------- image/services/syslog-ng/syslog-ng.sh | 4 +-- image/services/syslog-ng/syslog-ng.shutdown | 3 ++ 4 files changed, 15 insertions(+), 34 deletions(-) create mode 100755 image/services/syslog-ng/syslog-ng.init delete mode 100755 image/services/syslog-ng/syslog-ng.runit create mode 100755 image/services/syslog-ng/syslog-ng.shutdown diff --git a/image/services/syslog-ng/syslog-ng.init b/image/services/syslog-ng/syslog-ng.init new file mode 100755 index 0000000..6c31aa0 --- /dev/null +++ b/image/services/syslog-ng/syslog-ng.init @@ -0,0 +1,10 @@ +#!/bin/sh +set -e + +# If /dev/log is either a named pipe or it was placed there accidentally, +# e.g. because of the issue documented at https://github.com/phusion/baseimage-docker/pull/25, +# then we remove it. +if [ ! -S /dev/log ]; then rm -f /dev/log; fi +if [ ! -S /var/lib/syslog-ng/syslog-ng.ctl ]; then rm -f /var/lib/syslog-ng/syslog-ng.ctl; fi + +/etc/init.d/syslog-ng start diff --git a/image/services/syslog-ng/syslog-ng.runit b/image/services/syslog-ng/syslog-ng.runit deleted file mode 100755 index 7045d26..0000000 --- a/image/services/syslog-ng/syslog-ng.runit +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh -set -e - -# If /dev/log is either a named pipe or it was placed there accidentally, -# e.g. because of the issue documented at https://github.com/phusion/baseimage-docker/pull/25, -# then we remove it. -if [ ! -S /dev/log ]; then rm -f /dev/log; fi -if [ ! -S /var/lib/syslog-ng/syslog-ng.ctl ]; then rm -f /var/lib/syslog-ng/syslog-ng.ctl; fi - -SYSLOGNG_OPTS="" - -[ -r /etc/default/syslog-ng ] && . /etc/default/syslog-ng - -case "x$CONSOLE_LOG_LEVEL" in - x[1-8]) - dmesg -n $CONSOLE_LOG_LEVEL - ;; - x) - ;; - *) - echo "CONSOLE_LOG_LEVEL is of unaccepted value." - ;; -esac - -if [ ! -e /dev/xconsole ] -then - mknod -m 640 /dev/xconsole p - chown root:adm /dev/xconsole - [ -x /sbin/restorecon ] && /sbin/restorecon $XCONSOLE -fi - -exec syslog-ng -F -p /var/run/syslog-ng.pid $SYSLOGNG_OPTS diff --git a/image/services/syslog-ng/syslog-ng.sh b/image/services/syslog-ng/syslog-ng.sh index 2b0be4a..db48fde 100755 --- a/image/services/syslog-ng/syslog-ng.sh +++ b/image/services/syslog-ng/syslog-ng.sh @@ -7,8 +7,8 @@ SYSLOG_NG_BUILD_PATH=/bd_build/services/syslog-ng ## Install a syslog daemon. $minimal_apt_get_install syslog-ng-core -mkdir /etc/service/syslog-ng -cp $SYSLOG_NG_BUILD_PATH/syslog-ng.runit /etc/service/syslog-ng/run +cp $SYSLOG_NG_BUILD_PATH/syslog-ng.init /etc/my_init.d/syslog-ng.init +cp $SYSLOG_NG_BUILD_PATH/syslog-ng.shutdown /etc/my_init.post_shutdown.d/syslog-ng.shutdown mkdir -p /var/lib/syslog-ng cp $SYSLOG_NG_BUILD_PATH/syslog_ng_default /etc/default/syslog-ng touch /var/log/syslog diff --git a/image/services/syslog-ng/syslog-ng.shutdown b/image/services/syslog-ng/syslog-ng.shutdown new file mode 100755 index 0000000..7f0324e --- /dev/null +++ b/image/services/syslog-ng/syslog-ng.shutdown @@ -0,0 +1,3 @@ +#!/bin/sh + +/etc/init.d/syslog-ng stop From 70b5c73902cee4b1875f3fa21d8743644fa5d0c9 Mon Sep 17 00:00:00 2001 From: Ryan Sundberg Date: Tue, 31 Oct 2017 14:16:27 -0700 Subject: [PATCH 2/5] System logging notes in README.md --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index 200b715..71b1f30 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,7 @@ You can configure the stock `ubuntu` image yourself from your Dockerfile, so why * [Environment variable dumps](#envvar_dumps) * [Modifying environment variables](#modifying_envvars) * [Security](#envvar_security) + * [System Logging](#logging) * [Upgrading the operating system inside the container](#upgrading_os) * [Container administration](#container_administration) * [Running a one-shot command in a new container](#oneshot) @@ -302,6 +303,14 @@ If you are sure that your environment variables don't contain sensitive data, th RUN chmod 755 /etc/container_environment RUN chmod 644 /etc/container_environment.sh /etc/container_environment.json + +### System Logging + +Baseimage-docker uses syslog-ng to provide a syslog facility to the container. Syslog-ng is not managed as an runit service (see below). Syslog messages are forwarded to the console via the service at /etc/service/syslog-forwarder. + +#### Log startup/shutdown sequence +In order to ensure that all application log messages are captured by syslog-ng, syslog-ng is started separately before the runit supervisor process, and shutdown after runit exits. This uses the [startup script facility](#running_startup_scripts) provided by this image. This avoids a race condition which would exist if syslog-ng were managed as an runit service, where runit kills syslog-ng in parallel with the container's other services, causing log messages to be dropped during a graceful shutdown if syslog-ng exits while logs are still being produced by other services. + ### Upgrading the operating system inside the container From 69d1b96431a880de9c24ef0c565b111d48f46dcb Mon Sep 17 00:00:00 2001 From: Ryan Sundberg Date: Tue, 31 Oct 2017 14:21:23 -0700 Subject: [PATCH 3/5] Capitalization --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1a1ac73..e450887 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ You can configure the stock `ubuntu` image yourself from your Dockerfile, so why * [Environment variable dumps](#envvar_dumps) * [Modifying environment variables](#modifying_envvars) * [Security](#envvar_security) - * [System Logging](#logging) + * [System logging](#logging) * [Upgrading the operating system inside the container](#upgrading_os) * [Container administration](#container_administration) * [Running a one-shot command in a new container](#oneshot) @@ -305,7 +305,7 @@ If you are sure that your environment variables don't contain sensitive data, th RUN chmod 644 /etc/container_environment.sh /etc/container_environment.json -### System Logging +### System logging Baseimage-docker uses syslog-ng to provide a syslog facility to the container. Syslog-ng is not managed as an runit service (see below). Syslog messages are forwarded to the console via the service at /etc/service/syslog-forwarder. From d7656266880953782e558912166c48431a3f2214 Mon Sep 17 00:00:00 2001 From: Ryan Sundberg Date: Tue, 31 Oct 2017 14:24:18 -0700 Subject: [PATCH 4/5] Prefix syslog-ng shutdown scripts with boot order --- image/services/syslog-ng/syslog-ng.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/image/services/syslog-ng/syslog-ng.sh b/image/services/syslog-ng/syslog-ng.sh index a62c064..610d80c 100755 --- a/image/services/syslog-ng/syslog-ng.sh +++ b/image/services/syslog-ng/syslog-ng.sh @@ -7,8 +7,8 @@ SYSLOG_NG_BUILD_PATH=/bd_build/services/syslog-ng ## Install a syslog daemon. $minimal_apt_get_install syslog-ng-core -cp $SYSLOG_NG_BUILD_PATH/syslog-ng.init /etc/my_init.d/syslog-ng.init -cp $SYSLOG_NG_BUILD_PATH/syslog-ng.shutdown /etc/my_init.post_shutdown.d/syslog-ng.shutdown +cp $SYSLOG_NG_BUILD_PATH/syslog-ng.init /etc/my_init.d/10_syslog-ng.init +cp $SYSLOG_NG_BUILD_PATH/syslog-ng.shutdown /etc/my_init.post_shutdown.d/10_syslog-ng.shutdown mkdir -p /var/lib/syslog-ng cp $SYSLOG_NG_BUILD_PATH/syslog_ng_default /etc/default/syslog-ng touch /var/log/syslog From 18a10580e110eead8a9cceb24963d8fc74c7ebc5 Mon Sep 17 00:00:00 2001 From: Ryan Sundberg Date: Tue, 31 Oct 2017 15:41:59 -0700 Subject: [PATCH 5/5] Syslog-ng start and stop, preserving stdout file descriptor --- image/services/syslog-ng/syslog-ng.init | 28 +++++++++++++++++++-- image/services/syslog-ng/syslog-ng.shutdown | 25 ++++++++++++++++-- 2 files changed, 49 insertions(+), 4 deletions(-) diff --git a/image/services/syslog-ng/syslog-ng.init b/image/services/syslog-ng/syslog-ng.init index 6c31aa0..04f526b 100755 --- a/image/services/syslog-ng/syslog-ng.init +++ b/image/services/syslog-ng/syslog-ng.init @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash set -e # If /dev/log is either a named pipe or it was placed there accidentally, @@ -7,4 +7,28 @@ set -e if [ ! -S /dev/log ]; then rm -f /dev/log; fi if [ ! -S /var/lib/syslog-ng/syslog-ng.ctl ]; then rm -f /var/lib/syslog-ng/syslog-ng.ctl; fi -/etc/init.d/syslog-ng start +PIDFILE="/var/run/syslog-ng.pid" +SYSLOGNG_OPTS="" + +[ -r /etc/default/syslog-ng ] && . /etc/default/syslog-ng + +syslogng_wait() { + if [ "$2" -ne 0 ]; then + return 1 + fi + + RET=1 + for i in $(seq 1 30); do + status=0 + syslog-ng-ctl stats >/dev/null 2>&1 || status=$? + if [ "$status" != "$1" ]; then + RET=0 + break + fi + sleep 1s + done + return $RET +} + +/usr/sbin/syslog-ng --pidfile "$PIDFILE" -F $SYSLOGNG_OPTS & +syslogng_wait 1 $? diff --git a/image/services/syslog-ng/syslog-ng.shutdown b/image/services/syslog-ng/syslog-ng.shutdown index 7f0324e..0288004 100755 --- a/image/services/syslog-ng/syslog-ng.shutdown +++ b/image/services/syslog-ng/syslog-ng.shutdown @@ -1,3 +1,24 @@ -#!/bin/sh +#!/bin/bash -/etc/init.d/syslog-ng stop +PIDFILE="/var/run/syslog-ng.pid" + +syslogng_wait() { + if [ "$2" -ne 0 ]; then + return 1 + fi + + RET=1 + for i in $(seq 1 30); do + status=0 + syslog-ng-ctl stats >/dev/null 2>&1 || status=$? + if [ "$status" != "$1" ]; then + RET=0 + break + fi + sleep 1s + done + return $RET +} + +kill $(cat "$PIDFILE") +syslogng_wait 0 $?