Logrotate trouble

Alsirion · May 4, 2022, 11:51am

Hello. I have some problem with traefik into container. I use docker-compose and i have this docker-compose.yml:

version: '3'
networks:
    mynet:
            external: true
    internal:
            external: false
services:
        traefik:
            image: traefik:latest
            container_name: traefik
            ports:
                    - "80:80"
                    - "443:443"
            labels:
                     - "traefik.enable=true"
            networks:
                    - mynet
            environment:
                    - TZ=Europe/Moscow
            volumes:
                    - "/var/run/docker.sock:/var/run/docker.sock:rw"
                    - "./traefik:/home/traefik/"                  
                    - "/etc/localtime:/etc/localtime:ro"
                    - ./traefik.toml:/traefik.toml
                    - ./acme.json:/acme.json
            restart: "unless-stopped"

And part of traefik.toml

...
[log]
    level = "ERROR"
    filePath = "/home/traefik/Logs/full.log"
    format = "common"
[accessLog]
    filePath = "/home/traefik/Logs/access.log"
    bufferingSize = 100
    [accessLog.fields]
        defaultMode = "keep"
        [accessLog.fields.names]
            "StartLocal" = "keep"
            "StartUTC" = "drop"
...

And i want to use logrotate from host. I create file at /etc/logrotate.d/traefik

/home/administrator/traefik/traefik/Logs/access.log {
  daily
  rotate 5
  missingok
  notifempty
  postrotate
  docker kill --signal="USR1" traefik
  endscript
}

If use logrotate /etc/logrotate.conf --debug

rotating log /home/administrator/traefik/traefik/Logs/access.log, log->rotateCount is 5
dateext suffix '-20220504'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed
fscreate context set to unconfined_u:object_r:user_home_t:s0
renaming /home/administrator/traefik/traefik/Logs/access.log to /home/administrator/traefik/traefik/Logs/access.log-20220504
creating new /home/administrator/traefik/traefik/Logs/access.log mode = 0664 uid = 1000 gid = 1000
running postrotate script
running script with arg /home/administrator/traefik/traefik/Logs/access.log: "
  docker kill --signal="USR1" traefik
"
switching euid to 0 and egid to 0

And nothing happens. At first time i think it's trouble with postrotate script. But if i send at tty from hosts invoke command docker kill --signal=1 traefik and my container stops. Well, "docker kill" - are working. May be anybody use logrotate from host machine for docker container? Thanks for help!

jakubhajek · May 4, 2022, 2:21pm

Hello @Alsirion

I think the issue you described is generated by Selinux and it is related to the permission to the file while changing the security context. I found a few examples while searching for the error message you received.

Imho, It is not Traefik either docker issue in my opinion.

Alsirion · May 5, 2022, 10:19am

I will try to recreate problem at test ubuntu. Thanks for the idea.

Topic		Replies	Views
Traefik don't listen to post 80 Traefik v2 (latest) docker	2	476	March 23, 2021
Trouble with Portainer and latest version of Traefik (2.2.1) Traefik v2 (latest) docker	0	886	May 11, 2020
Traefik v2 with docker compose - external services possible? Traefik v2 (latest) docker	6	8938	September 6, 2020
Docker-compose.yml & traefik.toml Traefik v2 (latest) file	2	2365	October 14, 2019
Need Help with Traefik and Docker Compose Setup - Can't Access Containers Externally Traefik v2 (latest) docker	2	1235	December 8, 2023

Logrotate trouble

Related Topics