Add support for logrotate and supervisor

Issue #9

CHANGELOG.md

@@ -12,6 +12,8 @@ Please refer to the SaltStack [Release Notes](https://docs.saltstack.com/en/deve
 - Expose `/home/salt/data/logs`
 - Run `salt-master` as `salt` user
 - Add support for setting timezone
+- Add logrotate support
+- Add supervisor support
 
 **2018.3.2**
 

Dockerfile

@@ -47,7 +47,8 @@ RUN apt-get update
 RUN apt-get install --yes --quiet --no-install-recommends \
     sudo ca-certificates wget locales pkg-config openssh-client \
     python${PYTHON_VERSION} python${PYTHON_VERSION}-dev \
-    python3-pip python3-setuptools python3-wheel gettext-base
+    python3-pip python3-setuptools python3-wheel gettext-base \
+    supervisor logrotate
 
 # Configure locales
 RUN update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX \

Makefile

@@ -22,7 +22,8 @@ quickstart:
 		--publish=4505:4505/tcp --publish=4506:4506/tcp \
 		--env "USERMAP_UID=$(shell id -u)" --env "USERMAP_GID=$(shell id -g)" \
 		--env SALT_LOG_LEVEL=info \
-		--read-only --volume $(shell pwd)/srv/:/home/salt/data/srv/ \
+		--volume $(shell pwd)/srv/:/home/salt/data/srv/ \
+		--volume $(shell pwd)/logs/:/home/salt/data/logs/ \
 		cdalvaro/saltstack-master:latest
 	@echo "Type 'make logs' for the logs"
 

README.md

@@ -19,6 +19,7 @@ For other methods to install SaltStack please refer to the [Official SaltStack I
   - [Git Fileserver](#git-fileserver)
     - [GitPython](#gitpython)
     - [PyGit2](#pygit2)
+  - [Logs](#logs)
   - [Available Configuration Parameters](#available-configuration-parameters)
 - [Usage](#usage)
 - [Shell Access](#shell-access)
@@ -171,6 +172,22 @@ _pygit2.GitError: Failed to authenticate SSH session: Unable to send userauth-pu
 
 look if your private key hash empty lines at the bottom of the file and suppress them for solving the error.
 
+### Logs
+
+Salt logs are accessible by mounting the volume `/home/salt/data/logs/`.
+
+Inside that directory you could find `supervisor/` logs and `salt/` logs:
+
+docker run --name salt_master --detach \
+    --publish 4505:4505/tcp --publish 4506:4506/tcp \
+    --env 'SALT_LOG_LEVEL=info' \
+    --volume $(pwd)/recipes/:/home/salt/data/srv/ \
+    --volume $(pwd)/keys/:/home/salt/data/keys/ \
+    --volume $(pwd)/logs/:/home/salt/data/logs/ \
+    cdalvaro/saltstack-master:2018.3.3
+
+Check [Available Configuration Parameters](#available-configuration-parameters) section for configuring logrotate.
+
 ### Available Configuration Parameters
 
 Please refer the docker run command options for the `--env-file` flag where you can specify all required environment variables in a single file. This will save you from writing a potentially long docker run command. Alternatively you can use docker-compose.
@@ -182,6 +199,8 @@ Below is the list of available options that can be used to customize your SaltSt
 | `DEBUG` | Set this to `true` to enable entrypoint debugging. |
 | `TIMEZONE` | Set the container timezone. Defaults to `UTC`. Values are expected to be in Canonical format. Example: `Europe/Madrid`. See the list of [acceptable values](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). |
 | `SALT_LOG_LEVEL` | The level of messages to send to the console. One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. Default: `warning` |
+| `SALT_LOG_ROTATE_FREQUENCY` | Logrotate frequency for salt logs. Available options are 'daily', 'weekly', 'monthly', and 'yearly'. Default: `weekly` |
+| `SALT_LOG_ROTATE_RETENTION` | Keep x files before deleting old log files. Defaults: `52` |
 | `SALT_LEVEL_LOGFILE` | The level of messages to send to the log file. One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. Default: `warning` |
 | `SALT_MASTER_SIGN_PUBKEY` | Sign the master auth-replies with a cryptographic signature of the master's public key. Possible values: 'True' or 'False'. Default: `False` |
 | `SALT_MASTER_USE_PUBKEY_SIGNATURE` | Instead of computing the signature for each auth-reply, use a pre-calculated signature. This option requires `SALT_MASTER_SIGN_PUBKEY` set to 'True'. Possible values: 'True' or 'False'. Default: `True` |

assets/build/install.sh

@@ -71,3 +71,30 @@ sed -i -e "s|^[# ]*StrictHostKeyChecking.*$|    StrictHostKeyChecking no|" /etc/
 echo "    UserKnownHostsFile /dev/null" >> /etc/ssh/ssh_config
 echo "    LogLevel ERROR" >> /etc/ssh/ssh_config
 echo "#   IdentityFile salt_ssh_key" >> /etc/ssh/ssh_config
+
+# Configure logrotate
+echo "Configuring logrotate ..."
+
+# move supervisord.log file to ${SALT_LOGS_DIR}/supervisor/
+sed -i "s|^[#]*logfile=.*|logfile=${SALT_LOGS_DIR}/supervisor/supervisord.log ;|" /etc/supervisor/supervisord.conf
+
+# fix "unknown group 'syslog'" error preventing logrotate from functioning
+sed -i "s|^su root syslog$|su root root|" /etc/logrotate.conf
+
+# Configure supervisor
+echo "Configuring supervisor ..."
+
+# configure supervisord to start unicorn
+cat > /etc/supervisor/conf.d/salt-master.conf <<EOF
+[program:salt-master]
+priority=5
+directory=${SALT_HOME}
+environment=HOME=${SALT_HOME}
+command=salt-master
+user=${SALT_USER}
+autostart=true
+autorestart=true
+stopsignal=QUIT
+stdout_logfile=${SALT_LOGS_DIR}/supervisor/%(program_name)s.log
+stderr_logfile=${SALT_LOGS_DIR}/supervisor/%(program_name)s.log
+EOF

assets/runtime/config/master.yml

@@ -47,7 +47,7 @@ master_use_pubkey_signature: {{SALT_MASTER_USE_PUBKEY_SIGNATURE}}
 #####     Salt-SSH Configuration     #####
 ##########################################
 # The log file of the salt-ssh command:
-ssh_log_file: {{SALT_LOGS_DIR}}/ssh
+ssh_log_file: {{SALT_LOGS_DIR}}/salt/ssh
 
 
 #####      File Server settings      #####
@@ -94,14 +94,14 @@ pillar_roots:
 # to receive commands from.
 
 # The log file of the salt-syndic daemon:
-syndic_log_file: {{SALT_LOGS_DIR}}/syndic
+syndic_log_file: {{SALT_LOGS_DIR}}/salt/syndic
 
 
 #####         Logging settings       #####
 ##########################################
 # The location of the master log file
-log_file: {{SALT_LOGS_DIR}}/master
+log_file: {{SALT_LOGS_DIR}}/salt/master
-key_logfile: {{SALT_LOGS_DIR}}/key
+key_logfile: {{SALT_LOGS_DIR}}/salt/key
 
 # The level of messages to send to the console.
 # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.

assets/runtime/env-defaults.sh

@@ -3,6 +3,9 @@
 DEBUG=${DEBUG:-false}
 TIMEZONE=${TIMEZONE:-UTC}
 
+SALT_LOG_ROTATE_FREQUENCY=${SALT_LOG_ROTATE_FREQUENCY:-weekly}
+SALT_LOG_ROTATE_RETENTION=${SALT_LOG_ROTATE_RETENTION:-52}
+
 # https://docs.saltstack.com/en/latest/ref/configuration/master.html
 
 #####         Logging settings       #####

assets/runtime/functions.sh

@@ -171,22 +171,58 @@ function initialize_datadir()
   [[ -d /srv ]] && [[ ! -L /srv ]] && rm -rf /srv
   ln -sfnv ${SALT_BASE_DIR} /srv
 
-  # Set Slat root permissions
+  # Set Salt root permissions
-  chown -R ${SALT_USER} ${SALT_ROOT_DIR}
+  chown -R ${SALT_USER}: ${SALT_ROOT_DIR}
 
   # Set Salt run permissions
   mkdir -p /var/run/salt
-  chown -R ${SALT_USER} /var/run/salt
+  chown -R ${SALT_USER}: /var/run/salt
 
   # Set cache permissions
   mkdir -p /var/cache/salt/master
-  chown -R salt /var/cache/salt
+  chown -R ${SALT_USER}: /var/cache/salt
 
   # Logs directory
+  mkdir -p ${SALT_LOGS_DIR}/salt ${SALT_LOGS_DIR}/supervisor
+  chmod -R 0755 ${SALT_LOGS_DIR}/supervisor
+  chown -R root: ${SALT_LOGS_DIR}/supervisor
+
   [[ -d /var/log/salt ]] && [[ ! -L /var/log/salt ]] && rm -rf /var/log/salt
-  mkdir -p /var/log
+  mkdir -p ${SALT_LOGS_DIR}/salt /var/log
-  ln -sfnv ${SALT_LOGS_DIR} /var/log/salt
+  ln -sfnv ${SALT_LOGS_DIR}/salt /var/log/salt
-  chown -R ${SALT_USER} ${SALT_LOGS_DIR}
+  chown -R ${SALT_USER}: ${SALT_LOGS_DIR}/salt
+}
+
+# Configures logrotate
+function configure_logrotate()
+{
+  echo "Configuring logrotate ..."
+
+  # configure supervisord log rotation
+  cat > /etc/logrotate.d/supervisord <<EOF
+${SALT_LOGS_DIR}/supervisor/*.log {
+  ${SALT_LOG_ROTATE_FREQUENCY}
+  missingok
+  rotate ${SALT_LOG_ROTATE_RETENTION}
+  compress
+  delaycompress
+  notifempty
+  copytruncate
+}
+EOF
+
+  # configure salt-master log rotation
+  cat > /etc/logrotate.d/salt <<EOF
+${SALT_LOGS_DIR}/salt/* {
+  ${SALT_LOG_ROTATE_FREQUENCY}
+  missingok
+  rotate ${SALT_LOG_ROTATE_RETENTION}
+  compress
+  delaycompress
+  notifempty
+  copytruncate
+}
+EOF
 }
 
 # Initializes the system
@@ -194,8 +230,10 @@ function initialize_system()
 {
   map_uidgid
   initialize_datadir
+  configure_logrotate
   configure_timezone
   configure_salt_master
   setup_salt_keys
   setup_ssh_keys
+  rm -rf /var/run/supervisor.sock
 }

docker-compose.yml

@@ -6,7 +6,8 @@ services:
     image: cdalvaro/saltstack-master:2018.3.3
     restart: always
     volumes:
-      - "./srv/:/home/salt/data/srv"
+      - "srv/:/home/salt/data/srv"
+      - "logs/:/home/salt/data/logs"
     ports:
       - "4505:4505/tcp"
       - "4506:4506/tcp"

entrypoint.sh

@@ -13,7 +13,7 @@ case ${1} in
     case ${1} in
       app:start)
         echo "Starting salt-master..."
-        exec sudo -HEu ${SALT_USER} salt-master
+        exec /usr/bin/supervisord -nc /etc/supervisor/supervisord.conf
         ;;
       app:gen-signed-keys)
         shift 1