[systemd-devel] Logroate + Pass signal to executable in container (nspawn)
Lennart Poettering
lennart at poettering.net
Wed Feb 25 12:15:25 PST 2015
On Mon, 23.02.15 15:12, Peter Paule (systemd-devel at fedux.org) wrote:
> Hi,
>
> I run "nginx" in a container which itself is under systemd-control. All
> error messages are put to stderr and the incomming requests are logged in
> access.log. To reduce the filesize I want to rotate the access.log.
>
> I see two possibilities to make nginx release the file handle:
> * Restart service
> * Send signal USR1 or whatever it needs to the service
Well, as mentioned in the other mails: nspawn is really primarily
designed for running init systems, as the entire concept of PID
contaienrs on Linux. My recommendation would hence be: run systemd in
the container, make it run your nginx service as normal service, and
run the rotation stuff as .timer and .service unit within the
container, not outside of it.
> Does it make sense to send SIGUSR1 (or whatever signal it needs) to
> nginx to rotate the logs afterwards or is it ok to restart the whole
> service because systemd will buffer all incoming request - though socket
> activation is not in use? I'm not sure, what's best for this use
> case.
This will not work. Neither with nor without socket activation, as all
ongoing connections would be abruptly terminated.
> And to make things easier for you to read, here's the expanded exec start
> commandline
>
> /usr/bin/systemd-nspawn \
> --register=no \
> --ephemeral \
> --bind-ro /etc/ssl/machines/www_example_org:/etc/ssl/nginx \
> --bind-ro /srv/machines/www_example_org:/srv/www \
> --bind /var/log/machines/www_example_org:/var/log/nginx/ \
> --bind-ro
> /etc/machines/www_example_org/sites-enabled:/etc/nginx/sites-enabled/ \
> --bind-ro
> /etc/machines/www_example_org/other-config:/etc/nginx/other-config/ \
> -M docker-centos-nginx \
> /usr/sbin/nginx
One option is to use --register=yes (the default), then machined will
know about the container, and you can send signal to its PID 1 via
"machinectl kill".
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list