diff --git a/CHANGELOG.md b/CHANGELOG.md index b89b63ca..adf6be36 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,7 @@ The **patch** part changes is incremented if multiple releases happen the same m * nagios-nrpe: add a NRPE check-local command with completion. * policy_pam: New role allowing to manage password policy with pam_pwquality & pam_pwhistory * userlogrotate: rotate also php.log. +* userlogrotate: new version, with separate conf file * docker-host: added var for user namespace setting * dovecot: fix old_stats plugin for Dovecot 2.3. * dovecot: add Munin plugins dovecot1 and dovecot_stats (patched) diff --git a/userlogrotate/files/userlogrotate b/userlogrotate/files/userlogrotate index ce8cc28a..9599d63b 100644 --- a/userlogrotate/files/userlogrotate +++ b/userlogrotate/files/userlogrotate @@ -1,58 +1,125 @@ #!/bin/bash +# Userlogrotate rotates logs in custom paths. +# The difference with logrotate is that it sets +# the owner:group according to the location of each log. + +CONF_PATH="/etc/evolinux/userlogrotate.conf" # optional file + +# Default conf +DELETE_AFTER_RETENTION_DAYS="false" # values: true | false +RETENTION_DAYS=365 # only applies if $RETENTION_DAYS == "true" +SYSTEM_LOGS_SEARCH_PATHS=( # will chown root:$user + /home/*/log +) +APPLICATIVE_LOGS_SEARCH_PATHS=( # will chown $user:$user + /home/*/www/{,current/}log +) +SYSTEM_LOG_NAMES=(access.log access-*.log error.log php.log) +APPLICATIVE_LOG_NAMES=(production.log delayed_job.log development.log test.log) +DRY_RUN=false # do echo instead of executing, values: true | false + +############################################################ + DATE="$(/bin/date +"%Y-%m-%d")" -HOMEPREFIX="/home" + +if [ -f "${CONF_PATH}" ]; then + source "${CONF_PATH}" +fi rotate () { - mv $1 $1.$DATE - touch $1 - chown $2 $1 - chmod g+r $1 + if [ ${DRY_RUN} == "false" ]; then + mv $1 $1.${DATE} + touch $1 + chown $2 $1 + chmod g+r $1 + else + echo "Move $1 to $1.${DATE}" + echo "Change $1 owner to $2" + fi } user_for() { - homedir="$(echo $1 | sed "s#\($HOMEPREFIX/\([^/]\+\)\).*#\1#")" - stat -L -c '%G' $homedir + stat -L -c '%G' $1 } -for log in access.log access-*.log error.log php.log; do - for i in $(ls -1 -d $HOMEPREFIX/*/log/$log 2>/dev/null | grep -v \.bak\.); do - USER="$(user_for $i)" - rotate $i root:$USER - done +delete_old() { + if [ ${DELETE_AFTER_RETENTION_DAYS} == "true" ]; then + if [ ${DRY_RUN} == "false" ]; then + find $1/ -ctime +${RETENTION_DAYS} -delete # slash is needed! + else + echo "Delete files:" + find $1/ -ctime +${RETENTION_DAYS} + fi + fi +} + +compress() { + if [ ${DRY_RUN} == "false" ]; then + gzip "$1" + else + echo "Gzipping $1" + fi +} + +for path in ${SYSTEM_LOGS_SEARCH_PATHS[@]}; do + for log_name in ${SYSTEM_LOG_NAMES[@]}; do + log_paths=$(ls -1 -d ${path}/${log_name} 2>/dev/null | grep -v \.bak\.) + for file in ${log_paths}; do + user="$(user_for "${file}")" + rotate "${file}" root:"${user}" + delete_old "$(dirname "${file}")" + done + done done -for log in production.log delayed_job.log development.log test.log; do - for i in $(ls -1 -d $HOMEPREFIX/*/www/{,current/}log/$log 2>/dev/null | grep -v \.bak\.); do - USER="$(user_for $i)" - rotate $i $USER:$USER - done +for path in ${APPLICATIVE_LOGS_SEARCH_PATHS[@]}; do + for log_name in ${APPLICATIVE_LOG_NAMES[@]}; do + log_paths=$(ls -1 -d ${path}/${log_name} 2>/dev/null | grep -v \.bak\.) + for file in ${log_paths}; do + user="$(user_for "${file}")" + rotate "${file}" "${user}":"${user}" + delete_old "$(dirname "${file}")" + done + done done -test -x /usr/sbin/apache2ctl && if /etc/init.d/apache2 status > /dev/null ; then \ - /etc/init.d/apache2 reload > /dev/null; \ -fi; +if [ -x /usr/sbin/apache2ctl ] && /etc/init.d/apache2 status > /dev/null ; then + if [ ${DRY_RUN} == "false" ]; then + /etc/init.d/apache2 reload > /dev/null + else + echo "Reloading Apache" + fi +fi -test -x /usr/sbin/nginx && invoke-rc.d nginx rotate >/dev/null 2>&1 +if [ -x /usr/sbin/nginx ]; then + if [ ${DRY_RUN} == "false" ]; then + invoke-rc.d nginx rotate >/dev/null 2>&1 + else + echo "Reloading Nginx" + fi +fi # Zipping is done after web server reload, so that the file descriptor is released. # Else, an error is raised (gzip file size changed while zipping) # and logs written during the zipping process might be lost. -for log in access.log*[!\.gz] access-*.log*[!\.gz] error.log*[!\.gz]; do - for i in $(ls -1 -d $HOMEPREFIX/*/log/$log 2>/dev/null | grep -v \.bak\.); do - if test -f "$i"; then - gzip "$i" - fi - done +for path in ${SYSTEM_LOGS_SEARCH_PATHS[@]}; do + for log_name in ${SYSTEM_LOG_NAMES[@]}; do + to_compress_paths=$(ls -1 -d ${path}/${log_name}*[!\.gz] 2>/dev/null | grep -v \.bak\.) + for file in ${to_compress_paths}; do + compress "${file}" + done + done done -for log in production.log*[!\.gz] delayed_job.log*[!\.gz] development.log*[!\.gz] test.log*[!\.gz]; do - for i in $(ls -1 -d $HOMEPREFIX/*/www/{,current/}log/$log 2>/dev/null | grep -v \.bak\.); do - if test -f "$i"; then - gzip "$i" - fi - done +for path in ${APPLICATIVE_LOGS_SEARCH_PATHS[@]}; do + for log_name in ${APPLICATIVE_LOG_NAMES[@]}; do + compressed_paths=$(ls -1 -d ${path}/${log_name}*[!\.gz] 2>/dev/null | grep -v \.bak\.) + for file in ${compressed_paths}; do + compress "${file}" + done + done done exit 0