Fix: Remove unneccessary dependendancy on external logrotate image

We now include logrotate in the the basic image. This does -- up to a point -- reduce the "separation of concerns", but it simplifies image management considerably and removes an unneccessary dependency on a third-party container.
bokysan · Oct 27, 2023 · b90b336 · b90b336
1 parent 5fb369a
commit b90b336
Show file tree

Hide file tree

Showing 12 changed files with 45 additions and 128 deletions.
diff --git a/.github/actions/build-logrotate/action.yaml b/.github/actions/build-logrotate/action.yaml
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
@@ -37,21 +37,6 @@ jobs:
 
       - uses: ./.github/actions/helm-chart-tests
 
-  Build_Logrotate:
-    runs-on: ubuntu-latest
-    needs:
-      - Helm_chart_Tests
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - uses: ./.github/actions/build-logrotate
-        with:
-          DOCKER_ACCESS_TOKEN: '${{ secrets.DOCKER_ACCESS_TOKEN }}'
-          tags: |
-            boky/logrotate:latest
-            boky/logrotate:edge
-
   Build_PostfixExporter:
     runs-on: ubuntu-latest
     needs:

diff --git a/.github/workflows/tags.yml b/.github/workflows/tags.yml
@@ -37,21 +37,6 @@ jobs:
 
       - uses: ./.github/actions/helm-chart-tests
 
-  Build_Logrotate:
-    runs-on: ubuntu-latest
-    needs:
-      - Helm_chart_Tests
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - uses: ./.github/actions/build-logrotate
-        with:
-          DOCKER_ACCESS_TOKEN: '${{ secrets.DOCKER_ACCESS_TOKEN }}'
-          tags: |
-            boky/logrotate:latest
-            boky/logrotate:edge
-
   Build_PostfixExporter:
     runs-on: ubuntu-latest
     needs:

diff --git a/build-scripts/postfix-install.sh b/build-scripts/postfix-install.sh
@@ -7,7 +7,7 @@ do_alpine() {
     apk add --upgrade cyrus-sasl cyrus-sasl-static cyrus-sasl-digestmd5 cyrus-sasl-crammd5 cyrus-sasl-login cyrus-sasl-ntlm
     apk add postfix
     apk add opendkim
-    apk add --upgrade ca-certificates tzdata supervisor rsyslog musl musl-utils bash opendkim-utils libcurl jsoncpp lmdb
+    apk add --upgrade ca-certificates tzdata supervisor rsyslog musl musl-utils bash opendkim-utils libcurl jsoncpp lmdb logrotate
 }
 
 do_ubuntu() {
@@ -17,7 +17,7 @@ do_ubuntu() {
     apt-get install -y libsasl2-modules
     apt-get install -y postfix
     apt-get install -y opendkim
-    apt-get install -y ca-certificates tzdata supervisor rsyslog bash opendkim-tools curl libcurl4 libjsoncpp25 sasl2-bin postfix-lmdb netcat
+    apt-get install -y ca-certificates tzdata supervisor rsyslog bash opendkim-tools curl libcurl4 libjsoncpp25 sasl2-bin postfix-lmdb netcat logrotate cron
 }
 
 if [ -f /etc/alpine-release ]; then

diff --git a/configs/supervisord.conf b/configs/supervisord.conf
@@ -22,6 +22,12 @@ autorestart     = false
 directory       = /etc/postfix
 startsecs       = 0
 
+[program:cron]
+command         = /scripts/cron.sh
+autostart       = true
+autorestart     = true
+startsecs       = 0
+
 [program:opendkim]
 command         = /scripts/opendkim.sh
 user            = opendkim

diff --git a/helm/mail/templates/configmap-metrics.yaml b/helm/mail/templates/configmap-metrics.yaml
@@ -14,4 +14,16 @@ data:
   maillog.conf: |
     template(name="metricslog" type="string" string={{ .Values.metrics.path | quote }})
     action(type="omfile" DynaFile="metricslog" template="plain" DirCreateMode="0755" FileCreateMode="0644")
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ print $fullName "-scripts" | quote }}
+  labels:
+    {{- $labels | nindent 4 }}
+data:
+  logrotate.sh: |
+    #!/bin/sh
+    set -e
+    exec /usr/sbin/logrotate /etc/logrotate.d/logrotate.conf
 {{- end }}
diff --git a/helm/mail/templates/statefulset.yaml b/helm/mail/templates/statefulset.yaml
@@ -105,6 +105,17 @@ spec:
               mountPath: {{ regexFind "^/?.*/" .Values.metrics.maillog | quote }}
               readOnly: false
               subPath: logs
+            {{- if .Values.metrics.logrotate.enabled }}
+            - name: metrics-config
+              mountPath: /etc/logrotate.d/logrotate.conf
+              subPath: logrotate.conf
+            - name: metrics-config-scripts
+              mountPath: /etc/cron.hourly/ # Ubuntu
+              subPath: logrotate.sh
+            - name: metrics-config-scripts
+              mountPath: /etc/periodic/hourly # Alpine
+              subPath: logrotate.sh
+            {{- end }}
             {{- end }}
             {{- if .Values.certs.create }}
             - name: certs
@@ -161,26 +172,6 @@ spec:
               path: {{ .Values.metrics.path | quote }} 
               port: {{ .Values.metrics.port }}
             initialDelaySeconds: 5
-        {{- if .Values.metrics.logrotate.enabled }}
-        - name: logrotate
-          image: "{{ .Values.metrics.logrotate.image.repository }}:{{ .Values.metrics.logrotate.image.tag | default "latest" }}"
-          startupProbe:
-            exec:
-              command:
-                - sh
-                - -c
-                - >-
-                  [ -f {{ .Values.metrics.maillog | quote }} ] && grep -qi "starting the Postfix mail system" {{ .Values.metrics.maillog | quote }}
-            failureThreshold: 30
-            periodSeconds: 10
-          volumeMounts:
-            - name: {{ $fullName | quote }}
-              mountPath: {{ regexFind "^/?.*/" .Values.metrics.maillog | quote }}
-              subPath: logs
-            - mountPath: /etc/logrotate.d/logrotate.conf
-              name: metrics-config
-              subPath: logrotate.conf
-        {{- end }}
         {{- end }}
         {{- if .Values.extraContainers }}
         {{- tpl .Values.extraContainers $root | nindent 8 }}
@@ -215,6 +206,10 @@ spec:
         - name: metrics-config
           configMap:
             name: {{ print $fullName "-metrics" | quote }}
+        - name: metrics-config-scripts
+          configMap:
+            name: {{ print $fullName "-scripts" | quote }}
+            defaultMode: 0777
         {{- end }}
         {{- if .Values.extraVolumes }}{{- toYaml .Values.extraVolumes | nindent 8 }}{{ end }}
   {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}

diff --git a/helm/mail/values.yaml b/helm/mail/values.yaml
@@ -43,9 +43,6 @@ metrics:
   maillog: /var/log/mail.log
   logrotate:
     enabled: true
-    image: 
-      repository: "boky/logrotate"
-      tag: "latest"
     logrotate.conf: |
       /var/log/mail.log {
           rotate 1
@@ -55,7 +52,7 @@ metrics:
           missingok
           notifempty
           dateext
-          olddir /var/log/old
+          olddir /var/log/
           maxage 90
       }
 

diff --git a/logrotate-01.patch b/logrotate-01.patch
diff --git a/scripts/cron.sh b/scripts/cron.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if [ -f /usr/sbin/cron ]; then # Ubuntu
+    exec /usr/sbin/cron -f
+else # Alpine / Busybox cron
+    exec /usr/sbin/crond -f -S
+fi
diff --git a/scripts/opendkim.sh b/scripts/opendkim.sh
@@ -13,7 +13,7 @@ if [ ! -d /etc/opendkim/keys ]; then
 elif [ -z "$(find /etc/opendkim/keys -type f ! -name .)" ]; then
     noop
 else
-    /usr/sbin/opendkim -D -f -x /etc/opendkim/opendkim.conf
+    exec /usr/sbin/opendkim -D -f -x /etc/opendkim/opendkim.conf
 fi
 
 
diff --git a/scripts/postfix.sh b/scripts/postfix.sh
@@ -1,2 +1,2 @@
 #!/bin/sh
-/usr/sbin/postfix -c /etc/postfix start-fg
+exec /usr/sbin/postfix -c /etc/postfix start-fg