lfg2025/archy
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases 44 Wiki Activity

fix(install-log): pre-create /var/log/archipelago/ so non-root backend can write

Browse Source 
The backend runs as `archipelago` and calls `install_log()` to append
audit lines to the install log on every install / update / remove /
start / stop / restart. Target path was /var/log/archipelago-container-installs.log,
which does not exist and cannot be created by the service because
/var/log/ is root-owned. OpenOptions errors were silently swallowed,
so the log was never written on any node.

Ship a tmpfiles.d rule that pre-creates /var/log/archipelago/ and
container-installs.log with archipelago:archipelago ownership. Move
the const path to match, keeping logs inside the directory logrotate
already rotates (image-recipe/configs/logrotate.conf). Install the
rule from both the ISO build and self-update, and apply it
immediately on self-update so existing nodes get a working log
without needing a reboot.

Verified on .228: file created, backend user can write, backend
binary rebuilt with new const.
This commit is contained in:
archipelago 2026-04-23 12:02:46 -04:00
parent 9f3d66e24e
commit cd6f8bad70
5 changed files with 31 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/archipelago/src/api/rpc/package/install.rs
View File

@ -14,7 +14,7 @@ use anyhow::{Context, Result};
use tokio::io::{AsyncBufReadExt, BufReader}; use tokio::io::{AsyncBufReadExt, BufReader};
use tracing::{debug, info, warn}; use tracing::{debug, info, warn};
const INSTALL_LOG: &str = "/var/log/archipelago-container-installs.log"; const INSTALL_LOG: &str = "/var/log/archipelago/container-installs.log";
/// Append a timestamped line to the persistent install log. /// Append a timestamped line to the persistent install log.
pub(in crate::api::rpc) async fn install_log(msg: &str) { pub(in crate::api::rpc) async fn install_log(msg: &str) {

2
core/archipelago/src/api/rpc/transitional.rs
View File

@ -15,7 +15,7 @@
//! 3. on success, writes the final state (`Stopped` / `Running`). //! 3. on success, writes the final state (`Stopped` / `Running`).
//! 4. on error, reverts to the pre-transition state and logs via //! 4. on error, reverts to the pre-transition state and logs via
//! `install_log()` so the incident shows up in //! `install_log()` so the incident shows up in
//! `/var/log/archipelago-container-installs.log`. //! `/var/log/archipelago/container-installs.log`.
//! //!
//! The server.rs package-scan loop must also be taught to preserve //! The server.rs package-scan loop must also be taught to preserve
//! transitional states — see `server.rs:scan_and_update_packages`'s merge //! transitional states — see `server.rs:scan_and_update_packages`'s merge

8
image-recipe/build-auto-installer-iso.sh
View File

@ -2993,6 +2993,14 @@ chown -R 1000:1000 /mnt/target/home/archipelago/.config 2>/dev/null || true
mkdir -p /mnt/target/etc/tmpfiles.d mkdir -p /mnt/target/etc/tmpfiles.d
echo 'd /run/user/1000 0700 archipelago archipelago -' > /mnt/target/etc/tmpfiles.d/archipelago-runtime.conf echo 'd /run/user/1000 0700 archipelago archipelago -' > /mnt/target/etc/tmpfiles.d/archipelago-runtime.conf
# Pre-create /var/log/archipelago/ and container-installs.log so the
# backend (running as `archipelago`) can append to them without needing
# root. Logrotate rotates files in this directory daily.
cat > /mnt/target/etc/tmpfiles.d/archipelago-logs.conf <<'LOGSTMPFILES'
d /var/log/archipelago 0755 archipelago archipelago - -
f /var/log/archipelago/container-installs.log 0644 archipelago archipelago - -
LOGSTMPFILES
# Bootstrap switchover — checks when local Bitcoin finishes IBD and switches services # Bootstrap switchover — checks when local Bitcoin finishes IBD and switches services
cat > /mnt/target/etc/systemd/system/archipelago-bootstrap-switchover.service <<'BSSERVICE' cat > /mnt/target/etc/systemd/system/archipelago-bootstrap-switchover.service <<'BSSERVICE'
[Unit] [Unit]

10
image-recipe/configs/archipelago-tmpfiles.conf Normal file
View File

@ -0,0 +1,10 @@
# Archipelago persistent log directory and files
# Runtime log destination. Backend runs as `archipelago`, but /var/log/
# is root-owned, so we pre-create the directory and log files with the
# right ownership at boot / install-time.
#
# Logrotate (image-recipe/configs/logrotate.conf) rotates files in this
# directory daily, keeping 30 compressed copies.
d /var/log/archipelago 0755 archipelago archipelago - -
f /var/log/archipelago/container-installs.log 0644 archipelago archipelago - -

11
scripts/self-update.sh
View File

@ -198,6 +198,17 @@ if [ -f "$REPO_DIR/image-recipe/configs/archipelago.service" ]; then
fi fi
fi fi
# Install/refresh tmpfiles.d rules. The logs rule creates
# /var/log/archipelago/ + container-installs.log with archipelago:archipelago
# ownership so the non-root backend can append install audit lines.
# Apply immediately so existing nodes don't need a reboot.
if [ -f "$REPO_DIR/image-recipe/configs/archipelago-tmpfiles.conf" ]; then
sudo install -m 644 "$REPO_DIR/image-recipe/configs/archipelago-tmpfiles.conf" \
/usr/lib/tmpfiles.d/archipelago-logs.conf
sudo systemd-tmpfiles --create /usr/lib/tmpfiles.d/archipelago-logs.conf 2>/dev/null || true
ok "Log tmpfiles rule installed"
fi
# Restart service # Restart service
log "Restarting archipelago service..." log "Restarting archipelago service..."
sudo systemctl restart archipelago sudo systemctl restart archipelago