cd6f8bad70
The backend runs as `archipelago` and calls `install_log()` to append audit lines to the install log on every install / update / remove / start / stop / restart. Target path was /var/log/archipelago-container-installs.log, which does not exist and cannot be created by the service because /var/log/ is root-owned. OpenOptions errors were silently swallowed, so the log was never written on any node. Ship a tmpfiles.d rule that pre-creates /var/log/archipelago/ and container-installs.log with archipelago:archipelago ownership. Move the const path to match, keeping logs inside the directory logrotate already rotates (image-recipe/configs/logrotate.conf). Install the rule from both the ISO build and self-update, and apply it immediately on self-update so existing nodes get a working log without needing a reboot. Verified on .228: file created, backend user can write, backend binary rebuilt with new const.
11 lines
493 B
Plaintext
11 lines
493 B
Plaintext
# Archipelago persistent log directory and files
|
|
# Runtime log destination. Backend runs as `archipelago`, but /var/log/
|
|
# is root-owned, so we pre-create the directory and log files with the
|
|
# right ownership at boot / install-time.
|
|
#
|
|
# Logrotate (image-recipe/configs/logrotate.conf) rotates files in this
|
|
# directory daily, keeping 30 compressed copies.
|
|
|
|
d /var/log/archipelago 0755 archipelago archipelago - -
|
|
f /var/log/archipelago/container-installs.log 0644 archipelago archipelago - -
|