Ansible-manage docker-log-cleanup script and cron (PESO-142)

docker-log-cleanup.sh lived in the repo but nothing deployed it — the
script and monthly cron on nuremberg-a were set up by hand and got wiped
when the host was reinstalled. Fold both into the docker role so every
docker_hosts member gets the script in /usr/local/bin and a monthly cron,
and it survives a rebuild.
This commit is contained in:
Rasmus Wejlgaard 2026-06-08 18:36:47 +01:00
parent 3945b8cafc
commit 0ba6d6daff
3 changed files with 29 additions and 4 deletions

View file

@ -56,7 +56,7 @@ Run a single stage: `ansible-playbook deploy.yml --tags docker`
|------|-------------|
| `common` | Base packages, SSH hardening, fish shell, exporters, Alloy |
| `dotfiles` | Shell config from `dotfiles/` |
| `docker` | Docker engine install and setup |
| `docker` | Docker engine install and setup + monthly log-cleanup cron |
| `docker_services` | Deploy compose files from `services/` |
| `caddy` | Caddy reverse proxy (helsinki-a) |
| `status_page` | status.pez.sh generator script + cron |

View file

@ -96,3 +96,23 @@
state: directory
mode: '0755'
loop: "{{ docker_services | default([]) }}"
# ── Log maintenance ───────────────────────────────────────────────────────────
# Truncate oversized container *-json.log files (PESO-142). Mostly a no-op now
# that logs ship via the Loki driver, but kept as a safety net and managed in
# IaC so it survives a host rebuild.
- name: Deploy docker-log-cleanup script
ansible.builtin.copy:
src: "{{ playbook_dir }}/scripts/docker-log-cleanup.sh"
dest: /usr/local/bin/docker-log-cleanup.sh
mode: '0755'
- name: Schedule monthly docker log cleanup
ansible.builtin.cron:
name: "Docker log cleanup"
minute: "0"
hour: "3"
day: "1"
job: "/usr/local/bin/docker-log-cleanup.sh"
user: root

View file

@ -1,7 +1,12 @@
#!/bin/bash
# Truncate large Docker container log files
# Deployed on: nuremberg-a
# Cron: 0 3 1 * * /usr/local/bin/docker-log-cleanup.sh
# Truncate large Docker container log files.
#
# Managed by Ansible (docker role) — deployed to /usr/local/bin/ on all
# docker_hosts and run monthly via cron. Do not edit on the host.
#
# Safety net for containers using the json-file log driver; most containers
# ship logs via the Loki driver and never write *-json.log, so on a healthy
# host this is usually a no-op.
LOG_DIR=/var/lib/docker/containers
MAX_SIZE_MB=100