From 0ba6d6daff49825783b8bd69bada5789b73fee4e Mon Sep 17 00:00:00 2001 From: Rasmus Wejlgaard Date: Mon, 8 Jun 2026 18:36:47 +0100 Subject: [PATCH] Ansible-manage docker-log-cleanup script and cron (PESO-142) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit docker-log-cleanup.sh lived in the repo but nothing deployed it — the script and monthly cron on nuremberg-a were set up by hand and got wiped when the host was reinstalled. Fold both into the docker role so every docker_hosts member gets the script in /usr/local/bin and a monthly cron, and it survives a rebuild. --- ansible/README.md | 2 +- ansible/roles/docker/tasks/main.yml | 20 ++++++++++++++++++++ ansible/scripts/docker-log-cleanup.sh | 11 ++++++++--- 3 files changed, 29 insertions(+), 4 deletions(-) diff --git a/ansible/README.md b/ansible/README.md index 42bfccb..8031b42 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -56,7 +56,7 @@ Run a single stage: `ansible-playbook deploy.yml --tags docker` |------|-------------| | `common` | Base packages, SSH hardening, fish shell, exporters, Alloy | | `dotfiles` | Shell config from `dotfiles/` | -| `docker` | Docker engine install and setup | +| `docker` | Docker engine install and setup + monthly log-cleanup cron | | `docker_services` | Deploy compose files from `services/` | | `caddy` | Caddy reverse proxy (helsinki-a) | | `status_page` | status.pez.sh generator script + cron | diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index c01b5d4..36554ab 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -96,3 +96,23 @@ state: directory mode: '0755' loop: "{{ docker_services | default([]) }}" + +# ── Log maintenance ─────────────────────────────────────────────────────────── +# Truncate oversized container *-json.log files (PESO-142). Mostly a no-op now +# that logs ship via the Loki driver, but kept as a safety net and managed in +# IaC so it survives a host rebuild. + +- name: Deploy docker-log-cleanup script + ansible.builtin.copy: + src: "{{ playbook_dir }}/scripts/docker-log-cleanup.sh" + dest: /usr/local/bin/docker-log-cleanup.sh + mode: '0755' + +- name: Schedule monthly docker log cleanup + ansible.builtin.cron: + name: "Docker log cleanup" + minute: "0" + hour: "3" + day: "1" + job: "/usr/local/bin/docker-log-cleanup.sh" + user: root diff --git a/ansible/scripts/docker-log-cleanup.sh b/ansible/scripts/docker-log-cleanup.sh index 3bb18bd..91a37ef 100755 --- a/ansible/scripts/docker-log-cleanup.sh +++ b/ansible/scripts/docker-log-cleanup.sh @@ -1,7 +1,12 @@ #!/bin/bash -# Truncate large Docker container log files -# Deployed on: nuremberg-a -# Cron: 0 3 1 * * /usr/local/bin/docker-log-cleanup.sh +# Truncate large Docker container log files. +# +# Managed by Ansible (docker role) — deployed to /usr/local/bin/ on all +# docker_hosts and run monthly via cron. Do not edit on the host. +# +# Safety net for containers using the json-file log driver; most containers +# ship logs via the Loki driver and never write *-json.log, so on a healthy +# host this is usually a no-op. LOG_DIR=/var/lib/docker/containers MAX_SIZE_MB=100