fix(install-log): pre-create /var/log/archipelago/ so non-root backend can write
The backend runs as `archipelago` and calls `install_log()` to append audit lines to the install log on every install / update / remove / start / stop / restart. Target path was /var/log/archipelago-container-installs.log, which does not exist and cannot be created by the service because /var/log/ is root-owned. OpenOptions errors were silently swallowed, so the log was never written on any node. Ship a tmpfiles.d rule that pre-creates /var/log/archipelago/ and container-installs.log with archipelago:archipelago ownership. Move the const path to match, keeping logs inside the directory logrotate already rotates (image-recipe/configs/logrotate.conf). Install the rule from both the ISO build and self-update, and apply it immediately on self-update so existing nodes get a working log without needing a reboot. Verified on .228: file created, backend user can write, backend binary rebuilt with new const.
This commit is contained in:
@@ -14,7 +14,7 @@ use anyhow::{Context, Result};
|
||||
use tokio::io::{AsyncBufReadExt, BufReader};
|
||||
use tracing::{debug, info, warn};
|
||||
|
||||
const INSTALL_LOG: &str = "/var/log/archipelago-container-installs.log";
|
||||
const INSTALL_LOG: &str = "/var/log/archipelago/container-installs.log";
|
||||
|
||||
/// Append a timestamped line to the persistent install log.
|
||||
pub(in crate::api::rpc) async fn install_log(msg: &str) {
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
//! 3. on success, writes the final state (`Stopped` / `Running`).
|
||||
//! 4. on error, reverts to the pre-transition state and logs via
|
||||
//! `install_log()` so the incident shows up in
|
||||
//! `/var/log/archipelago-container-installs.log`.
|
||||
//! `/var/log/archipelago/container-installs.log`.
|
||||
//!
|
||||
//! The server.rs package-scan loop must also be taught to preserve
|
||||
//! transitional states — see `server.rs:scan_and_update_packages`'s merge
|
||||
|
||||
Reference in New Issue
Block a user