github-starred/pangolin
2
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-08 05:39:49 -05:00
Code Issues 564 Packages Projects Releases 72 Wiki Activity

[PR #2873] [MERGED] (fix): Added a logrotate function to the crowdsec.go installer file #8001

New Issue
Closed
opened 2026-04-25 16:32:31 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-25 16:32:31 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/fosrl/pangolin/pull/2873
Author: @sidd190
Created: 4/19/2026
Status: Merged
Merged: 4/23/2026
Merged by: @oschwartz10612

Base: devHead: fix/crowdsec-traefik-logrotate

📝 Commits (2)

  • 2c8b7b5 (fix): Added a logrotate function to the crowdsec.go installer file
  • 473bce8 Pass installdir as a parameter

📊 Changes

2 files changed (+71 additions, -2 deletions)

View changed files

📝 install/crowdsec.go (+70 -1)
📝 install/main.go (+1 -1)

📄 Description

Add logrotate config for Traefik access logs when CrowdSec is installed

Fixes #2644

Documentation Update : https://github.com/fosrl/docs-v2/pull/98

What and why

The default Pangolin install does not enable Traefik access logging.
When CrowdSec is selected during installation, the installer enables Traefik access logs (required for CrowdSec to detect threats).

These logs are written to:
config/traefik/logs/access.log (on the host)

Without log rotation, this file grows indefinitely, which is the issue reported in #2644.

This change fixes the problem only in the CrowdSec installation path, keeping the default install unaffected.

What changed

File modified: install/crowdsec.go

  • Added a new function: setupTraefikLogRotate()
  • This function is called from installCrowdsec() immediately after the directory config/traefik/logs/ is created.
  • The function writes a logrotate configuration file to /etc/logrotate.d/pangolin-traefik using the absolute path to the access log (resolved from the install directory).

Logrotate configuration written:

/opt/pangolin/config/traefik/logs/access.log {
    daily
    rotate 7
    compress
    delaycompress
    missingok
    notifempty
    copytruncate
}

Note: copytruncate is the key directive. It copies the log file and then truncates the original in place.
This allows Traefik to continue writing to the same open file descriptor without needing a restart or SIGHUP signal.

If the installer is not running as root, it skips writing the file and instead prints the full configuration to stdout (with the actual resolved path), allowing the user to set it up manually.

Testing

The generated config was validated directly with logrotate:

# Check that the config parses cleanly
logrotate --debug /etc/logrotate.d/pangolin-traefik

# Force rotation (first time)
logrotate --force --state /tmp/test.state /etc/logrotate.d/pangolin-traefik

# Force rotation again (second time)
logrotate --force --state /tmp/test.state /etc/logrotate.d/pangolin-traefik

Observed behavior:

  • access.log is truncated in place after each rotation (Traefik’s file handle remains valid)
  • Most recent rotated file stays uncompressed for easy inspection (delaycompress)
  • Older files are compressed to .gz
  • After 7 rotations, the oldest file is automatically deleted

No changes were made to the default (non-CrowdSec) installation path as suggested by @oschwartz10612.

PS : Can someone please go through this comment and verify if a follow up PR like this is required where we are dropping the unused fields from crowdsec installation?

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/fosrl/pangolin/pull/2873 **Author:** [@sidd190](https://github.com/sidd190) **Created:** 4/19/2026 **Status:** ✅ Merged **Merged:** 4/23/2026 **Merged by:** [@oschwartz10612](https://github.com/oschwartz10612) **Base:** `dev` ← **Head:** `fix/crowdsec-traefik-logrotate` --- ### 📝 Commits (2) - [`2c8b7b5`](https://github.com/fosrl/pangolin/commit/2c8b7b5ca5ccc031f60f4c3b627483bade477ecc) (fix): Added a logrotate function to the crowdsec.go installer file - [`473bce8`](https://github.com/fosrl/pangolin/commit/473bce856d4d864875caa6786a4185bbe15802d2) Pass installdir as a parameter ### 📊 Changes **2 files changed** (+71 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `install/crowdsec.go` (+70 -1) 📝 `install/main.go` (+1 -1) </details> ### 📄 Description # Add logrotate config for Traefik access logs when CrowdSec is installed Fixes #2644 **Documentation Update :** https://github.com/fosrl/docs-v2/pull/98 ## What and why The default Pangolin install does not enable Traefik access logging. When **CrowdSec** is selected during installation, the installer enables Traefik access logs (required for CrowdSec to detect threats). These logs are written to: `config/traefik/logs/access.log` (on the host) Without log rotation, this file grows indefinitely, which is the issue reported in #2644. This change fixes the problem **only** in the CrowdSec installation path, keeping the default install unaffected. ## What changed **File modified:** `install/crowdsec.go` - Added a new function: `setupTraefikLogRotate()` - This function is called from `installCrowdsec()` immediately after the directory `config/traefik/logs/` is created. - The function writes a logrotate configuration file to `/etc/logrotate.d/pangolin-traefik` using the absolute path to the access log (resolved from the install directory). ### Logrotate configuration written: ```conf /opt/pangolin/config/traefik/logs/access.log { daily rotate 7 compress delaycompress missingok notifempty copytruncate } ``` > **Note:** `copytruncate` is the key directive. It copies the log file and then truncates the original in place. > This allows Traefik to continue writing to the same open file descriptor without needing a restart or SIGHUP signal. If the installer is **not running as root**, it skips writing the file and instead prints the full configuration to stdout (with the actual resolved path), allowing the user to set it up manually. ## Testing The generated config was validated directly with `logrotate`: ```bash # Check that the config parses cleanly logrotate --debug /etc/logrotate.d/pangolin-traefik # Force rotation (first time) logrotate --force --state /tmp/test.state /etc/logrotate.d/pangolin-traefik # Force rotation again (second time) logrotate --force --state /tmp/test.state /etc/logrotate.d/pangolin-traefik ``` ### Observed behavior: - access.log is truncated in place after each rotation (Traefik’s file handle remains valid) - Most recent rotated file stays uncompressed for easy inspection (delaycompress) - Older files are compressed to .gz - After 7 rotations, the oldest file is automatically deleted No changes were made to the default (non-CrowdSec) installation path as suggested by @oschwartz10612. PS : Can someone please go through [this comment](https://github.com/fosrl/pangolin/issues/2644#issuecomment-4275201183) and verify if a follow up PR like this is required where we are dropping the unused fields from crowdsec installation? --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-25 16:32:31 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
api
authentication
bug
config
dependencies
docker
documentation
enhancement
good first issue
help wanted
Improvement
Look Into
needs investigating
networking
new feature
non-critical bug
potential bug
pull-request
Mirrored from GitHub Pull Request
 question
reverse proxy
Security
stale
ui
wontfix
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#8001
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?