Background

I usually use supervisor1 to deploy my services, and capture the stdout/stderr to the log files, and then use logrotate to rotate the logs, which the configuration likes:

/data/log/app/*/*.log {
    daily
    missingok
    rotate 180
    dateext
    compress
    delaycompress
    notifempty
    create 640 nobody adm
    sharedscripts
    postrotate
      /usr/local/bin/supervisorctl -c /etc/supervisord.conf pid && kill -USR2 `/usr/local/bin/supervisorctl -c /etc/supervisord.conf pid` > /tmp/kill.log 2>&1
    endscript
}

As you can see, I make the logrotate to send a signal to supervisord after the logs have been rotated, to let the supervisord reopen the logs.

But when I deployed my services onto a Ubuntu 20.04, it just don’t work.

Show The Verbose

Then I change the logrotate.service to show the verbose outputs of logrorate, I changed the ExecStart in the logrotate.service to:

ExecStart=/usr/sbin/logrotate -f -v /etc/logrotate.conf
  • -f to force logrotate run.

Then I noticed a line in the outputs of command journalctl -xe:

Nov 01 15:49:51 vm logrotate[3952467]: unix:///tmp/supervisor.sock no such file

Solve the Problem

I identify that this is the output of supervisorctl, but the file is existed, then I noticed a line in the logrotate.service:

PrivateTmp=true

According to its documentation:

PrivateTmp= Takes a boolean argument. If true, sets up a new file system namespace for the executed processes and mounts private /tmp and /var/tmp directories inside it that is not shared by processes outside of the namespace. This is useful to secure access to temporary files of the process, but makes sharing between processes via /tmp or /var/tmp impossible.

So I changed it to false, then the problem solved. If the security is more important to you, you can change the unix socket path.

See also