Open k1o0 opened 1 year ago
@k1o0 @oliche I recall that this might have been solved already?
No it hasn't. Olivier added a 'delay' arg to the log config but it didn't solve the issue. Here's what Olivier tried:
'handlers': {
'file': {
'level': 'DEBUG',
'class': 'logging.handlers.RotatingFileHandler',
'filename': '/var/log/alyx.log',
'maxBytes': 16777216,
'backupCount': 1,
'formatter': 'simple',
'delay': True # added in attempt to solve new file permissions error
},
The production instance settings file had this delay arg yet when I restarted apache recently I encountered the same permissions error. We don't have any other leads at the moment.
We never found a good solution to this but I noticed someone added a cron to periodically chmod the log files. Not ideal or secure but at least we're not having so much down time as a result...
This happens on the log rotation. This happened on the main alyx during the IBL meeting, so this needs to get looked into further, as this is still a problem even outside of the docker
This doesn't make sense as all the permissions are solid. I think what may happen is the following:
the log is written by the wsgi process as the www-data user
the log is rotated by the wsgi process using the logrotate daemon as root.
So the new file is created as root and this creates permissions errors.
To test this I would run a local Alyx server using unicorn as a web server and a small log rotate size, all of the above on a Linux machine.
The Alyx logs are not working correctly on any of the instances on which it runs. There is a problem with permissions when trying to create a new log file.
On the production Alyx instance the
access_alyx.log
file is >1.2 GB and theerror_alyx.log
file is polluted with constant permissions errors:This same issue occurs on mbox, the test instance, and cortexlab Alyx. I notice that in the Alyx set up instructions someone writes that a
/var/log/alyx
directory should be created within which all log files should be written, however we don't do this. Perhaps creating such a folder with the correct permissions would work?