From 7da22e243e4da5b84ee7003d4f9f7aa6085ba0d0 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Tue, 9 Mar 2021 12:25:15 -0500 Subject: [PATCH] Changed log directory for bind9 It is now /var/log/named, this is what debian 10 and apparmor expect by default. This fixes the bind9 service crashing at start. --- CHANGELOG.md | 2 ++ bind/defaults/main.yml | 5 +++-- bind/files/chroot-bind.sh | 8 ++++---- bind/tasks/main.yml | 13 +++++++++++-- 4 files changed, 20 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 892a54c1..4261cab3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,9 +31,11 @@ The **patch** part changes incrementally at each release. * minifirewall: change some defaults * nagios-nrpe: update check_phpfpm_status.pl & install perl dependencies * redis: use /run instead or /var/run +* bind9: moved logs from /var/log/bind* to /var/log/named/* to fix problems with apparmor ### Fixed + ### Removed * nginx: no more "minimal" mode, but the package remains customizable. diff --git a/bind/defaults/main.yml b/bind/defaults/main.yml index 99b33e13..5a63b82b 100644 --- a/bind/defaults/main.yml +++ b/bind/defaults/main.yml @@ -6,6 +6,7 @@ bind_chroot_set: True #bind_chroot_path: /var/chroot-bind bind_systemd_service_path: /etc/systemd/system/bind9.service bind_statistics_file: /var/run/named.stats -bind_log_file: /var/log/bind.log -bind_query_file: /var/log/bind_queries.log +bind_log_folder: /var/log/named +bind_log_file: "{{ bind_log_folder }}/bind.log" +bind_query_file: "{{ bind_log_folder }}/bind_queries.log" bind_cache_dir: /var/cache/bind diff --git a/bind/files/chroot-bind.sh b/bind/files/chroot-bind.sh index 08c665e8..c2059cd0 100644 --- a/bind/files/chroot-bind.sh +++ b/bind/files/chroot-bind.sh @@ -22,7 +22,7 @@ mkdir -p /var/chroot-bind mkdir -p /var/chroot-bind/bin /var/chroot-bind/dev /var/chroot-bind/etc \ /var/chroot-bind/lib /var/chroot-bind/usr/lib \ /var/chroot-bind/usr/sbin /var/chroot-bind/var/cache/bind \ - /var/chroot-bind/var/log /var/chroot-bind/var/run/named/ \ + /var/chroot-bind/var/log/named /var/chroot-bind/var/run/named/ \ /var/chroot-bind/run/named/ # for conf @@ -32,9 +32,9 @@ if [ ! -h "/etc/bind" ]; then fi # for logs -touch /var/chroot-bind/var/log/bind.log -if [ ! -h "/var/log/bind.log" ]; then - ln -s /var/chroot-bind/var/log/bind.log /var/log/bind.log +touch /var/chroot-bind/var/log/named/bind.log +if [ ! -h "/var/log/named/bind.log" ]; then + ln -s /var/chroot-bind/var/log/named/bind.log /var/log/named/bind.log fi # for pid diff --git a/bind/tasks/main.yml b/bind/tasks/main.yml index 3ae02f24..0e0f9162 100644 --- a/bind/tasks/main.yml +++ b/bind/tasks/main.yml @@ -1,8 +1,8 @@ # Until chroot-bind.sh is migrated to ansible, we hardcode the chroot paths. - name: set chroot variables set_fact: - bind_log_file: /var/log/bind.log - bind_query_file: /var/log/bind_queries.log + bind_log_file: /var/log/named/bind.log + bind_query_file: /var/log/named/bind_queries.log bind_cache_dir: /var/cache/bind bind_statistics_file: /var/run/named.stats bind_chroot_path: /var/chroot-bind @@ -58,6 +58,15 @@ - restart bind when: ansible_distribution_release == "jessie" +- name: "create {{ bind_log_folder }} if non chroot" + file: + path: "{{ bind_log_folder }}" + owner: bind + group: adm + mode: "0750" + state: directory + when: not bind_chroot_set + - name: "touch {{ bind_log_file }} if non chroot" file: path: "{{ bind_log_file }}"