evolix
/
ansible-roles
22
2
Fork 2
Code Issues 61 Pull Requests 18 Releases 32 Wiki Activity

Don't modify logrotate default config file #145

New Issue
Open
opened 2022-01-31 11:27:29 +01:00 by bwaegeneire · 0 comments
bwaegeneire commented 2022-01-31 11:27:29 +01:00
Owner
Copy Link

The tasks in evolinux-base/tasks/logs.yml modify /etc/logrotate.conf which is owned by the logrotate package, so when the package change it's default configuration we don't get the new default configuration. And worse, not having the default config stop the logroate service as some directive may be out of sync with other configuration files in /etc/logrotate.d.

For exemple, previously /etc/logroate.conf contained the following snnipet:

/var/log/wtmp {
    missingok
    monthly
    create 0664 root utmp
    rotate 12
}

Snippet which was later moved to /etc/logrotate.d/wtmp and removed from /etc/logroate.conf. In our cas the part removing it from /etc/logroate.conf wasn't applied since we customized this file, so we end up with a duplicated snippet present in both /etc/logrotate.conf and /etc/logrotate.d/wtmp which blocked logrotate from running because of the duplcate entry for /var/log/wtmp.

To fix that I suggest we put our default global configuration (such as rotate 12) in a sperate file like zz-evolix-defaults or aa-evolix-defaults. ATM it's not clear to me the order in which lograte directive are interpreted¹ as we want to set default global configuration options which apply to every other local confiugration.

¹ https://www.mankier.com/8/logrotate#Configuration_File

The tasks in `evolinux-base/tasks/logs.yml` modify `/etc/logrotate.conf` which is owned by the `logrotate` package, so when the package change it's default configuration we don't get the new default configuration. And worse, not having the default config stop the logroate service as some directive may be out of sync with other configuration files in `/etc/logrotate.d`. For exemple, previously `/etc/logroate.conf` contained the following snnipet: ``` conf /var/log/wtmp { missingok monthly create 0664 root utmp rotate 12 } ``` Snippet which was later moved to `/etc/logrotate.d/wtmp` and removed from `/etc/logroate.conf`. In our cas the part removing it from `/etc/logroate.conf` wasn't applied since we customized this file, so we end up with a duplicated snippet present in both `/etc/logrotate.conf` and `/etc/logrotate.d/wtmp` which blocked logrotate from running because of the duplcate entry for `/var/log/wtmp`. To fix that I suggest we put our default global configuration (such as `rotate 12`) in a sperate file like `zz-evolix-defaults` or `aa-evolix-defaults`. ATM it's not clear to me the order in which lograte directive are interpreted¹ as we want to set default global configuration options which apply to every other local confiugration. ¹ https://www.mankier.com/8/logrotate#Configuration_File
bwaegeneire added this to the Debian 12 (Bookworm) milestone 2022-01-31 11:30:37 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
stable
unstable
patroni
etcd
jitsimeet
monitoringctl
bind
peertube
wip_10691
multi-php-v2
etherpad
gitea
add-drbd-firewall-rule
backports_preferences
migrate-vm-error-handling
evofs
goto-postfix-role
lxc-php82
timesyncd
noopensshinlxc
ssh-split
rsyslog-remote
emorino/patroni-etcd
jitsimeet_docker
hedgedoc
privatebin
mattermost
p10166-mastodon
replace_include
when-not-check
fix_lxc_php56_debian10
debian12
boost-proxy
debian12-keyring
evodomains
vrrp-addresses
lxc_etc-git
lxc_etc-commit
evoacme-v2
sshd_modular_config
exclusion_images_evobackup
rotate_elasticsearch_logs
evobackup_tags_redux
log2mail-beats
T47076
kvm-guest
lpoujol/fpm-php
lxc-php-buster
simplify-evolinux-users
openvpn
newkernel
etc-git-status-script
ubuntu
nagios-sudoers
configurable-swapiness
alert5-minifirewall-restart
fail2ban_ips_tag
audit-ftpadmin
projet6062
whitelisting-changes
uvrrpd
packweb-apache-lxc
backup/jlecour/ssh-groups
nextcloud
backup/jlecour/nextcloud
evoadmin-mail
haproxy_munin
evolinux-users
ansible-log
ansible-managed
apache-fix-default-vhost
ipsec
courier
spamassassin
samba
munin-openbsd
24.03
24.02.1
24.02
23.10
23.04
23.03.1
23.03
22.12
22.09
22.07.1
22.07
22.06.3
22.06.2
22.06.1
22.06
22.05.1
22.05
22.03
22.01.3
22.01.2
22.01.1
22.01
10.6.0
10.5.1
10.5.0
10.4.0
10.3.0
10.2.0
10.1.0
10.0.0
9.10.1
9.10.0
9.9.0
9.8.0
9.7.0
9.6.0
9.5.0
9.4.2
9.4.1
9.4.0
9.3.2
9.3.1
9.3.0
9.2.0
9.1.9
9.1.8
9.1.7
9.1.6
9.1.5
9.1.4
9.1.3
9.1.2
9.1.1
9.1.0
9.0.1
9.0.0
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
security

Concern a security issue

  
wontfix

This won't be fixed

No Label
bug
duplicate
enhancement
help wanted
invalid
question
security
wontfix
Milestone
Clear milestone
No items
No Milestone
Debian 12 (Bookworm)
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: evolix/ansible-roles#145
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?