Don't rely on SysV init script in logrotate config

Bug #1821582 reported by Eric Desrochers on 2019-03-25
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
rsyslog (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Eric Desrochers

Bug Description

[IMPACT]

Xenial uses systemd as default now, debian salsa 4a49edf26d405726041bee12a42d6f064145c87e, introduce a shell script,
taking advantage of systemctl directly if systemd is active by still keeping Sysv init script as fallback only.

While there is no 'real' impact, I think it make total sense for a systemd Xenial system, to use the systemctl approach for log rotation

It has been brought to my attention by a Ubuntu user that:

"Xenial logrotate is not able to perform full log rotation on a LXC container without the 'sys_ptrace' capability[1] using the Sysv approach, invoke-rc.d just fails"

I have created a test pkg for this user, and the same user was able to conclude that it was working as expected with the systemd approach (systemctl) when sys_ptrace is disable inside the container.

[1] - lxc config set <CONTAINER_NAME> raw.lxc lxc.cap.drop=sys_ptrace

[TEST CASE]

==============================================
[1] - On a Xenial active systemd system:
==============================================
Determine the script pick the right decision (systemd approach).
# bash -vx /usr/lib/rsyslog/rsyslog-rotate

Run logrotate which contains 'include /etc/logrotate.d', thus will use the rsyslog log rotation information, now using '/usr/lib/rsyslog/rsyslog-rotate' helper.
# logrotate -vdf /etc/logrotate.conf

Check if logs rotation happened in /var/log.
# ls -altr /var/log

==============================================
[2] - On a Xenial active upstart system:
==============================================
Determine the script pick the right decision (non-systemd approach).
# bash -vx /usr/lib/rsyslog/rsyslog-rotate

Run logrotate which contains 'include /etc/logrotate.d', thus will use the rsyslog log rotation information, now using '/usr/lib/rsyslog/rsyslog-rotate' helper.
# logrotate -vdf /etc/logrotate.conf

Check if logs rotation happened in /var/log.
# ls -altr /var/log

[POTENTIAL REGRESSION

* None, this commit introduced a new shell script (rsyslog-rotate) which uses systemctl directly if systemd is active (default in Xenial) but keeps the original Sysv init script as fallback only. Meaning no behaviour change for users who decided not to use systemd on their Xenial system.

* I don't see any reported bug about this new helper for Bionic/Cosmic which has it since their released.

/usr/lib/rsyslog/rsyslog-rotate:

1) Check if existence of systemd, if yes:
   systemctl kill -s HUP rsyslog.service

2) Check if existence of systemd, if no:
   invoke-rc.d rsyslog rotate > /dev/null

[OTHER INFO]

* Salsa rsyslog repository:
https://salsa.debian.org/debian/rsyslog/commit/4a49edf26d405726041bee12a42d6f064145c87e

* First introduced:
git describe --contains 4a49edf26d405726041bee12a42d6f064145c87e
debian/8.27.0-4~1

* rmadison:
=> rsyslog | 8.16.0-1ubuntu3 | xenial
    rsyslog | 8.32.0-1ubuntu4 | bionic
    rsyslog | 8.32.0-1ubuntu5 | cosmic
    rsyslog | 8.32.0-1ubuntu7 | disco

Eric Desrochers (slashd) on 2019-03-25
Changed in rsyslog (Ubuntu):
status: New → Fix Released
tags: added: sts
Changed in rsyslog (Ubuntu Xenial):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Eric Desrochers (slashd)
Eric Desrochers (slashd) wrote :

Uploaded into xenial upload queue. Now waiting for SRU verificaition team to approve the upload for rsyslog to start building into xenial-proposed for the testing phase.

Eric Desrochers (slashd) on 2019-03-25
description: updated
description: updated

Hello Eric, or anyone else affected,

Accepted rsyslog into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/rsyslog/8.16.0-1ubuntu3.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in rsyslog (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-xenial
Eric Desrochers (slashd) on 2019-03-25
description: updated
Eric Desrochers (slashd) on 2019-03-25
description: updated
description: updated
Eric Desrochers (slashd) on 2019-03-25
description: updated
Eric Desrochers (slashd) wrote :

[VERIFICATION XENIAL #1]

It has been brought to my attention the following by a Ubuntu user:
"My team confirms that the package which is in -proposed solves our issue."

This user was having issue doing rsyslog logrotation inside a container which has SYS_PTRACE turned off. Using the systemctl approach fixed their problem.

[VERIFICATION XENIAL #2]

* On a systemd machine:
 $ bash -xv /usr/lib/rsyslog/rsyslog-rotate
#!/bin/sh

if [ -d /run/systemd/system ]; then
    systemctl kill -s HUP rsyslog.service
else
    invoke-rc.d rsyslog rotate > /dev/null
fi
+ '[' -d /run/systemd/system ']'
+ systemctl kill -s HUP rsyslog.service

* /etc/logrotate.d/rsyslog remains exactly the same minus the fact that it now calls this 'rsyslog-rotate' helper to take action depending of systemd or upstart.

* rsyslog rotation works as expected.

This was all tested with rsyslog version: 8.16.0-1ubuntu3.1

Eric Desrochers (slashd) wrote :

[VERIFICATION XENIAL #3]

$ logrotate -vdf /etc/logrotate.conf: works as expected

...
renaming /var/log/syslog.7.gz to /var/log/syslog.8.gz (rotatecount 7, logstart 1, i 7),
renaming /var/log/syslog.6.gz to /var/log/syslog.7.gz (rotatecount 7, logstart 1, i 6),
renaming /var/log/syslog.5.gz to /var/log/syslog.6.gz (rotatecount 7, logstart 1, i 5),
renaming /var/log/syslog.4.gz to /var/log/syslog.5.gz (rotatecount 7, logstart 1, i 4),
renaming /var/log/syslog.3.gz to /var/log/syslog.4.gz (rotatecount 7, logstart 1, i 3),
renaming /var/log/syslog.2.gz to /var/log/syslog.3.gz (rotatecount 7, logstart 1, i 2),
renaming /var/log/syslog.1.gz to /var/log/syslog.2.gz (rotatecount 7, logstart 1, i 1),
renaming /var/log/syslog.0.gz to /var/log/syslog.1.gz (rotatecount 7, logstart 1, i 0),
renaming /var/log/syslog to /var/log/syslog.1
creating new /var/log/syslog mode = 0640 uid = 104 gid = 4
running postrotate script
running script with arg /var/log/syslog: "
  /usr/lib/rsyslog/rsyslog-rotate
"
removing old log /var/log/syslog.8.gz
error: error opening /var/log/syslog.8.gz: No such file or directory
switching euid to 0 and egid to 0

tags: added: verification-done-xenial
removed: verification-needed-xenial
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package rsyslog - 8.16.0-1ubuntu3.1

---------------
rsyslog (8.16.0-1ubuntu3.1) xenial; urgency=medium

  * Add d/rsyslog-rotate
  * Modify d/rsyslog.install & d/rsyslog.logrotate
    Don't rely on SysV init script in logrotate config

    Add a small helper to send SIGHUP to rsyslogd to close open log files.
    Use systemctl directly if systemd is the active PID 1. Keep the SysV
    init script as fallback only. (LP: #1821582)

 -- Eric Desrochers <email address hidden> Tue, 19 Mar 2019 22:09:50 -0400

Changed in rsyslog (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for rsyslog has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers