[Bug 1821582] Re: Don't rely on SysV init script in logrotate config

Eric Desrochers eric.desrochers at canonical.com
Mon Mar 25 16:07:14 UTC 2019 

** Description changed:

  [IMPACT]
  
  Xenial uses systemd as default now, debian salsa 4a49edf26d405726041bee12a42d6f064145c87e, introduce a shell script,
  taking advantage of systemctl directly if systemd is active by still keeping Sysv init script as fallback only.
  
  While there is no 'real' impact, I think it make total sense for a
- systemd Xenial system, to use the systemctl approach for logrotation
+ systemd Xenial system, to use the systemctl approach for log rotation
+ 
+ It has been brought to my attention by a Ubuntu user that:
+ 
+ "Xenial logrotate is not able to perform full log rotation on a LXC
+ container without the 'sys_ptrace' capability[1] using the Sysv
+ approach, invoke-rc.d just fails"
+ 
+ I have created a test pkg for this user, and the same user was able to
+ conclude that it was working as expected with the systemd approach
+ (systemctl) when sys_ptrace is disable inside the container.
+ 
+ [1] - lxc config set <CONTAINER_NAME> raw.lxc lxc.cap.drop=sys_ptrace
  
  [TEST CASE]
  
  ==============================================
  [1] - On a Xenial active systemd system:
  ==============================================
  Determine the script pick the right decision (systemd approach).
  # bash -vx /usr/lib/rsyslog/rsyslog-rotate
  
  Run logrotate which contains 'include /etc/logrotate.d', thus will use the rsyslog log rotation information, now using '/usr/lib/rsyslog/rsyslog-rotate' helper.
  # logrotate -vdf /etc/logrotate.conf
  
  Check if logs rotation happened in /var/log.
  # ls -altr /var/log
  
  ==============================================
  [2] - On a Xenial active upstart system:
  ==============================================
  Determine the script pick the right decision (non-systemd approach).
  # bash -vx /usr/lib/rsyslog/rsyslog-rotate
  
  Run logrotate which contains 'include /etc/logrotate.d', thus will use the rsyslog log rotation information, now using '/usr/lib/rsyslog/rsyslog-rotate' helper.
  # logrotate -vdf /etc/logrotate.conf
  
  Check if logs rotation happened in /var/log.
  # ls -altr /var/log
  
  [POTENTIAL REGRESSION
  
  * None, this commit introduced a new shell script (rsyslog-rotate) which
  uses systemctl directly if systemd is active (default in Xenial) but
  keeps the original Sysv init script as fallback only. Meaning no
  behaviour change for users who decided not to use systemd on their
  Xenial system.
  
  * I don't see any reported bug about this new helper for Bionic/Cosmic
  which has it since their released.
  
  /usr/lib/rsyslog/rsyslog-rotate:
  
  1) Check if existence of systemd, if yes:
     systemctl kill -s HUP rsyslog.service
  
  2) Check if existence of systemd, if no:
     invoke-rc.d rsyslog rotate > /dev/null
  
  [OTHER INFO]
  
  * Salsa rsyslog repository:
  https://salsa.debian.org/debian/rsyslog/commit/4a49edf26d405726041bee12a42d6f064145c87e
  
  * First introduced:
  git describe --contains 4a49edf26d405726041bee12a42d6f064145c87e
  debian/8.27.0-4~1
  
  * rmadison:
  =>   rsyslog | 8.16.0-1ubuntu3  | xenial
      rsyslog | 8.32.0-1ubuntu4  | bionic
      rsyslog | 8.32.0-1ubuntu5  | cosmic
      rsyslog | 8.32.0-1ubuntu7  | disco

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1821582

Title:
  Don't rely on SysV init script in logrotate config

Status in rsyslog package in Ubuntu:
  Fix Released
Status in rsyslog source package in Xenial:
  Fix Committed

Bug description:
  [IMPACT]

  Xenial uses systemd as default now, debian salsa 4a49edf26d405726041bee12a42d6f064145c87e, introduce a shell script,
  taking advantage of systemctl directly if systemd is active by still keeping Sysv init script as fallback only.

  While there is no 'real' impact, I think it make total sense for a
  systemd Xenial system, to use the systemctl approach for log rotation

  It has been brought to my attention by a Ubuntu user that:

  "Xenial logrotate is not able to perform full log rotation on a LXC
  container without the 'sys_ptrace' capability[1] using the Sysv
  approach, invoke-rc.d just fails"

  I have created a test pkg for this user, and the same user was able to
  conclude that it was working as expected with the systemd approach
  (systemctl) when sys_ptrace is disable inside the container.

  [1] - lxc config set <CONTAINER_NAME> raw.lxc lxc.cap.drop=sys_ptrace

  [TEST CASE]

  ==============================================
  [1] - On a Xenial active systemd system:
  ==============================================
  Determine the script pick the right decision (systemd approach).
  # bash -vx /usr/lib/rsyslog/rsyslog-rotate

  Run logrotate which contains 'include /etc/logrotate.d', thus will use the rsyslog log rotation information, now using '/usr/lib/rsyslog/rsyslog-rotate' helper.
  # logrotate -vdf /etc/logrotate.conf

  Check if logs rotation happened in /var/log.
  # ls -altr /var/log

  ==============================================
  [2] - On a Xenial active upstart system:
  ==============================================
  Determine the script pick the right decision (non-systemd approach).
  # bash -vx /usr/lib/rsyslog/rsyslog-rotate

  Run logrotate which contains 'include /etc/logrotate.d', thus will use the rsyslog log rotation information, now using '/usr/lib/rsyslog/rsyslog-rotate' helper.
  # logrotate -vdf /etc/logrotate.conf

  Check if logs rotation happened in /var/log.
  # ls -altr /var/log

  [POTENTIAL REGRESSION

  * None, this commit introduced a new shell script (rsyslog-rotate)
  which uses systemctl directly if systemd is active (default in Xenial)
  but keeps the original Sysv init script as fallback only. Meaning no
  behaviour change for users who decided not to use systemd on their
  Xenial system.

  * I don't see any reported bug about this new helper for Bionic/Cosmic
  which has it since their released.

  /usr/lib/rsyslog/rsyslog-rotate:

  1) Check if existence of systemd, if yes:
     systemctl kill -s HUP rsyslog.service

  2) Check if existence of systemd, if no:
     invoke-rc.d rsyslog rotate > /dev/null

  [OTHER INFO]

  * Salsa rsyslog repository:
  https://salsa.debian.org/debian/rsyslog/commit/4a49edf26d405726041bee12a42d6f064145c87e

  * First introduced:
  git describe --contains 4a49edf26d405726041bee12a42d6f064145c87e
  debian/8.27.0-4~1

  * rmadison:
  =>   rsyslog | 8.16.0-1ubuntu3  | xenial
      rsyslog | 8.32.0-1ubuntu4  | bionic
      rsyslog | 8.32.0-1ubuntu5  | cosmic
      rsyslog | 8.32.0-1ubuntu7  | disco

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1821582/+subscriptions

More information about the foundations-bugs mailing list