[Bug 1821582] Re: Don't rely on SysV init script in logrotate config

Eric Desrochers eric.desrochers at canonical.com
Thu Mar 28 12:16:38 UTC 2019 

[VERIFICATION XENIAL #1]

It has been brought to my attention the following by a Ubuntu user:
"My team confirms that the package which is in -proposed solves our issue."

This user was having issue doing rsyslog logrotation inside a container
which has SYS_PTRACE turned off. Using the systemctl approach fixed
their problem.

[VERIFICATION XENIAL #2]

* On a systemd machine:
 $ bash -xv /usr/lib/rsyslog/rsyslog-rotate 
#!/bin/sh

if [ -d /run/systemd/system ]; then
    systemctl kill -s HUP rsyslog.service
else
    invoke-rc.d rsyslog rotate > /dev/null
fi
+ '[' -d /run/systemd/system ']'
+ systemctl kill -s HUP rsyslog.service

* /etc/logrotate.d/rsyslog remains exactly the same minus the fact that
it now calls this 'rsyslog-rotate' helper to take action depending of
systemd or upstart.

* rsyslog rotation works as expected.

This was all tested with rsyslog version: 8.16.0-1ubuntu3.1

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1821582

Title:
  Don't rely on SysV init script in logrotate config

Status in rsyslog package in Ubuntu:
  Fix Released
Status in rsyslog source package in Xenial:
  Fix Committed

Bug description:
  [IMPACT]

  Xenial uses systemd as default now, debian salsa 4a49edf26d405726041bee12a42d6f064145c87e, introduce a shell script,
  taking advantage of systemctl directly if systemd is active by still keeping Sysv init script as fallback only.

  While there is no 'real' impact, I think it make total sense for a
  systemd Xenial system, to use the systemctl approach for log rotation

  It has been brought to my attention by a Ubuntu user that:

  "Xenial logrotate is not able to perform full log rotation on a LXC
  container without the 'sys_ptrace' capability[1] using the Sysv
  approach, invoke-rc.d just fails"

  I have created a test pkg for this user, and the same user was able to
  conclude that it was working as expected with the systemd approach
  (systemctl) when sys_ptrace is disable inside the container.

  [1] - lxc config set <CONTAINER_NAME> raw.lxc lxc.cap.drop=sys_ptrace

  [TEST CASE]

  ==============================================
  [1] - On a Xenial active systemd system:
  ==============================================
  Determine the script pick the right decision (systemd approach).
  # bash -vx /usr/lib/rsyslog/rsyslog-rotate

  Run logrotate which contains 'include /etc/logrotate.d', thus will use the rsyslog log rotation information, now using '/usr/lib/rsyslog/rsyslog-rotate' helper.
  # logrotate -vdf /etc/logrotate.conf

  Check if logs rotation happened in /var/log.
  # ls -altr /var/log

  ==============================================
  [2] - On a Xenial active upstart system:
  ==============================================
  Determine the script pick the right decision (non-systemd approach).
  # bash -vx /usr/lib/rsyslog/rsyslog-rotate

  Run logrotate which contains 'include /etc/logrotate.d', thus will use the rsyslog log rotation information, now using '/usr/lib/rsyslog/rsyslog-rotate' helper.
  # logrotate -vdf /etc/logrotate.conf

  Check if logs rotation happened in /var/log.
  # ls -altr /var/log

  [POTENTIAL REGRESSION

  * None, this commit introduced a new shell script (rsyslog-rotate)
  which uses systemctl directly if systemd is active (default in Xenial)
  but keeps the original Sysv init script as fallback only. Meaning no
  behaviour change for users who decided not to use systemd on their
  Xenial system.

  * I don't see any reported bug about this new helper for Bionic/Cosmic
  which has it since their released.

  /usr/lib/rsyslog/rsyslog-rotate:

  1) Check if existence of systemd, if yes:
     systemctl kill -s HUP rsyslog.service

  2) Check if existence of systemd, if no:
     invoke-rc.d rsyslog rotate > /dev/null

  [OTHER INFO]

  * Salsa rsyslog repository:
  https://salsa.debian.org/debian/rsyslog/commit/4a49edf26d405726041bee12a42d6f064145c87e

  * First introduced:
  git describe --contains 4a49edf26d405726041bee12a42d6f064145c87e
  debian/8.27.0-4~1

  * rmadison:
  =>   rsyslog | 8.16.0-1ubuntu3  | xenial
      rsyslog | 8.32.0-1ubuntu4  | bionic
      rsyslog | 8.32.0-1ubuntu5  | cosmic
      rsyslog | 8.32.0-1ubuntu7  | disco

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1821582/+subscriptions

More information about the foundations-bugs mailing list