[Bug 1908065] Re: Invalid SYSLOG_PID for (systemd) journal messages

Valters Jansons 1908065 at bugs.launchpad.net
Wed Feb 17 09:31:14 UTC 2021 

Performing verification on Groovy (20.10)

The case for Groovy was removal of multiple square brackets from syslog
output. rsyslog was working with identifiers output such as
`be[DOMAIN.COM][1234]:` which is expected to be seen as `sssd_be[1234]:`
following the change.

 # # Install current SSSD from groovy-updates (2.3.1-3ubuntu3)

 # apt install -y sssd/groovy-updates
 # apt policy sssd
sssd:
  Installed: 2.3.1-3ubuntu3
  Candidate: 2.3.1-3ubuntu3
  Version table:
     2.3.1-3ubuntu4 400
        400 http://archive.ubuntu.com/ubuntu groovy-proposed/main amd64 Packages
 *** 2.3.1-3ubuntu3 500
        500 http://mirrors.digitalocean.com/ubuntu groovy-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     2.3.1-3 500
        500 http://mirrors.digitalocean.com/ubuntu groovy/main amd64 Packages

 # # Set up minimal SSSD.conf

 # cat << EOF > /etc/sssd/sssd.conf
[sssd]
  config_file_version = 2
  domains = EXAMPLE.COM
  services =

[nss]

[pam]

[sudo]

[domain/EXAMPLE.COM]
  id_provider = files
  access_provider = permit
EOF

 # chmod 600 /etc/sssd/sssd.conf

 # systemctl restart sssd.service

 # # Check SSSD logging output

 # journalctl -o verbose -u sssd.service 'MESSAGE=Starting up' | grep SYSLOG_IDENTIFIER=
    SYSLOG_IDENTIFIER=sssd
    SYSLOG_IDENTIFIER=be[EXAMPLE.COM]

 # journalctl -u sssd.service 'MESSAGE=Starting up'
-- Logs begin at Wed 2021-02-17 09:11:49 UTC, end at Wed 2021-02-17 09:17:01 UTC. --
Feb 17 09:12:23 groovy-sssd-test sssd[612]: Starting up
Feb 17 09:12:23 groovy-sssd-test be[EXAMPLE.COM][646]: Starting up

 # grep -E '(sssd|be)\[' /var/log/syslog
Feb 17 09:12:23 groovy-sssd-test sssd[612]: Starting up
Feb 17 09:12:23 groovy-sssd-test be[EXAMPLE.COM][646]: Starting up

 # # Clean up local log output to see only future logs for verification

 # journalctl --rotate && journalctl --vacuum-time=1
 # echo -n '' > /var/log/syslog

 # # In-place upgrade to SSSD from groovy-proposed (2.3.1-3ubuntu4)

 # apt install -y sssd/groovy-proposed
 # apt policy sssd
sssd:
  Installed: 2.3.1-3ubuntu4
  Candidate: 2.3.1-3ubuntu4
  Version table:
 *** 2.3.1-3ubuntu4 400
        400 http://archive.ubuntu.com/ubuntu groovy-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     2.3.1-3ubuntu3 500
        500 http://mirrors.digitalocean.com/ubuntu groovy-updates/main amd64 Packages
     2.3.1-3 500
        500 http://mirrors.digitalocean.com/ubuntu groovy/main amd64 Packages

 # # Check SSSD logging output

 # journalctl -o verbose -u sssd.service 'MESSAGE=Starting up' | grep SYSLOG_IDENTIFIER=
    SYSLOG_IDENTIFIER=sssd
    SYSLOG_IDENTIFIER=sssd_be

 # journalctl -u sssd.service 'MESSAGE=Starting up'
-- Logs begin at Wed 2021-02-17 09:21:39 UTC, end at Wed 2021-02-17 09:22:24 UTC. --
Feb 17 09:22:22 groovy-sssd-test sssd[1340]: Starting up
Feb 17 09:22:22 groovy-sssd-test sssd_be[1341]: Starting up

 # grep -E '(sssd|be)\[' /var/log/syslog
Feb 17 09:22:22 groovy-sssd-test sssd[1340]: Starting up
Feb 17 09:22:22 groovy-sssd-test sssd_be[1341]: Starting up

This verifies the groovy-proposed package fixes the
SYSLOG_IDENTIFIER/rsyslog format bug.

** Tags removed: verification-needed verification-needed-groovy
** Tags added: verification-done verification-done-groovy

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1908065

Title:
  Invalid SYSLOG_PID for (systemd) journal messages

Status in sssd package in Ubuntu:
  Triaged
Status in sssd source package in Bionic:
  Won't Fix
Status in sssd source package in Focal:
  New
Status in sssd source package in Groovy:
  Fix Committed
Status in sssd source package in Hirsute:
  Triaged

Bug description:
  [Impact]

   * On Ubuntu (Focal) 20.04, SSSD 2.2.3-3, logs in journald have invalid
     (non-numeric) SYSLOG_PID. Any tooling collecting SYSLOG_PID further, or
     attempting to work with syslog directly, fail to parse the PID as number.

   * systemd does not validate, and simply expects SYSLOG_PID as numeric
     integers formatted as decimal strings: https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html#SYSLOG_FACILITY=

   * Fixed upstream by https://github.com/SSSD/sssd/commit/00e7b1ada3d1c1071eac79b65c17cd2701c2ae6a
     and https://github.com/SSSD/sssd/commit/18233532b72e62452eac6886652fa633ba055d8c
     and https://github.com/SSSD/sssd/commit/01cc2674959ec249702465621f57259fc779650b

  [Test Case]

   * Deploy fresh 20.04 image, and update:
     apt update && apt dist-upgrade

   * apt -qqy install sssd

   * cat << EOF > /etc/sssd/sssd.conf
  [sssd]
    config_file_version = 2
    domains = EXAMPLE.COM
    services =

  [nss]

  [pam]

  [sudo]

  [domain/EXAMPLE.COM]
    id_provider = files
    access_provider = permit
  EOF

   * chmod 600 /etc/sssd/sssd.conf

   * systemctl restart sssd.service

   * journalctl -o verbose -u sssd-sudo.service | grep SYSLOG_PID=
     SYSLOG_PID=sudo

   * journalctl -u sssd.service # Produces malformed example lines:
     Dec 07 14:10:00 servername sssd[be[1234]: Starting up

   * grep sssd /var/log/syslog # Displays non-numeric PIDs:
     Dec  7 08:00:00 servername sssd[be[EXAMPLE.COM]]: Starting up
     Dec  7 08:00:00 servername sssd[nss]: Starting up
     Dec  7 08:00:00 servername sssd[sudo]: Starting up
     Dec  7 08:00:00 servername sssd[pam]: Starting up

  [Where problems could occur]

   * Someone might depend on the malformed output already, and have tooling in
     place to transform it manually.

   * Changes to log messages can cause lines to get picked up by things like
     logwatch that weren't before.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1908065/+subscriptions

More information about the Ubuntu-sponsors mailing list