Status: New
Owner: ----

New issue 1191 by sample logrotate conf breaks with
=logrotate-3.8 and split-user

What software version are you running? Please provide the output of "gnt-
cluster --version", "gnt-cluster version", and "hspace --version".

# gnt-cluster --version
gnt-cluster (ganeti v2.13.3-464-g87146ae) 2.14.2

# gnt-cluster version
Software version: 2.14.2
Internode protocol: 2140000
Configuration format: 2140000
OS api version: 20
Export interface: 0
VCS version: (ganeti) version v2.13.3-464-g87146ae

# hspace --version
hspace (ganeti) version v2.13.3-464-g87146ae
compiled with ghc 7.8
running on linux x86_64

What distribution are you using?
# cat /etc/SuSE-release
SUSE Linux Enterprise Server 12 (x86_64)

What steps will reproduce the problem?
1. run logrotation: logrotate -f /etc/logrotate.conf

I've upgraded from SLES11 to 12 (logrotate 3.7 -> 3.8) and noticed, that logrotate-3.8 is a bit more paranoid then 3.7:

logrotate: error: skipping "/var/log/ganeti/commands.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

When ganeti is configured with split-user (--with-user-prefix= --with-group-prefix=) the log directory has the following permissions/owner:

# ls -ald /var/log/ganeti/
drwxrwx--- 7 gnt-masterd gnt-daemons 4096 Oct 12 14:01 /var/log/ganeti/

Adding "su root gnt-daemons" to doc/examples/ganeti.logrotate solves the problem for me. I think that every distro running logrotate >=3.8 and ganeti with split-user is effected (i.e. ubuntu 16.04), but issue #631 complains about "unknown option 'su'" in ubuntu 12.04.

Thanks, Sascha.

You received this message because this project is configured to send all issue notifications to this address.
You may adjust your notification preferences at:

Reply via email to