Status: New
Owner: ----

New issue 1191 by sascha.l...@gisa.de: sample logrotate conf breaks with
=logrotate-3.8 and split-user
https://code.google.com/p/ganeti/issues/detail?id=1191

What software version are you running? Please provide the output of "gnt-
cluster --version", "gnt-cluster version", and "hspace --version".

# gnt-cluster --version
gnt-cluster (ganeti v2.13.3-464-g87146ae) 2.14.2

# gnt-cluster version
Software version: 2.14.2
Internode protocol: 2140000
Configuration format: 2140000
OS api version: 20
Export interface: 0
VCS version: (ganeti) version v2.13.3-464-g87146ae

# hspace --version
hspace (ganeti) version v2.13.3-464-g87146ae
compiled with ghc 7.8
running on linux x86_64

What distribution are you using?
# cat /etc/SuSE-release
SUSE Linux Enterprise Server 12 (x86_64)
VERSION = 12
PATCHLEVEL = 1

What steps will reproduce the problem?
1. run logrotation: logrotate -f /etc/logrotate.conf

I've upgraded from SLES11 to 12 (logrotate 3.7 -> 3.8) and noticed, that logrotate-3.8 is a bit more paranoid then 3.7:

logrotate: error: skipping "/var/log/ganeti/commands.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

When ganeti is configured with split-user (--with-user-prefix= --with-group-prefix=) the log directory has the following permissions/owner:

# ls -ald /var/log/ganeti/
drwxrwx--- 7 gnt-masterd gnt-daemons 4096 Oct 12 14:01 /var/log/ganeti/

Adding "su root gnt-daemons" to doc/examples/ganeti.logrotate solves the problem for me. I think that every distro running logrotate >=3.8 and ganeti with split-user is effected (i.e. ubuntu 16.04), but issue #631 complains about "unknown option 'su'" in ubuntu 12.04.

Thanks, Sascha.

--
You received this message because this project is configured to send all issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

Reply via email to