syslog logging does not work
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
frr (Ubuntu) |
Fix Released
|
High
|
Andreas Hasenack | ||
Focal |
Fix Released
|
Medium
|
Andreas Hasenack | ||
Impish |
Won't Fix
|
Medium
|
Unassigned | ||
Jammy |
Fix Released
|
High
|
Andreas Hasenack | ||
Kinetic |
Fix Released
|
High
|
Andreas Hasenack |
Bug Description
[Impact]
frr is configured out of the box to use rsyslog logging into a /var/log/
In Debian this works because rsyslog there runs as root.
[Test Plan]
For each $RELEASE under testing, launch a container:
lxc launch ubuntu:$RELEASE $RELEASE-
1) upgrade test
Then shell into it, and install frr:
lxc shell $RELEASE-
apt update; apt install frr -y
Notice /var/log/frr is empty even after a restart, and that the frr directory is owned by frr:frr:
root@focal-
root@focal-
total 0
drwxr-x--- 1 frr frr 0 Jan 20 2020 .
drwxrwxr-x 1 root syslog 274 Jul 20 14:08 ..
And /var/log/syslog should have this error:
root@focal-
Jul 20 14:09:23 focal-frr-logging rsyslogd: file '/var/log/
Now install the package from proposed, and:
a) /var/log/frr ownership is changed to syslog:adm
root@focal-
drwxr-x--- 1 syslog adm 0 Jan 20 2020 /var/log/frr
b) after restarting frr, the log file is created as syslog:adm:
root@focal-
total 4
drwxr-x--- 1 syslog adm 14 Jul 20 14:12 .
drwxrwxr-x 1 root syslog 274 Jul 20 14:08 ..
-rw-r----- 1 syslog adm 1175 Jul 20 14:12 frr.log
c) logrotate maintains these permissions:
root@focal-
total 4
drwxr-x--- 1 syslog adm 14 Jul 20 14:12 .
drwxrwxr-x 1 root syslog 274 Jul 20 14:08 ..
-rw-r----- 1 syslog adm 1175 Jul 20 14:12 frr.log
root@focal-
root@focal-
total 4
drwxr-x--- 1 syslog adm 38 Jul 20 14:12 .
drwxrwxr-x 1 root syslog 354 Jul 20 14:12 ..
-rw-r----- 1 syslog adm 0 Jul 20 14:12 frr.log
-rw-r----- 1 syslog adm 406 Jul 20 14:12 frr.log.1.gz
2) Fresh install test
In the container, install the frr package from proposed directly. The ownership of /var/log/frr should be correct from the start (syslog:adm):
root@focal-
drwxr-x--- 1 syslog adm 0 Jul 19 20:40 /var/log/frr
And upon restarting frr, the frr.log file should appear:
root@focal-
root@focal-
total 4
drwxr-x--- 1 syslog adm 14 Jul 20 14:30 .
drwxrwxr-x 1 root syslog 326 Jul 20 14:28 ..
-rw-r----- 1 syslog adm 1175 Jul 20 14:30 frr.log
Finally, logrotate should also work and preserve the ownership:
root@focal-
root@focal-
total 4
drwxr-x--- 1 syslog adm 38 Jul 20 14:30 .
drwxrwxr-x 1 root syslog 462 Jul 20 14:30 ..
-rw-r----- 1 syslog adm 0 Jul 20 14:30 frr.log
-rw-r----- 1 syslog adm 409 Jul 20 14:30 frr.log.1.gz
[Where problems could occur]
Some users might have fixed this problem on their systems manually, either following the same approach here, or doing something else. An important part of the fix from this SRU is in the frr.postinst maintainer script, which is something administrators cannot easily override. Therefore it's possible that this update might break such existing setups where users fixed the problem themselves.
It's also possible that users elected to switch to frr direct logging, bypassing rsyslog. In such case, since /var/log/frr is now owned by syslog:adm instead of frr:frr, the frr daemon won't be able to create new files in /var/log/frr anymore, nor update the existing /var/log/
In general:
a) users who have broken logging (potentially without realizing it) will be fixed by this update, and the fix here is the intended default behavior in ubuntu as it should have been from the start
b) users who fixed their own logging in some way might have issues with this update, mainly depending if they kept using the package-provided /var/log/frr directory, which is what we are manipulating here.
Trying to cope with all possible scenarios can quickly become complex, and introduce new bugs on its own.
I *could* perhaps gate on "log syslog" being in /etc/frr/frr.conf, and do nothing if it's not there, but it can be a slippery slope: I fear introducing more complexity.
[Other Info]
Original MP that landed this fix in Kinetic, with some discussion:
https:/
[Original Description]
Out of the box, the frr package is set to use syslog for logging:
# cat frr.conf
# default to using syslog. /etc/rsyslog.
# /var/log/
...
log syslog informational
The packaging creates /var/log/frr owned by frr:
drwxr-x--- 2 frr frr 3 Jan 17 17:43 /var/log/frr
In Ubuntu, rsyslog runs as the unprivileged syslog user, not root (like in debian), which means it cannot write to this logging directory:
Jan 17 17:57:25 j-frr-mir rsyslogd: file '/var/log/
Related branches
- git-ubuntu bot: Approve
- Lucas Kanashiro (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 237 lines (+165/-3)4 files modifieddebian/changelog (+136/-0)
debian/control (+2/-1)
debian/frr.logrotate (+1/-1)
debian/frr.postinst (+26/-1)
- git-ubuntu bot: Approve
- Bryce Harrington (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 72 lines (+33/-2)3 files modifieddebian/changelog (+8/-0)
debian/frr.logrotate (+1/-1)
debian/frr.postinst (+24/-1)
- git-ubuntu bot: Approve
- Bryce Harrington (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 86 lines (+35/-3)4 files modifieddebian/changelog (+8/-0)
debian/control (+2/-1)
debian/frr.logrotate (+1/-1)
debian/frr.postinst (+24/-1)
- git-ubuntu bot: Approve
- Robie Basak: Approve
- Canonical Server Reporter: Pending requested
- Canonical Server Reporter: Pending requested
- Canonical Server Reporter: Pending requested
- Canonical Server: Pending requested
-
Diff: 72 lines (+33/-2)3 files modifieddebian/changelog (+8/-0)
debian/frr.logrotate (+1/-1)
debian/frr.postinst (+24/-1)
summary: |
- syslog lgoging does not work + syslog logging does not work |
tags: | added: server-todo |
Changed in frr (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in frr (Ubuntu Jammy): | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in frr (Ubuntu): | |
assignee: | nobody → Andreas Hasenack (ahasenack) |
Changed in frr (Ubuntu Jammy): | |
assignee: | nobody → Andreas Hasenack (ahasenack) |
Changed in frr (Ubuntu): | |
status: | Triaged → In Progress |
Changed in frr (Ubuntu Impish): | |
status: | New → Triaged |
Changed in frr (Ubuntu Focal): | |
status: | New → Triaged |
Changed in frr (Ubuntu Impish): | |
importance: | Undecided → Medium |
Changed in frr (Ubuntu Focal): | |
importance: | Undecided → Medium |
description: | updated |
description: | updated |
description: | updated |
And note the logrotate file sets ownership and mode to frr:frrvty 0640, respectively, which makes rsyslog again unable to write to the log.