Merge ~ahasenack/ubuntu/+source/frr:kinetic-frr-logging-2 into ubuntu/+source/frr:ubuntu/devel
Status: | Merged | ||||
---|---|---|---|---|---|
Approved by: | git-ubuntu bot | ||||
Approved revision: | not available | ||||
Merged at revision: | fd2f2613a73114856068660b20619582bd583f8e | ||||
Proposed branch: | ~ahasenack/ubuntu/+source/frr:kinetic-frr-logging-2 | ||||
Merge into: | ubuntu/+source/frr:ubuntu/devel | ||||
Diff against target: |
72 lines (+33/-2) 3 files modified
debian/changelog (+8/-0) debian/frr.logrotate (+1/-1) debian/frr.postinst (+24/-1) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
git-ubuntu bot | Approve | ||
Robie Basak | Approve | ||
Canonical Server Reporter | Pending | ||
Canonical Server Reporter | Pending | ||
Canonical Server Reporter | Pending | ||
Canonical Server | Pending | ||
Review via email: mp+424952@code.launchpad.net |
Description of the change
This MP fixes the logging issue caused by the fact that our rsyslog runs unprivileged, whereas debian's runs as root.
PPA: https:/
There are a few ways to address this, and all may clash with local configuration changes done by the administrator. Even debian's way. What I did here was to keep the logs in the same place as originally intended.
Some background. I can think of a few reasons why daemons would log directly to /var/log/
- direct logging without syslog: if the daemon can't create files in /var/log, then it's common to create /var/log/<daemon>/ with the correct non-root privileges so the daemon can write to that subdirectory
- multiple file: instead of polluting /var/log directly with scattered files, in such cases it's also common to have a subdirectory where multiple files can be written to. This applies to both cases of using rsyslog or direct logging
frr's default setup from debian is neither: it uses rsyslog, but writes one single log file to /var/log/
Therefore, my solution is to fix the permissions of /var/log/frr and /var/log/frr/*, including in logrotate, to keep the same behavior. This adds delta to debian.
In frr.postinst, the debian maintainer is resorting to a pattern that I haven't seen before, which is to check if the log files have posix ACLs. Maybe this happened before in the package history. I kept the same behavior when adjusting /var/log/frr to our needs. One could be tempted to use a function for that procedure, since it's used twice, but I think this way the delta is a bit clearer and easier to apply to future merges.
Clashes with local administrator changes
Keeping in mind that the default configuration ships with syslog logging (/etc/frr/
- If an admin changes syslog to file, and writes to the same /var/log/frr/ place, our postinst script will change that to syslog:adm, probably preventing the frr daemon from logging. Should I detect that in postinst (syslog not being used), and then refrain from changing permissions? Sounds doable. Same check should be done in the logrotate script. The check would be something like "grep ^[[:space:]]*syslog /etc/frr/frr.conf". I just fear trying to be too smart here and making things worse in some scenario.
- If an admin changes the above in the debian case, then it would still work, as in both cases (syslog and file) the log ownership is frr:.
That's it. Let me know what you think about the extra "if there is no ^syslog in frr.conf, don't do any chowning in postinst".
I like this approach. It seems to me that if we default to using rsyslog to write logs, then the ownership of the file should be that of rsyslog, so this also seems correct. Using the same ownership as what the daemon _would_ use were it configured to take over logging directly might make it easier to make that change, but it seems sloppy to me. If we have to maintain this delta indefinitely because Ubuntu chooses to stop rsyslog running as root by default, then so be it.
I also think this makes sense as a general pattern of what to do in other packages that use rsyslog.
I'm not keen on the "make permissions be correct on first install" code in the postinst being conflated with the "change permissions because we're upgrading from a previously different situation" code. In particular, I prefer the latter to always be guarded and apply only on a version comparison. But I see you've used the same pattern as what was already there, and I agree that this is preferable.