Description of problem:
When logrotate happens, OS is deleting the files but actually those are present in the list of open files and marked as deleted untill the process is being killed or the respective service is being restarted.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Wait for the logrotate to happen on foreman-proxy logs.
2. Check by command 'lsof | grep deleted | grep "\/var\/log"' and you will be able to see list of files marked as deleted eating up space(even if it's very less).
3. Restart the service i.e. foreman-proxy in this case and re-execute the command on Step 2 and now the files will have vanished as expected.
When a log file is being deleted by logrotate, It leaves the file descriptor open.
When a log file is being deleted by logrotate, It should not leave a file descriptor open and list it in the list of open files.
I have a suspicion that this is actually SELinux bug, let's see what customer reports back: https://projects.theforeman.org/issues/19053
Created attachment 1630091 [details]
Patch for Satellite 6.5 foreman-proxy daemon
Created attachment 1630713 [details]
Hotfix is delivered for Satellite 6.5. Installation instructions:
1. Take a backup of affected Satellites and/or Capsules
2. Download hotfix RPM from this BZ and send it to affected Satellites and/or Capsules
3. yum localinstall /path/to/hotfix/rpm
4. restart services
Hello, I can confirm that those patches fixes an issue that is related to this problem. When foreman-proxy received a signal, it was supposed to reopen logging file /var/log/foreman-proxy/proxy.log but due to bug it was not doing this at all. I have tested the upstream change, chances are that the original patch was incorrect, or backport has some other issue.
However keep in mind that you must test this with SELinux disabled or in permissive mode because there is another BZ we track related to logrotate - SELinux prevents logrotated from sending a signal to foreman-proxy.
Workaround until this is resolved - set logging level to WARNING in proxy.yml to avoid excessive amount of data in proxy.log.
by the following manual reproducer:
1) Check that foreman-proxy is running
# ps -efH | grep foreman\\-proxy
foreman+ 18267 1 0 Nov26 ? 00:00:07 ruby /usr/share/foreman-proxy/bin/smart-proxy --no-daemonize
foreman+ 18556 1 0 Nov26 ? 00:00:13 ruby /usr/bin/smart_proxy_dynflow_core -d -p /var/run/foreman-proxy/smart_proxy_dynflow_core.pid
2) Check that there are already logrotated files (as Satellite is running for couple of days)
# ll /var/log/foreman-proxy/proxy*.gz
-rw-r--r--. 1 foreman-proxy foreman-proxy 222 Nov 25 23:51 /var/log/foreman-proxy/proxy.log-20191126.gz
-rw-r--r--. 1 foreman-proxy foreman-proxy 2532 Nov 26 23:51 /var/log/foreman-proxy/proxy.log-20191127.gz
3) Check for presence of logrotated (deleted) log files being kept open
# lsof | grep '/var/log.* (deleted)'
>>> the foreman-proxy log files are logrotated properly without keeping deleted files open
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.