Bug 1802165 - FIle conflicit between rsyslog and syslog-ng: /etc/logrotate.d/syslog
Summary: FIle conflicit between rsyslog and syslog-ng: /etc/logrotate.d/syslog
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: syslog-ng
Version: epel8
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Peter Czanik
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-02-12 13:55 UTC by Terje Røsten
Modified: 2020-07-20 09:28 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-07-20 09:28:56 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Terje Røsten 2020-02-12 13:55:36 UTC
Description of problem:

There seems to be a file conflict between rsyslog in RHEL8 and syslog-ng in epel8.

/etc/logrotate.d/syslog now contains rsyslog specific code:

$ cat etc/logrotate.d/syslog
[snip]
{
    missingok
    sharedscripts
    postrotate
        /usr/bin/systemctl kill -s HUP rsyslog.service >/dev/null 2>&1 || true
    endscript
}

Can syslog-ng move logrotate file to /etc/logrotate.d/syslog-ng for epel8?

(For Fedora rsyslog uses /etc/logrotate.d/rsyslog, however that might not make sense i RHEL8, hence syslog-ng might need to move in epel8).

Comment 1 Peter Czanik 2020-02-12 15:16:23 UTC
Thanks for the report. I plan to check it on Friday or early next week and also fix GeoIP (maxminddb) support along the way.

Comment 2 Peter Czanik 2020-02-17 16:33:12 UTC
OK, I see. Previously the log rotation script was using the PID to reload (r)syslog(-ng), that's why both of them used the same pid file. So whichever was running from the two got restarted from the logrotate script.

I have one concern: what happens if both rsyslog and syslog-ng are installed? In this case there are two logrotate scripts for the same set of log files...

Once I have an answer for the above question, I should rename the logrotate script from syslog to syslog-ng in all of my syslog-ng packages, except EPEL 7. And change it to:
```
    postrotate
        /usr/bin/systemctl kill -s HUP syslog-ng.service >/dev/null 2>&1 || true
    endscript
```

Comment 3 Peter Czanik 2020-02-18 12:24:30 UTC
I did not have yet time for testing, but here is a syslog-ng git snapshot build, which implements the changes listed above:

https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng-githead/

If it works as expected, I'll port back the changes to EPEL 8 and also to Fedora Rawhide, once syslog-ng 3.26 is available.

Comment 4 Peter Czanik 2020-02-18 13:38:43 UTC
Well. Starting logrotate by hand revealed, that it errors out:

[root@localhost ~]# /usr/sbin/logrotate /etc/logrotate.conf
error: syslog-ng:1 duplicate log entry for /var/log/cron
error: syslog-ng:1 duplicate log entry for /var/log/maillog
error: syslog-ng:1 duplicate log entry for /var/log/messages
error: syslog-ng:1 duplicate log entry for /var/log/secure
error: syslog-ng:1 duplicate log entry for /var/log/spooler
error: found error in file syslog-ng, skipping

So, one problem is resolved, as there is no more file conflict with rsyslog. But we have another one.

- if we keep the file level conflict, then everything works properly, but rsyslog and syslog-ng can't be installed in parallel
- if there is no file level conflict then they can be installed in parallel, but reloading syslog-ng from logrotate does not work

What do you think?

Comment 5 Fabien Wernli 2020-02-19 11:25:42 UTC
Solution 3:
- ship /etc/logrotate.d/syslog in separate package syslog-ng-logrotate
- in syslog-ng package require File /etc/logrotate.d/syslog: `Require: /etc/logrotate.d/syslog`
  or require rsyslog OR syslog-ng-logrotate: `Requires: (rsyslog or syslog-ng-logrotate)`

Comment 6 Terje Røsten 2020-02-19 14:52:21 UTC
Is or in requires supported in el8?

Other option is let rsyslog syslog-ng use the same file maybe something like this can work:

var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
    sharedscripts
    postrotate
        /usr/bin/systemctl is-active --quiet rsyslog && /usr/bin/systemctl kill -s HUP rsyslog.service   >/dev/null 2>&1 || true
        /usr/bin/systemctl is-active --quiet syslog  && /usr/bin/systemctl kill -s HUP syslog-ng.service >/dev/null 2>&1 || true
    endscript
}

Comment 7 Karl-Johan Karlsson 2020-06-11 19:27:43 UTC
(In reply to Terje Røsten from comment #6)
> Other option is let rsyslog syslog-ng use the same file maybe something like
> this can work:

I would strongly prefer not doing this.

My use case (which currently works fine on CentOS 7) is that I want to separate the local system logger and the archiving log server as far as possible. I currently do this by dropping a file in /etc/rsyslog.d/ on all machines telling them to send copies of all logs to the archive server. The archive server also runs a syslog-ng process (in addition to its standard rsyslog) which only listens on the network and only writes to archive files outside of /var/log/.

This has the advantages of the configurations being simple for both rsyslog and syslog-ng, and that all machines can run identical rsyslog configurations, without special exceptions for the archive server. I would like to be able to run CentOS 8 systems like this as well.

Comment 8 Peter Czanik 2020-06-16 12:08:35 UTC
A possible solution is now available for testing in my git snapshot repository.

For details check: https://github.com/syslog-ng/syslog-ng/issues/1384#issuecomment-644716350

If it works, I plan to port the changes to the official EPEL 8 package.

Comment 9 Peter Czanik 2020-07-02 13:53:30 UTC
And here is what I submitted to EPEL 8. You can check the packages from below until it enters EPEL 8. Let me know your experiences!

https://koji.fedoraproject.org/koji/buildinfo?buildID=1536397

AFAIR it is migrated automagically after a few day to EPEL 8, but if nothing happens until early next week, I check if the EPEL workflow has changed...

Comment 10 Peter Czanik 2020-07-02 14:27:05 UTC
OK, read the docs, so it's not completely automagical :) I submitted it to Bodhi, where testing and adding karma helps to speed up the process:

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-86919949a0

Comment 11 Terje Røsten 2020-07-12 11:29:03 UTC
Hi!

I don't understand how this helps? 

Ok, so rsyslog and syslog-ng can now be installed at the same time, however if syslog-ng
service is used, logrotate is borken[1] until syslog-ng-logrotate is installed (and rsyslog removed)?

I don't see why this is good solution?


[1]: it appear to work, however syslog-ng will continue to write to old file (now with new name,
while e.g. /var/log/messages will be empty).

Comment 12 Peter Czanik 2020-07-20 09:28:56 UTC
OK, fixed package is now available in EPEL 8.

It helps by making sure, that you can install rsyslog and syslog-ng at the same time. The problem here is, that rsyslog is an offical RHEL package, while syslog-ng is not. This means, that if I want to make syslog-ng parallel installable with rsyslog, then I have to make a change on the syslog-ng side, as they don't. And this was the best compromise we could come up with here by Fabien and on the syslog-ng mailing list. The /etc/lograte.d/syslog file name is already hard coded in config management software for RHEL 8, so I could not change that. And if you install rsyslog and syslog-ng together, you need to fiddle with logrotate scripts anyway.


Note You need to log in before you can comment on or make changes to this bug.