Description of problem: Logrotate of /etc/logrotate.d/ovn fails with: error: failed to rename /var/log/ovn/ovn-controller.log to /var/log/ovn/ovn-controller.log-20220801: Permission denied Permissions of /var/log/ovn are set to root:root: ls -la /var/log/ | grep ovn drwxr-xr-x. 2 root root 32 Jun 22 17:54 ovn We can see that the installation of the ovn rpm modifies the /etc/logrotate.d/ovn file to first su to openvswitch:openvswitch before attempting to rotate: [root@rhevh-25 log]# rpm -qi --scripts ovn-2021-21.12.0-46.el8fdp.x86_64 postinstall scriptlet (using /bin/sh): if [ $1 -eq 1 ]; then sed -i 's:^#OVN_USER_ID=:OVN_USER_ID=:' /etc/sysconfig/ovn sed -i 's:\(.*su\).*:\1 openvswitch openvswitch:' /etc/logrotate.d/ovn fi postuninstall program: /bin/sh This causes a permissions mismatch because the directory is owned by root:root and doesn't have write permissions. Version-Release number of selected component (if applicable): How reproducible: We have a lab system showing this issue with: redhat-release-virtualization-host-4.5.0-5.el8ev.x86_64 with: ovn-2021-host-21.12.0-46.el8fdp.x86_64 ovn-2021-21.12.0-46.el8fdp.x86_64 Customer environment: redhat-release-virtualization-host-4.5.1-1.el8ev.x86_64 with: ovn-2021-21.12.0-73.el8fdp.x86_64 ovn-2021-host-21.12.0-73.el8fdp.x86_64 Steps to Reproduce: 1. /usr/sbin/logrotate /etc/logrotate.conf --force > /tmp/rotate 2>&1 2. Check /tmp/rotate for error 3. Actual results: error: failed to rename /var/log/ovn/ovn-controller.log to /var/log/ovn/ovn-controller.log-20220801: Permission denied /var/log/ovn/ovn-controller.log cannot be rotated Expected results: /var/log/ovn/ovn-controller.log should be rotated Additional info: On a lab system we see this process running with the --log-file argument to /var/log/ovn: openvsw+ 1695 1 0 Jun22 ? 00:01:45 ovn-controller unix:/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --private-key=/etc/pki/vdsm/keys/vdsmkey.pem --certificate=/etc/pki/vdsm/certs/vdsmcert.pem --ca-cert=/etc/pki/vdsm/certs/cacert.pem --user openvswitch:openvswitch --no-chdir --log-file=/var/log/ovn/ovn-controller.log --pidfile=/run/ovn/ovn-controller.pid --detach Suspect the /var/log/ovn directory isn't being created properly with openvswitch:openvswitch In our customers case, they ran chown openvswitch:root /var/log/ovn and this allowed the file to be rotated.
Verified on - ovirt-openvswitch-2.15-4.el8ev.noarch Upgraded from: rhvm-4.4.10.7-0.4.el8ev.noarch ovirt-openvswitch-2.11-1.el8ev.noarch vdsm-4.40.100.2-1.el8ev.x86_64 To: rhvm-4.5.2.1-0.1.el8ev.noarch ovirt-openvswitch-2.15-4.el8ev.noarch vdsm-4.50.2.2-1.el8ev.x86_64 After upgrade, the permissions has been fixed: ls -la /var/log/ | grep ovn drwxr-xr-x. 2 openvswitch openvswitch 32 Aug 7 19:08 ovn rpm -q ovirt-openvswitch ovirt-openvswitch-2.15-4.el8ev.noarch
This bug has low overall severity and is not going to be further verified by QE. If you believe special care is required, feel free to properly align relevant severity, flags and keywords to raise PM_Score or use one of the Bumps ('PrioBumpField', 'PrioBumpGSS', 'PrioBumpPM', 'PrioBumpQA') in Keywords to raise it's PM_Score above verification threashold (1000).
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (RHV Engine and Host Common Packages update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:6394