Red Hat Bugzilla – Bug 888671
[Installation]oo-accept-broker or oo-accept-systems will create production.log, the file's permission is wrong.
Last modified: 2017-03-08 12:34 EST
Description of problem: By default, the log file "/var/www/openshift/broker/log/production.log" does not exist. It will be created if user operates his app or other things. and the permission is "apache:apache". After install broker, I will execute oo-accept-broker or oo-accept-systems to check the config of system is right. The log file will be created. And the permission is wrong, it is "root:root". Now, if execute "rhc setup", it will be some error in the "/var/www/openshift/broker/httpd/logs/error_log" : Rails Error: Unable to access log file. Please ensure that /var/www/openshift/broker/log/production.log exists and is chmod 0666. The log level has been raised to WARN and the output directed to STDERR until the problem is fixed. Version-Release number of selected component (if applicable): http://buildvm-devops.usersys.redhat.com/puddle/build/OpenShiftEnterprise/1.1.x/2012-12-18.1 How reproducible: always Steps to Reproduce: 1. Setup broker, make sure the log file(/var/www/openshift/broker/log/production.log) doesn't exist 2. Execute oo-accept-systems 3. Check the log file's permission ll /var/www/openshift/broker/log/production.log 4. On client side, execute "rhc setup" 5. Check the http log file (/var/www/openshift/broker/httpd/logs/error_log) Actual results: 3.[root@broker ~]# ll /var/www/openshift/broker/log/production.log -rw-r--r--. 1 root root 0 Dec 19 02:19 /var/www/openshift/broker/log/production.log 5.Rails Error: Unable to access log file. Please ensure that /var/www/openshift/broker/log/production.log exists and is chmod 0666. The log level has been raised to WARN and the output directed to STDERR until the problem is fixed. Expected results: 3. The file still doesn't exsit, please don't touch this file. 5. If step 3 is fixed, step 5 will not show error about the log file's permission. Additional info:
Great catch. This was actually due to a fairly recent change where I marked the log files as %ghost because that was technically more correct from an RPM standpoint. Since those script actually run the rails environment we do need to be more protective. I'll revert back to having the broker RPM create the files and setup the correct ownership.
Upstream pull request: https://github.com/openshift/origin-server/pull/1089 After looking at the code I remember why %ghost was added. We wanted to avoid log files from being overwritten on RPM upgrade.
The latest upstream pull requests is here: https://github.com/openshift/origin-server/pull/1096
This will ship with the next 1.1 puddle.
Retest this bug with 1.1.x/2013-01-02.1 puddle, and FAIL. 1. After install broker package, the log files are not generated. # ll /var/www/openshift/broker/log/production.log ls: cannot access /var/www/openshift/broker/log/production.log: No such file or directory 2. run "oo-accept-systems" and "oo-accept-broker" to check the log file's permission. # ll /var/www/openshift/broker/log/production.log -rw-r--r--. 1 root root 0 Jan 3 22:32 /var/www/openshift/broker/log/production.log
Oops, it is my fault, in comment 6, I used an old puddle to test this bug, so pls ignore comment 6. I will verify this bug soon.
Verified this bug with 1.1.x/2013-01-02.1 puddle, and PASS. # rpm -q --scripts openshift-origin-broker-1.0.7-1.el6op.noarch postinstall scriptlet (using /bin/sh): # We are forced to create these log files if they don't exist because we have # command line tools that will load the Rails environment and create the logs # as root. We need the files labeled %ghost because we don't want these log # files overwritten on RPM upgrade. for l in /var/log/openshift/user_action.log /var/www/openshift/broker/log/{development,production}.log; do if [ ! -f $l ]; then touch $l fi chown apache:apache $l chmod 640 $l done <--snip--> After install broker package, the log files are generated with correct permission. [root@broker ~]# ll /var/log/openshift/user_action.log -rw-r-----. 1 apache apache 306756 Jan 4 02:09 /var/log/openshift/user_action.log [root@broker ~]# ll /var/www/openshift/broker/log/production.log -rw-r-----. 1 apache apache 549818 Jan 4 02:10 /var/www/openshift/broker/log/production.log Run "oo-accept-systems" and "oo-accept-broker" to check the log file's permission, they are still correct.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0220.html