908270 – journal is full of collectd messages

Bug 908270 - journal is full of collectd messages

Summary: journal is full of collectd messages

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	oVirt
Classification:	Retired
Component:	ovirt-node
Sub Component:
Version:	3.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	3.4.1
Assignee:	Joey Boggs
QA Contact:	bugs@ovirt.org
Docs Contact:
URL:
Whiteboard:	node
Duplicates (1):	990457 (view as bug list)
Depends On:	753309
Blocks:	894059
TreeView+	depends on / blocked

Reported:	2013-02-06 10:11 UTC by Fabian Deutsch
Modified:	2015-07-06 20:14 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-03-19 17:04:38 UTC
oVirt Team:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Fabian Deutsch 2013-02-06 10:11:51 UTC

Description of problem:
journalctl -a shows that collectd is writing tons of messages (wlel, the same message over and over) to the logs:

Version-Release number of selected component (if applicable):
F18 build

How reproducible:
always

Comment 1 Joey Boggs 2013-02-06 21:31:23 UTC

dwalsh,

Can you recommend any changes here?

Collectd starts it's just failing since its not able to write to /var/log/collectd.log

Here's the module file we're using which has the added entries from audit2allow, is there something else I could be missing?

module ovirt 1.0;
require {
    type initrc_t;
    type initrc_tmp_t;
    type mount_t;
    type setfiles_t;
    type shadow_t;
    type unconfined_t;
    type passwd_t;
    type user_tmp_t;
    type var_log_t;
    type net_conf_t;
    type collectd_t;
    type virt_etc_t;
    type loadkeys_t;
    type initrc_tmp_t;
    type virtd_exec_t;
    class file { append mounton open getattr read execute ioctl lock entrypoint write };
    class fd { use };
    class process { sigchld signull transition noatsecure siginh rlimitinh getattr };
    class fifo_file { getattr open read write append lock ioctl };
    class filesystem getattr;
    class dir { getattr search open read lock ioctl write add_name};
    class socket { read write };
    class tcp_socket { read write };
    class udp_socket { read write };
    class rawip_socket { read write };
    class netlink_socket { read write };
    class packet_socket { read write };
    class unix_stream_socket { read write create ioctl getattr lock setattr append bind connect getopt setopt shutdown connectto };
    class unix_dgram_socket { read write };
    class appletalk_socket { read write };
    class netlink_route_socket { read write };
    class netlink_firewall_socket { read write };
    class netlink_tcpdiag_socket { read write };
    class netlink_nflog_socket { read write };
    class netlink_xfrm_socket { read write };
    class netlink_selinux_socket { read write };
    class netlink_audit_socket { read write };
    class netlink_ip6fw_socket { read write };
    class netlink_dnrt_socket { read write };
    class netlink_kobject_uevent_socket { read write };
    class tun_socket { read write };
    class chr_file { getattr read write append ioctl lock open };
    class lnk_file { getattr read };
    class sock_file { getattr write open append };
}
allow mount_t shadow_t:file mounton;
allow setfiles_t net_conf_t:file read;
# Unknown on F18:
#allow setfiles_t initrc_tmp_t:file append;
#allow consoletype_t var_log_t:file append;
#allow passwd_t user_tmp_t:file write;
# Unknown on F17 brctl_t:
#allow brctl_t net_conf_t:file read;
# Suppose because of collectd libvirt plugin
allow collectd_t virt_etc_t:file read;
allow collectd_t var_log_t:dir write;
allow collectd_t var_log_t:dir add_name;
allow collectd_t virtd_exec_t:file getattr;

# Suppose because etc is on tmpfs
allow loadkeys_t initrc_tmp_t:file read;

type ovirt_exec_t;
init_daemon_domain(unconfined_t,ovirt_exec_t)

Running audit2allow on audit.log

audit2allow -i /tmp/au.log 
#============= collectd_t ==============
allow collectd_t passwd_file_t:file read;
allow collectd_t var_log_t:dir add_name;
allow collectd_t virtd_exec_t:file getattr;

#============= loadkeys_t ==============
allow loadkeys_t initrc_tmp_t:file open;
-------------------


audit.log entries for collectd

type=PATH msg=audit(1360184795.506:2698): item=0 name="/var/log/collectd.log" inode=13990 dev=00:21 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:var_log_t:s0
type=AVC msg=audit(1360184795.506:2699): avc:  denied  { add_name } for  pid=1413 comm="collectd" name="collectd.log" scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir
type=SYSCALL msg=audit(1360184795.506:2699): arch=c000003e syscall=2 success=no exit=-13 a0=7f9e269ed5c0 a1=441 a2=1b6 a3=238 items=1 ppid=1 pid=1413 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="collectd" exe="/usr/sbin/collectd" subj=system_u:system_r:collectd_t:s0 key=(null)
type=CWD msg=audit(1360184795.506:2699):  cwd="/var/lib/collectd"
type=PATH msg=audit(1360184795.506:2699): item=0 name="/var/log/collectd.log" inode=13990 dev=00:21 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:var_log_t:s0
type=AVC msg=audit(1360184795.506:2700): avc:  denied  { add_name } for  pid=1413 comm="collectd" name="collectd.log" scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir
type=SYSCALL msg=audit(1360184795.506:2700): arch=c000003e syscall=2 success=no exit=-13 a0=7f9e269ed5c0 a1=441 a2=1b6 a3=238 items=1 ppid=1 pid=1413 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="collectd" exe="/usr/sbin/collectd" subj=system_u:system_r:collectd_t:s0 key=(null)
type=CWD msg=audit(1360184795.506:2700):  cwd="/var/lib/collectd"
type=PATH msg=audit(1360184795.506:2700): item=0 name="/var/log/collectd.log" inode=13990 dev=00:21 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:var_log_t:s0
type=AVC msg=audit(1360184795.506:2701): avc:  denied  { add_name } for  pid=1413 comm="collectd" name="collectd.log" scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir
type=SYSCALL msg=audit(1360184795.506:2701): arch=c000003e syscall=2 success=no exit=-13 a0=7f9e269ed5c0 a1=441 a2=1b6 a3=238 items=1 ppid=1 pid=1413 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="collectd" exe="/usr/sbin/collectd" subj=system_u:system_r:collectd_t:s0 key=(null)
type=CWD msg=audit(1360184795.506:2701):  cwd="/var/lib/collectd"
type=PATH msg=audit(1360184795.506:2701): item=0 name="/var/log/collectd.log" inode=13990 dev=00:21 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:var_log_t:s0
type=AVC msg=audit(1360184795.506:2702): avc:  denied  { add_name } for  pid=1413 comm="collectd" name="collectd.log" scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir
type=SYSCALL msg=audit(1360184795.506:2702): arch=c000003e syscall=2 success=no exit=-13 a0=7f9e269ed5c0 a1=441 a2=1b6 a3=238 items=1 ppid=1 pid=1413 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="collectd" exe="/usr/sbin/collectd" subj=system_u:system_r:collectd_t:s0 key=(null)
type=CWD msg=audit(1360184795.506:2702):  cwd="/var/lib/collectd"
type=PATH msg=audit(1360184795.506:2702): item=0 name="/var/log/collectd.log" inode=13990 dev=00:21 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:var_log_t:s0
type=AVC msg=audit(1360184795.506:2703): avc:  denied  { add_name } for  pid=1413 comm="collectd" name="collectd.log" scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir
type=SYSCALL msg=audit(1360184795.506:2703): arch=c000003e syscall=2 success=no exit=-13 a0=7f9e269ed5c0 a1=441 a2=1b6 a3=238 items=1 ppid=1 pid=1413 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="collectd" exe="/usr/sbin/collectd" subj=system_u:system_r:collectd_t:s0 key=(null)
type=CWD msg=audit(1360184795.506:2703):  cwd="/var/lib/collectd"
type=PATH msg=audit(1360184795.506:2703): item=0 name="/var/log/collectd.log" inode=13990 dev=00:21 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:var_log_t:s0
type=AVC msg=audit(1360184795.506:2704): avc:  denied  { add_name } for  pid=1413 comm="collectd" name="collectd.log" scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir
type=SYSCALL msg=audit(1360184795.506:2704): arch=c000003e syscall=2 success=no exit=-13 a0=7f9e269ed5c0 a1=441 a2=1b6 a3=238 items=1 ppid=1 pid=1413 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="collectd" exe="/usr/sbin/collectd" subj=system_u:system_r:collectd_t:s0 key=(null)
type=CWD msg=audit(1360184795.506:2704):  cwd="/var/lib/collectd"
type=PATH msg=audit(1360184795.506:2704): item=0 name="/var/log/collectd.log" inode=13990 dev=00:21 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:var_log_t:s0

Comment 2 Fabian Deutsch 2013-05-21 12:29:01 UTC

The collectd service is writing 

Filter subsystem: Built-in target `write': Dispatching value to all write plugins failed with status 2. 

to the journal, because no plugin (which supports a 'write' callback) is configured.
The network plugin supports the write callback, but isn't configured initially. So ideally we will have to disable the collectd plugin (see bug #753309 	) until it is configured properly.
Also:
http://mailman.verplant.org/pipermail/collectd/2011-June/004549.html

Comment 3 Mike Burns 2013-06-04 14:23:56 UTC

we could disable collectd by default and have it started during ovirt-post based on a value in /etc/default/ovirt

Comment 4 Fabian Deutsch 2013-06-04 14:26:13 UTC

(In reply to Mike Burns from comment #3)
> we could disable collectd by default and have it started during ovirt-post
> based on a value in /etc/default/ovirt

Good idea!
That will work on the short term.

Comment 5 Fabian Deutsch 2013-08-07 11:48:43 UTC

*** Bug 990457 has been marked as a duplicate of this bug. ***

Comment 6 Fabian Deutsch 2013-08-26 09:39:08 UTC

Not fixed in 3.0. Deferred to a lter release.

Comment 7 Sandro Bonazzola 2014-03-04 09:28:32 UTC

This is an automated message.
Re-targeting all non-blocker bugs still open on 3.4.0 to 3.4.1.

Comment 8 Doron Fediuck 2014-03-19 17:04:38 UTC

Closing old bugs.
If relevant please reopen.

Note You need to log in before you can comment on or make changes to this bug.