search

ihrwein / ansible-syslog-ng

The source code of an Ansible syslog-ng role
GNU General Public License v2.0
6 stars 9 forks source link

Bugs with permissions? #7

Open juju4 opened 9 years ago

juju4 commented 9 years ago

Hello,

Thanks a lot for your work but I have issues to make it work I'm using vagrant 1.7.4 and image ubuntu/trusty64 for virtualbox

I get following output

GATHERING FACTS ***************************************************************
ok: [csyslog]

TASK: [ihrwein.syslog-ng | install syslog-ng] *********************************
changed: [csyslog]

TASK: [ihrwein.syslog-ng | determine syslog-ng's config version] **************
changed: [csyslog]

TASK: [ihrwein.syslog-ng | set syslog_ng_config_version variable] *************
ok: [csyslog]

TASK: [ihrwein.syslog-ng | include_vars ../defaults/syslog-ng/{{syslog_ng_config_version}}/main.yml] ***
ok: [csyslog]

TASK: [ihrwein.syslog-ng | applying client mode configuration if the generated syntax is OK] ***
failed: [csyslog] => {"failed": true}
msg: failed to validate: rc:1 error:Error opening configuration file; filename='/home/vagrant/.ansible/tmp/ansible-tmp-1438458690.15-193309305713974/source', error='Permission denied (13)'

with the corresponding configuration in site.yml alone or with other roles

- hosts: syslogserver
  roles:
#    - { role: ihrwein.syslog-ng, syslog_ng_mode: server, syslog_ng_server_dest_dir: /var/log/syslog-ng, syslog_ng_server_sources: 10.0.0.0/8,  syslog_ng_server_file_macro: $YEAR.$MONTH.$DAY/$HOST.log }
## FIXME! msg: failed to validate: rc:1 error:Error opening configuration file; filename='/home/vagrant/.ansible/tmp/ansible-tmp-1438458164.26-187469009002683/source', error='Permission denied (13)'
#    - { role: ihrwein.syslog-ng, syslog_ng_mode: server }
## FIXME! fatal: [csyslog] => {'msg': "AnsibleUndefinedVariable: One or more undefined variables: 'unicode object' has no attribute 'keys'", 'failed': True}
#    - { role: ihrwein.syslog-ng, syslog_ng_mode: server, syslog_ng_server_sources: 10.0.0.0/8 }
## FIXME! msg: failed to validate: rc:1 error:Error opening configuration file; filename='/home/vagrant/.ansible/tmp/ansible-tmp-1438458516.5-264913181520805/source', error='Permission denied (13)'
#    - { role: ihrwein.syslog-ng, syslog_ng_mode: local }
## FIXME! msg: failed to validate: rc:1 error:Error opening configuration file; filename='/home/vagrant/.ansible/tmp/ansible-tmp-1438458584.65-181156109240888/source', error='Permission denied (13)'
    - { role: ihrwein.syslog-ng, syslog_ng_mode: client }

Any help?

Thanks

ihrwein commented 9 years ago

Hi!

Sorry for the late answer.

IMHO syslog-ng tries to test the generated configuration but in your case it's a directory (/home/vagrant/.ansible/tmp/ansible-tmp-1438458690.15-193309305713974/source). I would expect to see a syslog-ng.conf file here.

juju4 commented 9 years ago

Yes, I was supposing that. but at this step, I can't understand why for now

TASK: [ihrwein.syslog-ng | applying client mode configuration if the generated syntax is OK] *** 
failed: [csyslog] => {"failed": true}
msg: failed to validate: rc:1 error:Error opening configuration file; filename='/home/vagrant/.ansible/tmp/ansible-tmp-1439598047.28-258004396674643/source', error='Permission denied (13)'

this line is just a template command as root, there should not be any permission denied It seems to be the temporary file which is validated by syslog-ng but fails

$ ll ~/.ansible/ /etc/syslog-ng/syslog-ng.conf
-rw-r--r-- 1 root    root    5949 Dec 25  2013 /etc/syslog-ng/syslog-ng.conf
/home/vagrant/.ansible/:
total 12
drwxrwxr-x 3 vagrant vagrant 4096 Aug  1 19:51 ./
drwxr-xr-x 5 vagrant vagrant 4096 Aug 15 00:49 ../
drwxrwxr-x 2 vagrant vagrant 4096 Aug 15 00:49 tmp/

$ sudo sysdig -p "%12user.name %6proc.pid %8evt.res %20proc.name %3fd.num %fd.typechar %fd.name" evt.res=EACCES or evt.res=EPERM or proc.name=python
[ansible provisioning]
[...]
root         10828  10827 0 python               /home/vagrant/.ansible/tmp/ansible-tmp-1439602936.88-245935053449492/copy 6   p
root         10828  10827 ESPIPE python               /home/vagrant/.ansible/tmp/ansible-tmp-1439602936.88-245935053449492/copy 6   p
root         10828  10827 0 python               /home/vagrant/.ansible/tmp/ansible-tmp-1439602936.88-245935053449492/copy 6   p
root         10829  10828 EACCES syslog-ng            --syntax-only --cfgfile /home/vagrant/.ansible/tmp/ansible-tmp-1439602936.88-245935053449492/source -1  f /home/vagrant/.ansible/tmp/ansible-tmp-1439602936.88-245935053449492/source
root         10828  10827 153 python               /home/vagrant/.ansible/tmp/ansible-tmp-1439602936.88-245935053449492/copy 6   p
root         10828  10827 0 python               /home/vagrant/.ansible/tmp/ansible-tmp-1439602936.88-245935053449492/copy 4   p
[...]

so it means the validation is not working but

$ syslog-ng --syntax-only --cfgfile syslog-ng.conf.0 
syslog-ng: Error setting capabilities, capability management disabled; error='Operation not permitted'
$ sudo syslog-ng --syntax-only --cfgfile syslog-ng.conf.0 
$

it runs as root but have a permission denied...

If I disable validate options in tasks/main.yml, it is working

seems similar to https://github.com/ansible/ansible/issues/7553

mcalhoun commented 8 years ago

+1 as I am also experiencing this on a vanilla Ubuntu box

it-kombinat commented 4 years ago

I am also have this issue on an CentOS 7 box. :-(