Closed Klaas- closed 3 years ago
I think this needs a change in https://github.com/microsoft/omi/blame/2cd827ba933a74374ca177007d4954aa8df493f3/Unix/installbuilder/datafiles/Linux.data#L366-L373 it needs to recognize if its being upgraded or uninstalled. I think this should also apply to rhel: https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/
Highlighting the author: @JumpingYang001
maybe you also want to change this in the script that builds the spec file from the data file to generalize the solution or move it into https://github.com/microsoft/omi/blame/2cd827ba933a74374ca177007d4954aa8df493f3/Unix/installbuilder/datafiles/Linux.data#L289
@Klaas- thanks for reporting it! we will check the issue.
@JumpingYang001
The change you made somehow hasn't made it into the official rpm
$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.9 (Maipo)
$ rpm -qa|grep omi
omi-1.6.8-0.x86_64
$ rpm -qi omi
Name : omi
Version : 1.6.8
Release : 0
Architecture: x86_64
Install Date: Fri 02 Apr 2021 03:45:05 AM CEST
Group : System Environment/Daemons
Size : 4608406
License : MIT
Signature : RSA/SHA256, Wed 31 Mar 2021 05:32:41 PM CEST, Key ID eb3e94adbe1229cf
Source RPM : omi-1.6.8-0.src.rpm
Build Date : Thu 14 Jan 2021 03:36:46 AM CET
Build Host : osbld64-rhel5-01.scx.com
Relocations : (not relocatable)
Vendor : Microsoft Corporation
Summary : Open Management Infrastructure
Description :
omi server
$ rpm -qi --scripts omi
[...]
postuninstall scriptlet (using /bin/sh):
#!/bin/sh
if [ "$1" -ne 1 ]; then
rm -f /opt/omi/lib/libcrypto* /opt/omi/lib/libssl* /opt/omi/lib/.libcrypto* /opt/omi/lib/.libssl*
rmdir /opt/omi/lib > /dev/null 2>&1
rmdir /opt/omi > /dev/null 2>&1
# Clean up cron and logrotate
rm -f /etc/cron.d/omilogrotate > /dev/null 2>&1
rm -f /etc/logrotate.d/omi > /dev/null 2>&1
egrep -q "^omiusers:" /etc/group
if [ $? -eq 0 ]; then
echo "Deleting omiusers group ..."
groupdel omiusers
fi
egrep -q "^omi:" /etc/passwd
if [ $? -eq 0 ]; then
echo "Deleting omi service account ..."
userdel omi
fi
egrep -q "^omi:" /etc/group
if [ $? -eq 0 ]; then
echo "Deleting omi group ..."
groupdel omi
fi
fi
if [ -e /usr/sbin/semodule ]; then
if [ ! -z "$(/usr/sbin/semodule -l | grep omi-logrotate)" ]; then
echo "Removing selinux policy module for omi-logrotate ..."
/usr/sbin/semodule -r omi-logrotate
fi
fi
exit 0
Greetings Klaas
side question: will this need more than one version upgrade to actually happen? on the next upgrade the current versions postuninstall script will be called right?
@Klaas- yes, the upgrade uninstall script will be executed in next version.
@JumpingYang001 1) any idea why it's not in the official packages yet? 2) Do you plan to fix this by for example changing the upgrade procedure that happens on minor upgrades via waagent?
@Klaas- it is already in official packages, and it is by design, since upgrade a package will use exist package's uninstall script and for current package's uninstall script will be executed in next upgrade.
@JumpingYang001 but it's not in the current packages scripts. 1.6.8-0 was tagged on github on Apr 9 and includes the fix. 1.6.8-0 from packages.microsoft.com was built on Thu 14 Jan 2021; so I am guessing you do not build from github sources and have some kind of own code staging for those packages, this seems to invite errors like this.
$ curl -O https://packages.microsoft.com/rhel/7/prod/omi-1.6.8-0.ssl_100.ulinux.x64.rpm
[...]
$ rpm -qp --scripts ./omi-1.6.8-0.ssl_100.ulinux.x64.rpm
[...]
postuninstall scriptlet (using /bin/sh):
#!/bin/sh
if [ "$1" -ne 1 ]; then
rm -f /opt/omi/lib/libcrypto* /opt/omi/lib/libssl* /opt/omi/lib/.libcrypto* /opt/omi/lib/.libssl*
rmdir /opt/omi/lib > /dev/null 2>&1
rmdir /opt/omi > /dev/null 2>&1
# Clean up cron and logrotate
rm -f /etc/cron.d/omilogrotate > /dev/null 2>&1
rm -f /etc/logrotate.d/omi > /dev/null 2>&1
egrep -q "^omiusers:" /etc/group
if [ $? -eq 0 ]; then
echo "Deleting omiusers group ..."
groupdel omiusers
fi
egrep -q "^omi:" /etc/passwd
if [ $? -eq 0 ]; then
echo "Deleting omi service account ..."
userdel omi
fi
egrep -q "^omi:" /etc/group
if [ $? -eq 0 ]; then
echo "Deleting omi group ..."
groupdel omi
fi
fi
if [ -e /usr/sbin/semodule ]; then
if [ ! -z "$(/usr/sbin/semodule -l | grep omi-logrotate)" ]; then
echo "Removing selinux policy module for omi-logrotate ..."
/usr/sbin/semodule -r omi-logrotate
fi
fi
exit 0
@Klaas- understand your question now, in fact, the 1.6.8-0 release tag wasn't updated by me... it was updated by other team member, yes, the tag is wrong... , and I check the real code for 1.6.8-0 should only includes these commits: https://github.com/microsoft/omi/commits/e6851ec20b00615d5fda8d3858cd5f142ed04528 .
So it will take another two releases of omi until this problem is addressed on it's own :) I am guessing it was a bad idea to wait for the fix, I am seeing a couple of multi-gb log files already, so I will clean this up in configuration management ... :)
@Klaas- yeah, if you have urgent to fix it, you can manually do it at first, thanks for pointing out the issue.
@JumpingYang001 even loading the module is not enough :)
/etc/cron.daily/logrotate:
error: error accessing /var/opt/microsoft/omsconfig: Permission denied error: failed to rename /var/opt/microsoft/omsconfig/omsconfig.log to /var/opt/microsoft/omsconfig/omsconfig.log-20210812: Permission denied error: error accessing /var/opt/microsoft/omsconfig: Permission denied error: failed to rename /var/opt/microsoft/omsconfig/omsconfigdetailed.log to /var/opt/microsoft/omsconfig/omsconfigdetailed.log-20210812: Permission denied
Logrotate now has enough rights to access the file, but not enough to write the rotated log because it does not have rights on the directory :)
@Klaas- /var/opt/microsoft/omsconfig
path is another team's product directory, maybe you can contact them: https://github.com/Microsoft/PowerShell-DSC-for-Linux
Ah yes, sorry I see the policy is from https://github.com/microsoft/OMS-Agent-for-Linux/blob/master/installer/selinux/omsagent-logrotate.fc , I'll raise this issue there
It seems like there is an issue about this in that repo already, https://github.com/microsoft/OMS-Agent-for-Linux/issues/781#issuecomment-639801741
Hi, it seems the omi-logrotate selinux module is uninstalled after upgrading. I think this is a general build problem, scx has the same issue.
How to reproduce: have a system without omi/scx