voxpupuli / puppet-logrotate

Puppet logrotate module
https://forge.puppet.com/puppet/logrotate
MIT License
26 stars 92 forks source link

Update default value "su_group" to be in line with modern Ubuntu versions #218

Open sahaqaa opened 11 months ago

sahaqaa commented 11 months ago

Affected Puppet, Ruby, OS and module versions/distributions

How to reproduce (e.g Puppet code you use)

  class { '::logrotate':
    manage_cron_hourly => false,
    manage_cron_daily  => false,
    create_base_rules  => false,
  }

  logrotate::rule { 'test':
    path         => '/var/log/test.log.*',
    missingok    => true,
    rotate_every => 'day',
    maxage       => 30,
  }

What are you seeing

When i run "puppet agent -tv --environment xxxxxx --noop" i see that file "/etc/logrotate.conf" will be modified like this:

Notice: /Stage[main]/Logrotate::Hourly/File[/etc/logrotate.d/hourly]/ensure: current_value 'absent', should be 'directory' (noop)
Notice: Class[Logrotate::Hourly]: Would have triggered 'refresh' from 1 event

Notice: /Stage[main]/Logrotate::Defaults/Logrotate::Conf[/etc/logrotate.conf]/File[/etc/logrotate.conf]/content: 
--- /etc/logrotate.conf 2022-01-24 15:37:01.000000000 +0000
+++ /tmp/puppet-file20231207-99510-ve6yh7   2023-12-07 10:10:08.860311113 +0000
@@ -1,27 +1,10 @@
-# see "man logrotate" for details
+# THIS FILE IS AUTOMATICALLY DISTRIBUTED BY PUPPET.
+# ANY CHANGES WILL BE OVERWRITTEN.

-# global options do not affect preceding include directives
-
-# rotate log files weekly
-weekly
-
-# use the adm group by default, since this is the owning group
-# of /var/log/syslog.
-su root adm
-
-# keep 4 weeks worth of backlogs
-rotate 4
-
-# create new (empty) log files after rotating old ones
 create
+rotate 4
+weekly
+su root syslog

-# use date as a suffix of the rotated file
-#dateext
-
-# uncomment this if you want your log files compressed
-#compress
-
-# packages drop log rotation information into this directory
+# configurable file rotations
 include /etc/logrotate.d
-
-# system-specific logs may also be configured here.

Notice: /Stage[main]/Logrotate::Defaults/Logrotate::Conf[/etc/logrotate.conf]/File[/etc/logrotate.conf]/content: current_value '{sha256}33ff9bc4af818cc87293172add6657c08c7daeede32fac4e3ad204217d93bcc3', should be '{sha256}aa5234dd32ba3c5968775dcd8a47aa188cb821a016e3ef677159b03a079a2d5b' (noop)
Notice: Logrotate::Conf[/etc/logrotate.conf]: Would have triggered 'refresh' from 1 event
Notice: Class[Logrotate::Defaults]: Would have triggered 'refresh' from 1 event
Notice: Class[Logrotate]: Would have triggered 'refresh' from 2 events
Notice: /Stage[main]/Profile::As_lets_encrypt/Logrotate::Rule[test]/File[/etc/logrotate.d/test]/ensure: current_value 'absent', should be 'present' (noop)
Notice: Logrotate::Rule[test]: Would have triggered 'refresh' from 1 event
Notice: Class[Profile::As_lets_encrypt]: Would have triggered 'refresh' from 1 event
Notice: Stage[main]: Would have triggered 'refresh' from 5 events
Notice: Applied catalog in 5.09 seconds

What behaviour did you expect instead

I would expect that next line "su root adm" would be kept as is, and not veing modified to "su root syslog" I.e. that default value of "$su_group" to be "adm" (instead of "syslog")

Any additional information you'd like to impart

Use case scenario: we have 4 hosts, 2 of them managed by team A, and other 2 hosts managed by team B. There is a same application installed on all 4 hosts. I've noticed that logs are not cleaned up on them and tried to use "puppet-logrotate" module.

When i added next code:

  class { '::logrotate':
    manage_cron_hourly => false,
    manage_cron_daily  => false,
    create_base_rules  => false,
  }

  logrotate::rule { 'test':
    path         => '/var/log/test.log.*',
    missingok    => true,
    rotate_every => 'day',
    maxage       => 30,
  }

i've seen that it will change line from "su root adm" to "su root syslog".

My initial goal was to configure log rotation and to be as much non intrusive into hosts of other peoples. But right now it's not possible.

Investigation

I've installed two new EC2 instances in AWS with Ubuntu 20.04 LTS and 22.04 LTS

Details for Ubuntu 20.04 LTS:

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.6 LTS
Release:        20.04
Codename:       focal

$ ls -l /etc/logrotate.conf 
-rw-r--r-- 1 root root 533 Jan 21  2019 /etc/logrotate.conf

$ cat /etc/logrotate.conf 
# see "man logrotate" for details
# rotate log files weekly
weekly

# use the adm group by default, since this is the owning group
# of /var/log/syslog.
su root adm

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# use date as a suffix of the rotated file
#dateext

# uncomment this if you want your log files compressed
#compress

# packages drop log rotation information into this directory
include /etc/logrotate.d

# system-specific logs may be also be configured here.

$ ls -l /var/log/
total 864
-rw-r--r--  1 root      root               614 Dec  7 09:13 alternatives.log
drwx------  3 root      root              4096 Dec  7 09:10 amazon
drwxr-xr-x  2 root      root              4096 Dec  7 09:12 apt
-rw-r-----  1 syslog    adm               5512 Dec  7 09:17 auth.log
-rw-rw----  1 root      utmp                 0 Oct 25 21:53 btmp
-rw-r-----  1 root      adm               7429 Dec  7 09:15 cloud-init-output.log
-rw-r-----  1 syslog    adm             257799 Dec  7 09:15 cloud-init.log
drwxr-xr-x  2 root      root              4096 Mar 14  2023 dist-upgrade
-rw-r--r--  1 root      adm              42009 Dec  7 09:15 dmesg
-rw-r--r--  1 root      adm              40466 Dec  7 09:10 dmesg.0
-rw-r--r--  1 root      root             54747 Dec  7 09:13 dpkg.log
drwxr-sr-x+ 3 root      systemd-journal   4096 Dec  7 09:10 journal
-rw-r-----  1 syslog    adm             110910 Dec  7 09:15 kern.log
drwxr-xr-x  2 landscape landscape         4096 Dec  7 09:11 landscape
-rw-rw-r--  1 root      utmp            292292 Dec  7 09:15 lastlog
drwx------  2 root      root              4096 Dec  7 09:10 private
-rw-r-----  1 syslog    adm             285298 Dec  7 09:17 syslog
-rw-r--r--  1 root      root             10892 Dec  7 09:12 ubuntu-advantage.log
drwxr-x---  2 root      adm               4096 Dec  7 09:10 unattended-upgrades
-rw-rw-r--  1 root      utmp              6144 Dec  7 09:15 wtmp

Details for Ubuntu 22.04 LTS:

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.3 LTS
Release:        22.04
Codename:       jammy

$ ls -l /etc/logrotate.conf 
-rw-r--r-- 1 root root 592 Jan 24  2022 /etc/logrotate.conf

$ cat /etc/logrotate.conf 
# see "man logrotate" for details

# global options do not affect preceding include directives

# rotate log files weekly
weekly

# use the adm group by default, since this is the owning group
# of /var/log/syslog.
su root adm

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# use date as a suffix of the rotated file
#dateext

# uncomment this if you want your log files compressed
#compress

# packages drop log rotation information into this directory
include /etc/logrotate.d

# system-specific logs may also be configured here.

$ ls -l /var/log/
total 888
-rw-r--r--  1 root      root              7120 Dec  7 09:13 alternatives.log
drwx------  3 root      root              4096 Dec  7 09:08 amazon
drwxr-xr-x  2 root      root              4096 Dec  7 09:12 apt
-rw-r-----  1 syslog    adm               6319 Dec  7 09:17 auth.log
-rw-rw----  1 root      utmp                 0 Sep 19 02:21 btmp
drwxr-x---  2 _chrony   _chrony           4096 Dec  7 09:08 chrony
-rw-r-----  1 root      adm               7598 Dec  7 09:14 cloud-init-output.log
-rw-r-----  1 syslog    adm             255178 Dec  7 09:14 cloud-init.log
drwxr-xr-x  2 root      root              4096 Aug  2 15:53 dist-upgrade
-rw-r-----  1 root      adm              41993 Dec  7 09:14 dmesg
-rw-r-----  1 root      adm              40141 Dec  7 09:08 dmesg.0
-rw-r--r--  1 root      root             79877 Dec  7 09:13 dpkg.log
drwxr-sr-x+ 3 root      systemd-journal   4096 Dec  7 09:08 journal
-rw-r-----  1 syslog    adm             108369 Dec  7 09:14 kern.log
drwxr-xr-x  2 landscape landscape         4096 Dec  7 09:11 landscape
-rw-rw-r--  1 root      utmp            292292 Dec  7 09:15 lastlog
drwx------  2 root      root              4096 Dec  7 09:08 private
-rw-r-----  1 syslog    adm             281430 Dec  7 09:17 syslog
-rw-r--r--  1 root      root              9738 Dec  7 09:12 ubuntu-advantage.log
drwxr-x---  2 root      adm               4096 Dec  7 09:08 unattended-upgrades
-rw-rw-r--  1 root      utmp              6912 Dec  7 09:15 wtmp

As you may see two /etc/logrotate.conf files has "su root adm"

Proposed changes

1/ change default for Ubuntu (<%= @su_group %> to "adm)

2/ add ability to overwrite default "su_group" (right now there is no way to do it) 3/ (optional) add option to not manage config file /etc/logrotate.conf (when package "logrotate" is installed -> it creates it's own config file /etc/logrotate.confwith default settings, there are some cases when people do not need to manage config file /etc/logrotate.conf 4/ (optional) do not create "/etc/logrotate.d/hourly" when not needed (right now "file { "${logrotate::rules_configdir}/hourly":" is created anyway, even if "manage_cron_hourly" set to false