request for testing: logrotate scripts in Fedora/RHEL packages
Hi, There were multiple tickets, bug reports about logrotate scripts in syslog-ng RPM packages for Fedora/RHEL. https://bugzilla.redhat.com/show_bug.cgi?id=1802165 https://github.com/syslog-ng/syslog-ng/issues/1384#issuecomment-644716350 I have now a possible solution available for testing in my git snapshot repo: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng-githead/ * Installs the same logrotate script on RHEL/CentOS 7 as rsyslog * On RHEL/CentOS 8 and Fedora the logrotate script is called syslog-ng and uses systemctl to reload syslog-ng after rotation, just as the rsyslog variant. It is in a separate subpackage, and installed only when rsyslog is not on the system (for reasons check the RH bugzilla ticket: in short it would not be used anyway due to conflicts) I tested it on Fedora 32 and CentOS 7, both with and without rsyslog on the system. It worked fine for me, but any feedback is appreciated. If it is tested to work by someone else than me, I'll push the changes both to the official EPEL package and to the syslog-ng github repo. Bye, CzP Peter Czanik (CzP) <peter.czanik@oneidentity.com> Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ https://twitter.com/PCzanik
Hi, can you please prepare a patch for our in-tree packaging scripts as well? thanks. On Tue, Jun 16, 2020 at 2:18 PM Peter Czanik (pczanik) < Peter.Czanik@oneidentity.com> wrote:
Hi,
There were multiple tickets, bug reports about logrotate scripts in syslog-ng RPM packages for Fedora/RHEL.
https://bugzilla.redhat.com/show_bug.cgi?id=1802165 https://github.com/syslog-ng/syslog-ng/issues/1384#issuecomment-644716350
I have now a possible solution available for testing in my git snapshot repo: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng-githead/
- Installs the same logrotate script on RHEL/CentOS 7 as rsyslog - On RHEL/CentOS 8 and Fedora the logrotate script is called syslog-ng and uses systemctl to reload syslog-ng after rotation, just as the rsyslog variant. It is in a separate subpackage, and installed only when rsyslog is not on the system (for reasons check the RH bugzilla ticket: in short it would not be used anyway due to conflicts)
I tested it on Fedora 32 and CentOS 7, both with and without rsyslog on the system. It worked fine for me, but any feedback is appreciated.
If it is tested to work by someone else than me, I'll push the changes both to the official EPEL package and to the syslog-ng github repo.
Bye, CzP
Peter Czanik (CzP) <peter.czanik@oneidentity.com> Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ https://twitter.com/PCzanik
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Bazsi
Hi, Yes, once I received feedback I plan post my changes also there. So they are not lost again 🙂 Peter Peter Czanik (CzP) <peter.czanik@oneidentity.com> Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ https://twitter.com/PCzanik ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Balazs Scheidler <bazsi77@gmail.com> Sent: Tuesday, June 16, 2020 14:28 To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] request for testing: logrotate scripts in Fedora/RHEL packages CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Hi, can you please prepare a patch for our in-tree packaging scripts as well? thanks. On Tue, Jun 16, 2020 at 2:18 PM Peter Czanik (pczanik) <Peter.Czanik@oneidentity.com<mailto:Peter.Czanik@oneidentity.com>> wrote: Hi, There were multiple tickets, bug reports about logrotate scripts in syslog-ng RPM packages for Fedora/RHEL. https://bugzilla.redhat.com/show_bug.cgi?id=1802165<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.redhat.com%2Fshow_bug.cgi%3Fid%3D1802165&data=02%7C01%7Cpeter.czanik%40oneidentity.com%7C5022e96d2ffe42ddcea208d811f0d103%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637279073289404086&sdata=iKTi9rjpAtPl62t9dRxounNNJ2SGcL05xr9tc8s%2FeZE%3D&reserved=0> https://github.com/syslog-ng/syslog-ng/issues/1384#issuecomment-644716350<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fissues%2F1384%23issuecomment-644716350&data=02%7C01%7Cpeter.czanik%40oneidentity.com%7C5022e96d2ffe42ddcea208d811f0d103%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637279073289414081&sdata=q7BtYG%2FSgwQ4mCyXb%2BT2dku%2FUjXFVmaF7NjsYJaks8o%3D&reserved=0> I have now a possible solution available for testing in my git snapshot repo: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng-githead/<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcopr.fedorainfracloud.org%2Fcoprs%2Fczanik%2Fsyslog-ng-githead%2F&data=02%7C01%7Cpeter.czanik%40oneidentity.com%7C5022e96d2ffe42ddcea208d811f0d103%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637279073289414081&sdata=DbdGi9tV5qFD0ctXx%2BJ05CSpNOfQWvAY7%2Bc%2FKLtIm7Y%3D&reserved=0> * Installs the same logrotate script on RHEL/CentOS 7 as rsyslog * On RHEL/CentOS 8 and Fedora the logrotate script is called syslog-ng and uses systemctl to reload syslog-ng after rotation, just as the rsyslog variant. It is in a separate subpackage, and installed only when rsyslog is not on the system (for reasons check the RH bugzilla ticket: in short it would not be used anyway due to conflicts) I tested it on Fedora 32 and CentOS 7, both with and without rsyslog on the system. It worked fine for me, but any feedback is appreciated. If it is tested to work by someone else than me, I'll push the changes both to the official EPEL package and to the syslog-ng github repo. Bye, CzP Peter Czanik (CzP) <peter.czanik@oneidentity.com<mailto:peter.czanik@oneidentity.com>> Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsyslog-ng.com%2Fcommunity%2F&data=02%7C01%7Cpeter.czanik%40oneidentity.com%7C5022e96d2ffe42ddcea208d811f0d103%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637279073289424077&sdata=d71BYr5TZbG5TI%2FNzB1naHA2aZ3C6nVg06HJu%2FbIbg0%3D&reserved=0> https://twitter.com/PCzanik<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FPCzanik&data=02%7C01%7Cpeter.czanik%40oneidentity.com%7C5022e96d2ffe42ddcea208d811f0d103%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637279073289434076&sdata=dS2qMcLKD%2BiI5Y%2F4QLzu497g7nsq5P%2BOcFr5d0nESrU%3D&reserved=0> ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng<https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Cpeter.czanik%40oneidentity.com%7C5022e96d2ffe42ddcea208d811f0d103%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637279073289434076&sdata=zbcig6RetYTLxYLSIfSglhJdMEh4CALOYngkUR12%2FTk%3D&reserved=0> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7Cpeter.czanik%40oneidentity.com%7C5022e96d2ffe42ddcea208d811f0d103%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637279073289444068&sdata=fSw7ZqsQfytbHo234Cm0LxqIAPwGY3O4po32WtXEH4k%3D&reserved=0> FAQ: http://www.balabit.com/wiki/syslog-ng-faq<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Cpeter.czanik%40oneidentity.com%7C5022e96d2ffe42ddcea208d811f0d103%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637279073289444068&sdata=RCMM%2Ftm6Ryc9ay1axZGHpZXElYUw3U3Ti1b9oeCIjHc%3D&reserved=0> -- Bazsi
The RHEL7 packages work correctly and do not have any conflict with rsyslog. The RHEL8 package is going to give me some problems. Our syslog-ng configuration produces files different than the default, so we have configured the logrotate file appropriately. When the RPM update process runs the syslog-ng package will be updated and because we do not have the rsyslog package installed, the syslog-ng-logrotate package will be installed. This process will remove my custom /etc/logrotate.d/syslog file and create a new default /etc/logrotate.d/syslog-ng This will break by logrotate configuration on all systems that auto-update the RPM packages. I think the correct approach would be to move the /etc/logrotate.d/syslog file to /etc/logrotate.d/syslog-ng when the syslog-ng-logrotate package is installed for the first time. Evan. On 6/16/20 5:18 AM, Peter Czanik (pczanik) wrote:
Hi,
There were multiple tickets, bug reports about logrotate scripts in syslog-ng RPM packages for Fedora/RHEL.
https://bugzilla.redhat.com/show_bug.cgi?id=1802165 https://github.com/syslog-ng/syslog-ng/issues/1384#issuecomment-644716350
I have now a possible solution available for testing in my git snapshot repo: https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng-githead/
* Installs the same logrotate script on RHEL/CentOS 7 as rsyslog * On RHEL/CentOS 8 and Fedora the logrotate script is called syslog-ng and uses systemctl to reload syslog-ng after rotation, just as the rsyslog variant. It is in a separate subpackage, and installed only when rsyslog is not on the system (for reasons check the RH bugzilla ticket: in short it would not be used anyway due to conflicts)
I tested it on Fedora 32 and CentOS 7, both with and without rsyslog on the system. It worked fine for me, but any feedback is appreciated.
If it is tested to work by someone else than me, I'll push the changes both to the official EPEL package and to the syslog-ng github repo.
Bye, CzP
Peter Czanik (CzP) <peter.czanik@oneidentity.com> Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ <https://syslog-ng.com/community/> https://twitter.com/PCzanik
-- Evan Rempel
On Tue, Jun 16, 2020 at 07:29:24AM -0700, Evan Rempel wrote:
This process will remove my custom /etc/logrotate.d/syslog file and create a new default /etc/logrotate.d/syslog-ng
IIRC you can configure the specfile to not overwrite config files with a % directive, something like %config(no-replace) or similar
The %config(no-replace) does not work for a file that does not yet exist. The difficulty here is that the logrotate file name is changing from /etc/logrotate.d/syslog to /etc/logrotate.d/syslog-ng With the current packaging I would have to "configure" all of my hosts with the new configuration file BEFORE the syslog-ng package gets updated. It's doable, but not desirable. Evan. On 6/16/20 7:31 AM, Fabien Wernli wrote:
On Tue, Jun 16, 2020 at 07:29:24AM -0700, Evan Rempel wrote:
This process will remove my custom /etc/logrotate.d/syslog file and create a new default /etc/logrotate.d/syslog-ng IIRC you can configure the specfile to not overwrite config files with a % directive, something like %config(no-replace) or similar
Hi, Fedora already changed to a name-based logrotate, so rsyslog has /etc/logrotate.d/rsyslog. That's how the /etc/logrotate.d/syslog-ng naming was born. Not tested, but I just got the idea: for RHEL 8 keep the syslog-ng logroate file called as /etc/logrotate.d/syslog. It is fugly, another exception in the spec file. But it resolves your problem, and hopefully does not cause much problems for others. Personally I prefer to do the renaming to /etc/logrotate.d/syslog-ng as soon as possible (it will definitely be renamed with RHEL 9 in a few years), but what others think? Bye, Peter Czanik (CzP) <peter.czanik@oneidentity.com> Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ https://twitter.com/PCzanik ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Evan Rempel <erempel@uvic.ca> Sent: Tuesday, June 16, 2020 16:39 To: syslog-ng@lists.balabit.hu <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] request for testing: logrotate scripts in Fedora/RHEL packages CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. The %config(no-replace) does not work for a file that does not yet exist. The difficulty here is that the logrotate file name is changing from /etc/logrotate.d/syslog to /etc/logrotate.d/syslog-ng With the current packaging I would have to "configure" all of my hosts with the new configuration file BEFORE the syslog-ng package gets updated. It's doable, but not desirable. Evan. On 6/16/20 7:31 AM, Fabien Wernli wrote:
On Tue, Jun 16, 2020 at 07:29:24AM -0700, Evan Rempel wrote:
This process will remove my custom /etc/logrotate.d/syslog file and create a new default /etc/logrotate.d/syslog-ng IIRC you can configure the specfile to not overwrite config files with a % directive, something like %config(no-replace) or similar
______________________________________________________________________________ Member info: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C82080983250a4bdc46e108d812032891%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637279152064315728&sdata=iNnlY5hMR8LTf5H9R1C5SFxs9CNojqszPYFrTemAw4Y%3D&reserved=0 Documentation: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C82080983250a4bdc46e108d812032891%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637279152064315728&sdata=B7jzlQxBsIyK%2Bw1bBRl%2FE2nPG02YgW%2BSPLieENhnSw4%3D&reserved=0 FAQ: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C82080983250a4bdc46e108d812032891%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637279152064315728&sdata=dv3nIRUp5tZyaYFIqNRfZiavAoT6dxkSj%2FFs%2FRZk3HQ%3D&reserved=0
Hi, OK. As the only feedback I got was from Evan, I changed the SPEC file again, and CentOS/RHEL 8 uses now /etc/logrotate.d/syslog. Here is the summary: * RHEL/CentOS 7: /etc/logrotate.d/syslog is the same as for rsyslog and installed always * Fedora: /etc/logrotate.d/syslog-ng installed only if rsyslog is not installed * RHEL/CentOS 8: /etc/logrotate.d/syslog installed only if rsyslog is not installed Tested on CentOS 7, CentOS 8 and Fedora 31, all seem to work. You can test it from https://syslog-ng.com/blog/rpm-packages-from-syslog-ng-git-head/ Any feedback is appreciated. Note, that the version says 3.28.1, but there was no official release yet. Bye, Peter Czanik (CzP) <peter.czanik@oneidentity.com> Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ https://twitter.com/PCzanik ________________________________ From: Peter Czanik (pczanik) <Peter.Czanik@oneidentity.com> Sent: Monday, June 22, 2020 17:17 To: syslog-ng@lists.balabit.hu <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] request for testing: logrotate scripts in Fedora/RHEL packages Hi, Fedora already changed to a name-based logrotate, so rsyslog has /etc/logrotate.d/rsyslog. That's how the /etc/logrotate.d/syslog-ng naming was born. Not tested, but I just got the idea: for RHEL 8 keep the syslog-ng logroate file called as /etc/logrotate.d/syslog. It is fugly, another exception in the spec file. But it resolves your problem, and hopefully does not cause much problems for others. Personally I prefer to do the renaming to /etc/logrotate.d/syslog-ng as soon as possible (it will definitely be renamed with RHEL 9 in a few years), but what others think? Bye, Peter Czanik (CzP) <peter.czanik@oneidentity.com> Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ https://twitter.com/PCzanik ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Evan Rempel <erempel@uvic.ca> Sent: Tuesday, June 16, 2020 16:39 To: syslog-ng@lists.balabit.hu <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] request for testing: logrotate scripts in Fedora/RHEL packages CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. The %config(no-replace) does not work for a file that does not yet exist. The difficulty here is that the logrotate file name is changing from /etc/logrotate.d/syslog to /etc/logrotate.d/syslog-ng With the current packaging I would have to "configure" all of my hosts with the new configuration file BEFORE the syslog-ng package gets updated. It's doable, but not desirable. Evan. On 6/16/20 7:31 AM, Fabien Wernli wrote:
On Tue, Jun 16, 2020 at 07:29:24AM -0700, Evan Rempel wrote:
This process will remove my custom /etc/logrotate.d/syslog file and create a new default /etc/logrotate.d/syslog-ng IIRC you can configure the specfile to not overwrite config files with a % directive, something like %config(no-replace) or similar
______________________________________________________________________________ Member info: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C82080983250a4bdc46e108d812032891%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637279152064315728&sdata=iNnlY5hMR8LTf5H9R1C5SFxs9CNojqszPYFrTemAw4Y%3D&reserved=0 Documentation: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C82080983250a4bdc46e108d812032891%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637279152064315728&sdata=B7jzlQxBsIyK%2Bw1bBRl%2FE2nPG02YgW%2BSPLieENhnSw4%3D&reserved=0 FAQ: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CPeter.Czanik%40oneidentity.com%7C82080983250a4bdc46e108d812032891%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637279152064315728&sdata=dv3nIRUp5tZyaYFIqNRfZiavAoT6dxkSj%2FFs%2FRZk3HQ%3D&reserved=0
participants (4)
-
Balazs Scheidler
-
Evan Rempel
-
Fabien Wernli
-
Peter Czanik (pczanik)