Comment 1 Arvid Requate 2023-01-23 18:25:30 CET

See Ticket#2023012321000275, the UCR template generates a broken logrotate config.

Not sure why this is closed. The issue still exists on 5.0-2 errata 547. "Moved"? Moved where? Will this be fixed, or do I have to fix it myself?

Comment 3 Erik Damrose 2023-01-24 12:04:53 CET

"Resolved moved" means, that a fix has been proposed in a git branch, which will be reviewed before it is moved to the main branch for the final QA. This bug is in active development and will be released as an errata release.

Comment 4 Arvid Requate 2023-01-24 12:06:54 CET

merge request reviews by Florian, merged and ready for release QA

e020ff0cc5 | Fix logrotate syntax
c3d49fd97a | Advisory update

Ah, that makes sense. Thanks for the explanation, Erik.

Comment 6 Johannes Lohmer 2023-01-24 16:18:16 CET

OK: Code
OK: Changelog
OK: Yaml
OK: Package Built
OK: Regression Fixed
 
Tested with Version 14.0.5-6A~5.0.0.202204260244 (old working)
Reproduced regression by installing Version 14.0.5-8A~5.0.0.202301181639
New Version: 14.0.5-9A~5.0.0.202301241158 Fixed the regression and added the the correct third section to /etc/logrotate.d/samba

Comment 7 Philipp Hahn 2023-01-25 12:47:57 CET

<https://errata.software-univention.de/#/?erratum=5.0x553>

Unfortunately, errata 553 doesn't fully fix the issue.

On one of our memberservers the following files exist:

[0 root@kyushu /var/log/samba] date
2023-01-25 17:40:38 +0100
[0 root@kyushu /var/log/samba] ls -l log.samba-dcerpcd log.rpcd_*
-rw-r--r-- 1 root root 1922498 2023-01-25 17:14 log.rpcd_classic
-rw-r--r-- 1 root root       0 2022-07-03 07:13 log.rpcd_epmapper
-rw-r--r-- 1 root root       0 2022-07-03 07:13 log.rpcd_fsrvp
-rw-r--r-- 1 root root   70300 2023-01-25 16:05 log.rpcd_lsad
-rw-r--r-- 1 root root   54828 2023-01-24 09:01 log.rpcd_mdssvc
-rw-r--r-- 1 root root       0 2022-07-03 07:13 log.rpcd_rpcecho
-rw-r--r-- 1 root root  831706 2022-12-21 15:29 log.rpcd_spoolss
-rw-r--r-- 1 root root 2359104 2023-01-25 17:14 log.rpcd_winreg
-rw-r--r-- 1 root root   82368 2023-01-25 17:14 log.samba-dcerpcd

As you can see several of those files exists & have been written to recently. Therefore logrotate will try to rotate them.

According to /etc/logrotate.d/samba the following is the postrotate snippet:

{ pidof samba-dcerpcd && pkill --signal HUP samba-dcerpcd; } > /dev/null

Executing this manually followed by "echo $?" shows that this exits with 1. Therefore logrotate will exit with a failure as well, complaining about the postrotate script failing.

The snippet fails because there's no "samba-dcerpcd" process running. Therefore the whole snippet fails as well.

This is different from gating the pkill with "if … then … fi" as "if"s will not pass the exit code of the failing condition:

[0 root@kyushu /var/log/samba] bash
root@kyushu:/var/log/samba# if false ; then echo no ; fi ; echo $?
0
root@kyushu:/var/log/samba#

Changing the postrotate snippet to the following should therefore work:

if pidof samba-dcerpcd > /dev/null; then
  pkill --signal HUP samba-dcerpcd > /dev/null
fi

[0 root@kyushu ~] ucr search --brief \^version/
version/erratalevel: 556
version/patchlevel: 2
version/releasename: Blumenthal
version/version: 5.0

That being said, there's still the question of why something writes to those files on memberservers even though there's no process called samba-dcerpcd running. Maybe some other process should be HUP'ed as well.

Comment 9 Arvid Requate 2023-01-25 18:17:04 CET

Will be handled via Bug 55597.