Univention Bugzilla – Bug 56235
ucsschool-id-connector listener_trash_cleaner script missing executable flag
Last modified: 2023-08-21 12:21:32 CEST
+++ This bug was initially created as a clone of Bug #53048 +++ The folder /var/lib/univention-appcenter/apps/ucsschool-id-connector/data/listener/trash/ consumed 12.2GB within 6 months of usage. I suggest a way to set an automatic removal of those json-Files in a logrotate-ish way. ------------------------------------------------ Since id-connector 2.2.6 we have a cronjob for this and a script, to delete the files in the trash dir. But the files will not be deleted by the cronjob, because the py script in the docker container under /etc/periodic/daily/listener_trash_cleaner have permission issues, because it's not executable. We did some tests and create a workaround for this bug. 1) Go into the container from the ucs@school-idconnector univention-app shell ucsschool-id-connector 2)ls -la /etc/periodic/daily/ total 20 drwxr-xr-x 1 root root 4096 Jun 14 10:10 . drwxr-xr-x 1 root root 4096 Jun 14 10:08 .. -rw-rw-rw- 1 root root 851 Jun 14 10:10 listener_trash_cleaner 3) chmod +x /etc/periodic/daily/listener_trash_cleaner 4) Just for a test, you can create a file on the host(ucs) system trash folder, which is older than the specified number of days with: touch -a -m -t <date> "/var/lib/univention-appcenter/apps/ucsschool-id-connector/data/listener/trash/test.json" 5) Again into the container univention-app shell ucsschool-id-connector 6) ls -la /etc/periodic/daily/ total 20 drwxr-xr-x 1 root root 4096 Jun 14 10:10 . drwxr-xr-x 1 root root 4096 Jun 14 10:08 .. -rwxrwxrwx 1 root root 851 Jun 14 10:10 listener_trash_cleaner 7)run-parts /etc/periodic/daily/ So the script is now useable and the trash folder will be empty.
Here are is a different workaround from the customer and some idea's and questions: "3) chmod +x /etc/periodic/daily/listener_trash_cleaner" I find problematic, this gives "everyone" write access to an executable that is run via cron with root privileges, I set the access like this: -r-xr--r-- 1 root root 851 Jun 14 10:10 listener_trash_cleaner It still does not run automatically, the cron service does not run in docker: /ucsschool-id-connector # service crond status. * status: stopped I then started the service manually and "listener_trash_cleaner" was also executed. I also created a logfile /var/log/messages in Docker, which contains at least the calls according to crontab: ... Jul 2 02:00:01 ucssc-78272042 cron.info crond[1951]: USER root pid 6246 cmd run-parts /etc/periodic/hourly Jul 2 02:00:01 ucssc-78272042 cron.info crond[1951]: USER root pid 6247 cmd run-parts /etc/periodic/daily Jul 2 02:15:00 ucssc-78272042 cron.info crond[1951]: USER root pid 6250 cmd run-parts /etc/periodic/15min Jul 2 02:30:00 ucssc-78272042 cron.info crond[1951]: USER root pid 6251 cmd run-parts /etc/periodic/15min ... Now I have the questions: 1. how do I get crond to start automatically after a docker restart? 2. is there a logrotate for messages? 3. wouldn't it be good if "listener_trash_cleaner" would write something to the log? 4. are the necessary adjustments taken into account when updating the ID-Connector?
An edit for the workaround: We did some tests and create a workaround for this bug. 1) Go into the container from the ucs@school-idconnector univention-app shell ucsschool-id-connector 2)ls -la /etc/periodic/daily/ total 20 drwxr-xr-x 1 root root 4096 Jun 14 10:10 . drwxr-xr-x 1 root root 4096 Jun 14 10:08 .. -rw-rw-rw- 1 root root 851 Jun 14 10:10 listener_trash_cleaner 3) chmod +x /etc/periodic/daily/listener_trash_cleaner 4) Just for a test, you can create a file on the host(ucs) system trash folder, which is older than the specified number of days with: touch -a -m -t <date> "/var/lib/univention-appcenter/apps/ucsschool-id-connector/data/listener/trash/test.json" 5) Again into the container univention-app shell ucsschool-id-connector 6) ls -la /etc/periodic/daily/ total 20 drwxr-xr-x 1 root root 4096 Jun 14 10:10 . drwxr-xr-x 1 root root 4096 Jun 14 10:08 .. -rwxrwxrwx 1 root root 851 Jun 14 10:10 listener_trash_cleaner 7) Start the crond service in the container univention-app shell ucsschool-id-connector /etc/init.d/crond start or do the cronjob directly run-parts /etc/periodic/daily/
Code review / QA was done on MR - [x] jenkins branch job good - [x] pipelines ok - [x] code ok - [x] changelog ok - [x] manual QA (see below) $ ls -l /etc/periodic/daily/listener_trash_cleaner -rwxrwxrwx 1 root root 851 Aug 15 11:20 /etc/periodic/daily/listener_trash_cleaner $ pgrep cron 173 test_trash_collection.py::test_cleanup_script_executeable PASSED [ 50%] test_trash_collection.py::test_cleanup PASSED [100%] test_trash_collection.py::test_cron_daemon_active PASSED [100%] $ touch -a -m -t 202305240130.09 "/var/lib/univention-appcenter/apps/ucsschool-id-connector/data/listener/trash/very_old.json" $ touch -a -m -t 202307240130.09 "/var/lib/univention-appcenter/apps/ucsschool-id-connector/data/listener/trash/three_weeks_old.json" $ touch -a -m -t 202308010130.09 "/var/lib/univention-appcenter/apps/ucsschool-id-connector/data/listener/trash/two_weeks_old.json" $ touch -a -m -t 202308160130.09 "/var/lib/univention-appcenter/apps/ucsschool-id-connector/data/listener/trash/today.json" $ cp /etc/periodic/daily/listener_trash_cleaner /etc/periodic/15min/ $ ls -l /var/lib/univention-appcenter/apps/ucsschool-id-connector/data/listener/trash/ -rw-r--r-- 1 root root 0 Jul 24 01:30 three_weeks_old.json -rw-r--r-- 1 root root 0 Aug 16 01:30 today.json -rw-r--r-- 1 root root 0 Aug 1 01:30 two_weeks_old.json -rw-r--r-- 1 root root 0 May 24 01:30 very_old.json (...15 minutes later...) $ ls -l /var/lib/univention-appcenter/apps/ucsschool-id-connector/data/listener/trash/ -rw-r--r-- 1 root root 0 Jul 24 01:30 three_weeks_old.json -rw-r--r-- 1 root root 0 Aug 16 01:30 today.json -rw-r--r-- 1 root root 0 Aug 1 01:30 two_weeks_old.json # I did the same thing while deactivating the feature -> the file was not deleted /ucsschool-id-connector # pgrep cron 173 root@primary:~# univention-app restart ucsschool-id-connector Restarting docker-app-ucsschool-id-connector (via systemctl): docker-app-ucsschool-id-connector.service. root@primary:~# univention-app shell ucsschool-id-connector /ucsschool-id-connector # pgrep cron 173 $ ls -l /etc/periodic/daily/ -rwxrwxrwx 1 root root 851 Aug 15 11:20 listener_trash_cleaner
jenkins is happy; verify
Updates for UCS@school ID Connector 2.2.8 have been released. https://docs.software-univention.de/ucsschool-id-connector/HISTORY.html If this error occurs again, please clone this bug.