Nginx logrotate not working due to file owner on /etc/opscode/logrotate.d/nginx
Closed this issue · 2 comments
Chef Server Version
14.10.23
Platform Details
CentOS Linux release 7.9.2009
Configuration
Tiered/HA
Scenario
Nginx logrotation isn't working. I noticed this when one of the servers nearly filled up it's root filesystem.
I tried running the logrotate manually (using the command from /etc/cron.hourly/opc_logrotate), and got this error.
# logrotate -v -s /var/log/opscode/logrotate.status /etc/opscode/logrotate.conf
reading config file /etc/opscode/logrotate.conf
including /etc/opscode/logrotate.d
Ignoring nginx because the file owner is wrong (should be root).
You can see the file owner is nginx
# ls -l /etc/opscode/logrotate.d/
total 8
-rw-r--r--. 1 opscode opscode 236 Nov 13 15:04 nginx
-rw-r--r--. 1 root root 92 Nov 13 15:04 redis_lb
The file is created by the nginx recipe from the infra-server cookbook:
chef-server/omnibus/files/server-ctl-cookbooks/infra-server/recipes/nginx.rb
Lines 254 to 265 in cc2c758
The install log shows the file get created, but I didn't have logging set high enough to show the ownership being set I guess.
Recipe: infra-server::nginx
* template[/etc/opscode/logrotate.d/nginx] action create
- create new file /etc/opscode/logrotate.d/nginx
- update content in file /etc/opscode/logrotate.d/nginx from none to 9bb37e
--- /etc/opscode/logrotate.d/nginx 2021-11-22 14:21:19.640605615 +0000
+++ /etc/opscode/logrotate.d/.chef-nginx20211122-11740-wp7c7m 2021-11-22 14:21:19.639605510 +0000
@@ -1 +1,11 @@
+/var/log/opscode/nginx/*.log {
+ rotate 10
+ size 104857600
+ create 644 opscode opscode
+ delaycompress
+ sharedscripts
+ postrotate
+ /opt/opscode/embedded/sbin/nginx -c /var/opt/opscode/nginx/etc/nginx.conf -s reopen
+ endscript
Steps to Reproduce
Notes above.
Expected Result
Log rotation should work
Actual Result
Log rotation silently fails.
I'm experiencing this problem as well since upgrading to chef-server-core 14.10.23-1. Noticed because our prod Chef server was starting to run out of disk space.
root@chef:/etc/opscode/logrotate.d# logrotate -v -s /var/log/opscode/logrotate.status /etc/opscode/logrotate.conf
reading config file /etc/opscode/logrotate.conf
including /etc/opscode/logrotate.d
Ignoring nginx because the file owner is wrong (should be root or user with uid 0).
reading config file redis_lb
Reading state from file: /var/log/opscode/logrotate.status
Allocating hash table for state file, size 64 entries
Creating new state
Creating new state
Handling 1 logs
rotating pattern: /var/log/opscode/redis_lb/*.log 1000000 bytes (10 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/opscode/redis_lb/*.log
log /var/log/opscode/redis_lb/*.log does not exist -- skipping
root@chef:/etc/opscode/logrotate.d# dpkg -l|grep chef
ii chef 17.6.18-1 amd64 The full stack of chef
ii chef-server-core 14.10.23-1 amd64 The full stack of chef-server
The workaround is to chown root:root /etc/opscode/logrotate.d/nginx for now.
Chef Infra Server release 14.11.15 should fix this issue: https://downloads.chef.io/tools/infra-server?os=ubuntu