Bug 16692 - freeradius logrotate script does not reload running daemon, causing old log file to be written after logrotate
Summary: freeradius logrotate script does not reload running daemon, causing old log f...
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 5
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard: MGA5-32-OK advisory
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2015-09-03 08:43 CEST by Stefan Puch
Modified: 2015-10-27 10:07 CET (History)
3 users (show)

See Also:
Source RPM: freeradius-2.2.8-1.mga5.src.rpm
CVE:
Status comment:


Attachments

Description Stefan Puch 2015-09-03 08:43:37 CEST
Description of problem:
After logrotate rotates /var/log/radius/radius.log, radius.log stays 
at 0 size, and output of daemon is still logged into radius.log.1 (the old rotated logfile)

The problem can be fixed by integrating a kill -HUP into logrotate script to reload the deamon.

Here is my working version:

/var/log/radius/radacct/*/detail /var/log/radius/*.log /var/log/radius/radutmp {
    monthly
    rotate 10
    nocreate
    create 640 radius adm
    missingok
    compress
    postrotate
        kill -HUP `cat /var/run/radiusd/radiusd.pid`
    endscript
}

According to RedHat, where the Bug was fixed a while ago, the problem is present since freeradius 2.1.9:
https://bugzilla.redhat.com/show_bug.cgi?id=705723

as well as in Debian
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602815

Therefore MGA4 may be affected as well?



Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-09-03 20:31:25 CEST
Does it work if you replace the logrotate config with Fedora's?
http://pkgs.fedoraproject.org/cgit/freeradius.git/plain/freeradius-logrotate

CC: (none) => luigiwalser

Comment 2 Stefan Puch 2015-09-03 21:55:51 CEST
Maybe, I would have to test (but my time is very limited at the moment) and I don't want to touch my working system right now.

But I think just adding the last three lines of the example above to the original Mageia script would be the better alternative because:

1) The Fedora version uses /sbin/service to reload the daemon which is (according to the manpage) a service to "run a System V init script" and Mageia uses systemd by default

2) the files checkrad.log and sqltrace.sql which are rotated in Fedoras version are not created by default when using radiusd (not a real problem but more complex which is unnecessary)

3) not in line which RedHat and Debian
Comment 3 David Walser 2015-09-04 15:48:00 CEST
1) The service command redirects to systemctl under systemd.

2) Even if they're not created by default, if they could be created, they should be rotated, and the config says missingok, so it's OK if they're missing.

3) No, RedHat is built from Fedora and in fact is using the same file:
https://git.centos.org/blob/rpms!freeradius.git/a827c021a04309b7ff9ad337365205b17b128063/SOURCES!freeradius-logrotate

For maintenance purposes, it would be easier for us to copy Fedora's config as long as it works.  Please test it when you get a chance and I'll commit it.
Comment 4 Stefan Puch 2015-10-16 08:47:10 CEST
So I finally got the chance / time to test the referenced file in my working system. I found no problem so far as you pointed out in 1) and 2).

As it is easier for you to copy Fedora's config you should do so! Furthermore it fixes the reported bug that the output of radiusd is logged into the already rotated file.

Thanks for your help!
Comment 5 David Walser 2015-10-16 19:35:16 CEST
Thanks for reporting back.  I had already checked this into SVN, but now I've pushed a build for Mageia 5.  Please test it and verify that it's OK (it should be basically the same as what you're using now, so I wouldn't expect any issues) and what architecture you tested.

Advisory:
----------------------------------------

Due to an error in freeradius's logrotate configuration, after log rotation,
it would continue to write to the old log file instead of the new one.  This
error has been corrected.

----------------------------------------

Updated packages in core/updates_testing:
----------------------------------------
freeradius-2.2.8-1.1.mga5
freeradius-krb5-2.2.8-1.1.mga5
freeradius-ldap-2.2.8-1.1.mga5
freeradius-postgresql-2.2.8-1.1.mga5
freeradius-mysql-2.2.8-1.1.mga5
freeradius-unixODBC-2.2.8-1.1.mga5
freeradius-sqlite-2.2.8-1.1.mga5
freeradius-yubikey-2.2.8-1.1.mga5
libfreeradius1-2.2.8-1.1.mga5
libfreeradius-devel-2.2.8-1.1.mga5
freeradius-web-2.2.8-1.1.mga5

from freeradius-2.2.8-1.1.mga5.src.rpm

Assignee: bugsquad => qa-bugs

Comment 6 Stefan Puch 2015-10-20 14:31:43 CEST
Installation works without any problems.
/etc/logrotate.d/radiusd was created as /etc/logrotate.d/radiusd.rpmnew

Diff between this two files showed only my local changes to rotate 10 instead of 4 times.

Whiteboard: (none) => MGA5-32-OK

Comment 7 David Walser 2015-10-22 18:38:28 CEST
This can be validated, as the change is not arch-specific.
Dave Hodgins 2015-10-26 00:06:03 CET

Whiteboard: MGA5-32-OK => MGA5-32-OK advisory
Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 8 Mageia Robot 2015-10-27 10:07:39 CET
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGAA-2015-0163.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.