The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My work

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,811 other followers

What runs logrotate in OpenSUSE 13.2?

Posted by jpluimers on 2016/11/04

Historically, on many systems, logrotate is being ran from a daily cron job. Many tutorials still presume that, for instance HowTo: The Ultimate Logrotate Command Tutorial with 10 Examples.

I still thought it would and after writing On OpenSuSE, when adding Apache vhosts with their own log files don’t forget to update your logrotate configuration I was anxious to see when logrotate would run the second time.

So I tried finding it in the cron.daily and it wasn’t there.

OpenSuSE 13.2 changed how logrotate is inficated: from there on (including both Tumbleweed and LEAP) logrotate is ran from the systemd service:

logrotate is a systemd service in 13.2 (/usr/lib/systemd/system/logrotate.service) and it is run periodically by a systemd timer (not cron).

Have a look at /usr/lib/systemd/system/logrotate.timer and “man systemd.timer”.

You can view the status of the logrotate.timer that fires it every day:

systemctl status logrotate.timer

It triggers logrotate and reads the config in /etc/logrotate.conf for basic global settings and then files in /etc/logrotate.d/* for custom settings for specific files.

Which means you should not mess around with files in /etc/logrotate.d/ as each file there will be processed. So don’t leave around backup files ending in a tilde (~) or DEADJOE as it causes trouble:

Jul 07 00:00:02 revue logrotate[16121]: error: DEADJOE:5 lines must begin with a keyword or a filename (possibly in double quotes)
Jul 07 00:00:02 revue logrotate[16121]: error: DEADJOE:6 missing '{' after log files definition
Jul 07 00:00:02 revue logrotate[16121]: error: found error in file DEADJOE, skipping

There’s more you can do do debug logrotate behaviour

The below tips are all based on this thread: [Bug 913421] logrotate not running after update from 13.1 to 13.2

Show if the timer is there and counting:

# systemctl list-timers --all
NEXT                          LEFT          LAST                          PASSED    UNIT                         ACTIVATES
Fri 2016-07-08 00:00:00 CEST  5h 24min left Thu 2016-07-07 00:00:02 CEST  18h ago   logrotate.timer              logrotate.service
Fri 2016-07-08 17:51:53 CEST  23h left      Thu 2016-07-07 17:51:53 CEST  43min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service

2 timers listed.

Show the status of the logrotate service itself:

# systemctl status logrotate.service --full
● logrotate.service - Rotate log files
   Loaded: loaded (/usr/lib/systemd/system/logrotate.service; static; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2016-07-07 00:00:02 CEST; 18h ago
     Docs: man:logrotate(8)
           man:logrotate.conf(5)
  Process: 16121 ExecStart=/usr/sbin/logrotate /etc/logrotate.conf (code=exited, status=1/FAILURE)
 Main PID: 16121 (code=exited, status=1/FAILURE)

Jul 07 00:00:02 revue logrotate[16121]: error: DEADJOE:5 lines must begin with a keyword or a filename (possibly in double quotes)
Jul 07 00:00:02 revue logrotate[16121]: error: DEADJOE:6 missing '{' after log files definition
Jul 07 00:00:02 revue logrotate[16121]: error: found error in file DEADJOE, skipping
Jul 07 00:00:02 revue logrotate[16121]: error: skipping "/var/log/squidGuard/squidGuard.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
Jul 07 00:00:02 revue logrotate[16121]: compress_ext is /usr/bin/xz
Jul 07 00:00:02 revue logrotate[16121]: compress_ext was changed to .xz
Jul 07 00:00:02 revue systemd[1]: logrotate.service: Main process exited, code=exited, status=1/FAILURE
Jul 07 00:00:02 revue systemd[1]: Failed to start Rotate log files.
Jul 07 00:00:02 revue systemd[1]: logrotate.service: Unit entered failed state.
Jul 07 00:00:02 revue systemd[1]: logrotate.service: Failed with result 'exit-code'.

The bottom lines are from journalctl -u logrotate which can show more information.

In this case, fixing both issues was easy: remove DEADJOE and correct the permissions on this empty directory:

# ls -al /var/log/squidGuard/
total 0
drwxrwx--- 1 squid squid   0 Jun 16 21:08 .
drwxr-xr-x 1 root  root  962 Jul  6 17:36 ..
# chmod 750 /var/log/squidGuard/
# ls -al /var/log/squidGuard/
total 0
drwxr-x--- 1 squid squid   0 Jun 16 21:08 .
drwxr-xr-x 1 root  root  962 Jul  6 17:36 ..

If you can’t wait for the timer to fire at midnight, you can invoke the logrotate service manually (after that wait until it is finished then do something like du -csh /var/log/* or list the files):

# systemctl start logrotate.service

–jeroen

via:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: