Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow manage logrotates and disable logrotate for for Debian by default #213

Open
wants to merge 28 commits into
base: main
Choose a base branch
from
Open

Allow manage logrotates and disable logrotate for for Debian by default #213

wants to merge 28 commits into from

Conversation

wolfaba
Copy link

@wolfaba wolfaba commented Feb 13, 2024

Debian freeradius package installes own logrotate configs.

This patch adds option manage_logrotate and set for Debian false by default and for other keeps original (true) functionality (install logrotate configs).

@wolfaba wolfaba changed the title Allow managet logrotates and disable logrotate for for Debian by default Allow manage logrotates and disable logrotate for for Debian by default Feb 13, 2024
@wolfaba wolfaba mentioned this pull request Feb 13, 2024
Open
@nward
Copy link
Collaborator

nward commented Feb 13, 2024

Hi - this looks good, thanks!
Did this change at some point in Debian? If so it would make sense to scope this to only versions since the change was made. Is this true for Ubuntu as well?

@wolfaba
Copy link
Author

wolfaba commented Feb 13, 2024

Hello @nward ,
thank you for review.

I have downloaded now the debian freeradius packages, even from debian archive:

freeradius_1.0.2-4sarge3_i386.deb
freeradius_1.1.3-3_amd64.deb
freeradius_1.1.3-3_i386.deb
freeradius_2.0.4+dfsg-6_amd64.deb
freeradius_2.0.4+dfsg-6_i386.deb
freeradius_2.1.10+dfsg-2+squeeze1_amd64.deb
freeradius_2.1.10+dfsg-2+squeeze1_i386.deb
freeradius_2.1.12+dfsg-1.2_amd64.deb
freeradius_2.1.12+dfsg-1.2_i386.deb
freeradius_2.2.5+dfsg-0.1~bpo70+1_amd64.deb
freeradius_2.2.5+dfsg-0.1~bpo70+1_i386.deb
freeradius_2.2.5+dfsg-0.2+deb8u1_amd64.deb
freeradius_2.2.5+dfsg-0.2+deb8u1_i386.deb
freeradius_3.0.12+dfsg-5+deb9u1_amd64.deb
freeradius_3.0.12+dfsg-5+deb9u1_i386.deb
freeradius_3.0.17+dfsg-1.1+deb10u1_amd64.deb
freeradius_3.0.17+dfsg-1.1+deb10u1_i386.deb
freeradius_3.0.21+dfsg-2.2+deb11u1_amd64.deb
freeradius_3.0.21+dfsg-2.2+deb11u1~bpo10+1_amd64.deb
freeradius_3.0.21+dfsg-2.2+deb11u1~bpo10+1_i386.deb
freeradius_3.0.21+dfsg-2.2+deb11u1_i386.deb
freeradius_3.2.1+dfsg-3~bpo11+1_amd64.deb
freeradius_3.2.1+dfsg-3~bpo11+1_i386.deb
freeradius_3.2.1+dfsg-4+deb12u1_amd64.deb
freeradius_3.2.1+dfsg-4+deb12u1_i386.deb
freeradius_3.2.3+dfsg-2+b2_amd64.deb
freeradius_3.2.3+dfsg-2+b2_i386.deb

and I can see logrotate file in every package:

$ for f in *.deb ; do echo "=== $f ===" ; dpkg-deb -c "$f"  | grep -Fi logrot ; done
=== freeradius_1.0.2-4sarge3_i386.deb ===
drwxr-xr-x root/root         0 2006-08-06 22:11 ./etc/logrotate.d/
-rw-r--r-- root/root        71 2006-08-06 22:11 ./etc/logrotate.d/freeradius
=== freeradius_1.1.3-3_amd64.deb ===
drwxr-xr-x root/root         0 2006-12-17 01:08 ./etc/logrotate.d/
-rw-r--r-- root/root        71 2006-12-17 01:08 ./etc/logrotate.d/freeradius
=== freeradius_1.1.3-3_i386.deb ===
drwxr-xr-x root/root         0 2006-12-17 00:49 ./etc/logrotate.d/
-rw-r--r-- root/root        71 2006-12-17 00:49 ./etc/logrotate.d/freeradius
=== freeradius_2.0.4+dfsg-6_amd64.deb ===
drwxr-xr-x root/root         0 2008-09-07 19:43 ./etc/logrotate.d/
-rw-r--r-- root/root       100 2008-09-07 19:43 ./etc/logrotate.d/freeradius
=== freeradius_2.0.4+dfsg-6_i386.deb ===
drwxr-xr-x root/root         0 2008-09-08 01:36 ./etc/logrotate.d/
-rw-r--r-- root/root       100 2008-09-08 01:36 ./etc/logrotate.d/freeradius
=== freeradius_2.1.10+dfsg-2+squeeze1_amd64.deb ===
drwxr-xr-x root/root         0 2012-09-11 19:07 ./etc/logrotate.d/
-rw-r--r-- root/root       234 2012-09-11 19:07 ./etc/logrotate.d/freeradius
=== freeradius_2.1.10+dfsg-2+squeeze1_i386.deb ===
drwxr-xr-x root/root         0 2012-09-11 19:39 ./etc/logrotate.d/
-rw-r--r-- root/root       234 2012-09-11 19:39 ./etc/logrotate.d/freeradius
=== freeradius_2.1.12+dfsg-1.2_amd64.deb ===
drwxr-xr-x root/root         0 2012-12-16 22:29 ./etc/logrotate.d/
-rw-r--r-- root/root       234 2012-12-16 22:29 ./etc/logrotate.d/freeradius
=== freeradius_2.1.12+dfsg-1.2_i386.deb ===
drwxr-xr-x root/root         0 2012-12-16 23:04 ./etc/logrotate.d/
-rw-r--r-- root/root       234 2012-12-16 23:04 ./etc/logrotate.d/freeradius
=== freeradius_2.2.5+dfsg-0.1~bpo70+1_amd64.deb ===
drwxr-xr-x root/root         0 2014-10-28 17:28 ./etc/logrotate.d/
-rw-r--r-- root/root       234 2014-10-28 17:28 ./etc/logrotate.d/freeradius
=== freeradius_2.2.5+dfsg-0.1~bpo70+1_i386.deb ===
drwxr-xr-x root/root         0 2014-11-06 10:48 ./etc/logrotate.d/
-rw-r--r-- root/root       234 2014-11-06 10:48 ./etc/logrotate.d/freeradius
=== freeradius_2.2.5+dfsg-0.2+deb8u1_amd64.deb ===
drwxr-xr-x root/root         0 2017-08-10 09:25 ./etc/logrotate.d/
-rw-r--r-- root/root       234 2017-08-10 09:25 ./etc/logrotate.d/freeradius
=== freeradius_2.2.5+dfsg-0.2+deb8u1_i386.deb ===
drwxr-xr-x root/root         0 2017-08-10 09:49 ./etc/logrotate.d/
-rw-r--r-- root/root       234 2017-08-10 09:49 ./etc/logrotate.d/freeradius
=== freeradius_3.0.12+dfsg-5+deb9u1_amd64.deb ===
drwxr-xr-x root/root         0 2017-08-10 09:05 ./etc/logrotate.d/
-rw-r--r-- root/root      1108 2017-05-30 17:18 ./etc/logrotate.d/freeradius
=== freeradius_3.0.12+dfsg-5+deb9u1_i386.deb ===
drwxr-xr-x root/root         0 2017-08-10 09:05 ./etc/logrotate.d/
-rw-r--r-- root/root      1108 2017-05-30 17:18 ./etc/logrotate.d/freeradius
=== freeradius_3.0.17+dfsg-1.1+deb10u1_amd64.deb ===
drwxr-xr-x root/root         0 2022-08-27 21:29 ./etc/logrotate.d/
-rw-r--r-- root/root      1120 2019-04-22 23:23 ./etc/logrotate.d/freeradius
=== freeradius_3.0.17+dfsg-1.1+deb10u1_i386.deb ===
drwxr-xr-x root/root         0 2022-08-27 21:29 ./etc/logrotate.d/
-rw-r--r-- root/root      1120 2019-04-22 23:23 ./etc/logrotate.d/freeradius
=== freeradius_3.0.21+dfsg-2.2+deb11u1_amd64.deb ===
drwxr-xr-x root/root         0 2021-09-03 16:47 ./etc/logrotate.d/
-rw-r--r-- root/root      1120 2021-09-03 16:47 ./etc/logrotate.d/freeradius
=== freeradius_3.0.21+dfsg-2.2+deb11u1~bpo10+1_amd64.deb ===
drwxr-xr-x root/root         0 2021-10-17 22:01 ./etc/logrotate.d/
-rw-r--r-- root/root      1120 2021-10-17 22:01 ./etc/logrotate.d/freeradius
=== freeradius_3.0.21+dfsg-2.2+deb11u1~bpo10+1_i386.deb ===
drwxr-xr-x root/root         0 2021-10-17 22:01 ./etc/logrotate.d/
-rw-r--r-- root/root      1120 2021-10-17 22:01 ./etc/logrotate.d/freeradius
=== freeradius_3.0.21+dfsg-2.2+deb11u1_i386.deb ===
drwxr-xr-x root/root         0 2021-09-03 16:47 ./etc/logrotate.d/
-rw-r--r-- root/root      1120 2021-09-03 16:47 ./etc/logrotate.d/freeradius
=== freeradius_3.2.1+dfsg-3~bpo11+1_amd64.deb ===
drwxr-xr-x root/root         0 2023-04-05 15:35 ./etc/logrotate.d/
-rw-r--r-- root/root      1120 2023-04-05 15:35 ./etc/logrotate.d/freeradius
=== freeradius_3.2.1+dfsg-3~bpo11+1_i386.deb ===
drwxr-xr-x root/root         0 2023-04-05 15:35 ./etc/logrotate.d/
-rw-r--r-- root/root      1120 2023-04-05 15:35 ./etc/logrotate.d/freeradius
=== freeradius_3.2.1+dfsg-4+deb12u1_amd64.deb ===
drwxr-xr-x root/root         0 2023-08-19 00:26 ./etc/logrotate.d/
-rw-r--r-- root/root      1120 2023-08-19 00:26 ./etc/logrotate.d/freeradius
=== freeradius_3.2.1+dfsg-4+deb12u1_i386.deb ===
drwxr-xr-x root/root         0 2023-08-19 00:26 ./etc/logrotate.d/
-rw-r--r-- root/root      1120 2023-08-19 00:26 ./etc/logrotate.d/freeradius
=== freeradius_3.2.3+dfsg-2+b2_amd64.deb ===
drwxr-xr-x root/root         0 2024-01-11 11:08 ./etc/logrotate.d/
-rw-r--r-- root/root      1120 2023-07-02 22:23 ./etc/logrotate.d/freeradius
=== freeradius_3.2.3+dfsg-2+b2_i386.deb ===
drwxr-xr-x root/root         0 2024-01-11 10:18 ./etc/logrotate.d/
-rw-r--r-- root/root      1120 2023-07-02 22:23 ./etc/logrotate.d/freeradius

So I presume, it was there everytime and nothing has changed. In Ubuntu is the same output

$ for f in *.deb ; do echo "=== $f ===" ; dpkg-deb -c "$f"  | grep -Fi logrot ; done
=== freeradius_2.1.12+dfsg-1.2ubuntu8.2_amd64.deb ===
drwxr-xr-x root/root         0 2017-07-26 17:32 ./etc/logrotate.d/
-rw-r--r-- root/root       246 2017-07-26 17:32 ./etc/logrotate.d/freeradius
=== freeradius_2.1.12+dfsg-1.2ubuntu8.2_i386.deb ===
drwxr-xr-x root/root         0 2017-07-26 17:31 ./etc/logrotate.d/
-rw-r--r-- root/root       246 2017-07-26 17:31 ./etc/logrotate.d/freeradius
=== freeradius_2.1.12+dfsg-1.2ubuntu8_amd64.deb ===
drwxr-xr-x root/root         0 2014-02-24 15:58 ./etc/logrotate.d/
-rw-r--r-- root/root       234 2014-02-24 15:58 ./etc/logrotate.d/freeradius
=== freeradius_2.1.12+dfsg-1.2ubuntu8_i386.deb ===
drwxr-xr-x root/root         0 2014-02-24 16:01 ./etc/logrotate.d/
-rw-r--r-- root/root       234 2014-02-24 16:01 ./etc/logrotate.d/freeradius
=== freeradius_2.2.8+dfsg-0.1build2_amd64.deb ===
drwxr-xr-x root/root         0 2016-04-05 15:41 ./etc/logrotate.d/
-rw-r--r-- root/root       234 2015-09-14 16:38 ./etc/logrotate.d/freeradius
=== freeradius_2.2.8+dfsg-0.1build2_i386.deb ===
drwxr-xr-x root/root         0 2016-04-05 15:40 ./etc/logrotate.d/
-rw-r--r-- root/root       234 2015-09-14 16:38 ./etc/logrotate.d/freeradius
=== freeradius_2.2.8+dfsg-0.1ubuntu0.1_amd64.deb ===
drwxr-xr-x root/root         0 2017-07-26 17:28 ./etc/logrotate.d/
-rw-r--r-- root/root       234 2015-09-14 16:38 ./etc/logrotate.d/freeradius
=== freeradius_2.2.8+dfsg-0.1ubuntu0.1_i386.deb ===
drwxr-xr-x root/root         0 2017-07-26 17:30 ./etc/logrotate.d/
-rw-r--r-- root/root       234 2015-09-14 16:38 ./etc/logrotate.d/freeradius
=== freeradius_3.0.16+dfsg-1ubuntu3.2_amd64.deb ===
drwxr-xr-x root/root         0 2023-01-04 04:18 ./etc/logrotate.d/
-rw-r--r-- root/root      1120 2018-01-22 23:47 ./etc/logrotate.d/freeradius
=== freeradius_3.0.16+dfsg-1ubuntu3.2_i386.deb ===
drwxr-xr-x root/root         0 2023-01-04 04:18 ./etc/logrotate.d/
-rw-r--r-- root/root      1120 2018-01-22 23:47 ./etc/logrotate.d/freeradius
=== freeradius_3.0.16+dfsg-1ubuntu3_amd64.deb ===
drwxr-xr-x root/root         0 2018-02-28 07:51 ./etc/logrotate.d/
-rw-r--r-- root/root      1120 2018-01-22 23:47 ./etc/logrotate.d/freeradius
=== freeradius_3.0.16+dfsg-1ubuntu3_i386.deb ===
drwxr-xr-x root/root         0 2018-02-28 07:51 ./etc/logrotate.d/
-rw-r--r-- root/root      1120 2018-01-22 23:47 ./etc/logrotate.d/freeradius
=== freeradius_3.0.20+dfsg-3build1_amd64.deb ===
drwxr-xr-x root/root         0 2020-01-25 07:11 ./etc/logrotate.d/
-rw-r--r-- root/root      1120 2019-12-09 23:42 ./etc/logrotate.d/freeradius
=== freeradius_3.0.20+dfsg-3ubuntu0.2_amd64.deb ===
drwxr-xr-x root/root         0 2023-01-04 04:22 ./etc/logrotate.d/
-rw-r--r-- root/root      1120 2022-04-13 21:54 ./etc/logrotate.d/freeradius
=== freeradius_3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.1_amd64.deb ===
=== freeradius_3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.2_amd64.deb ===
=== freeradius_3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3_amd64.deb ===
=== freeradius_3.2.1+dfsg-1_amd64.deb ===
=== freeradius_3.2.3+dfsg-2_amd64.deb ===
=== freeradius_3.2.3+dfsg-2build2_amd64.deb ===

(I could not list the content of the last ubuntu deb files, because I work on Gentoo and the dpkg could not unpack them, but I presume the logrotate config is still there).

Regards,
Robert Wolf.

@nward
Copy link
Collaborator

nward commented Feb 13, 2024
edited
Loading

Great, thanks!

I have been pondering this a little - other distros, for example Redhat/CentOS, also include logrotate config.

In Redhat/CentOS the logrotate config is replaced by logrotate::rule { 'radiusd': .
In Debian, that isn't the case, because it's called /etc/logrotate.d/freeradius rather than /etc/logrotate.d/radiusd, and presumably you get logrotate running conflicting configuration (or, it probably actually merges the two things, I can't remember logrotate's behaviour - either way not what you would want).

Perhaps a better approach would be to parameterise logrotate::rule { 'radiusd': . i.e.:

logrotate::rule { 'radiusd':
  rulename => $freeradius::params::logrotate_rulename,
  ...

and in params.pp:

  $logrotate_rulename = $::osfamily ? {
    'Debian' => 'freeradius',
    'RedHat'  => 'radiusd',
    default => 'radiusd',
  }

I think that would give the best behaviour - i.e. it would be the same on both OSes, in that it would replace any OS-provided logrotate config.

I think that having manage_logrotate as an option that is default true on every OS would be a good idea in addition to the above - because it would mean folks would disable it if they want to use the OS provided logrotate config, or some other logrotate config they want to modify. I don't think that that option should have different behaviour on different OSes, though.

Does that make sense?

@wolfaba
Copy link
Author

wolfaba commented Feb 13, 2024

Hello @nward ,
yes, your proposal makes sense.
One question. In the module, there are three rules for the logfiles rotation. But package creates one logrotate config files for all three logfiles. How do you merge all these rules into one debian logrotate file?

@nward
Copy link
Collaborator

nward commented Feb 13, 2024

I don't think you need to make them all go in to one file.
They goal is to make sure that /etc/logrotate.d/freeradius is replaced on debian, so as long as one of them has rulename => 'freeradius' (or equivalent via params) then that will happen. The others can be in separate files so don't need to be modified.

@wolfaba
Copy link
Author

wolfaba commented Feb 13, 2024

oh, sorry, I understand now. You are right. Either will be no file created by puppet module and then there will be original debian logrotate file with all three (or more) files. Or puppet module overwrites debian package multi-logfile config with one logfile and creates other two logrotate config files for other logfiles.
That sounds good 👍
Thank you.

djjudas21 and others added 8 commits March 18, 2024 13:00
@djjudas21
Merge pull request djjudas21#212 from sohonet/feature/snmp_traps
0ddb4d1 
Individual SNMP trap enabling
@JGodin-C2C
improvment: add a new parameter to allow the use of vulnerable SSL/TL…
3b91c4d 
…S versions

Signed-off-by: Julien Godin <[email protected]>
@djjudas21
Merge pull request djjudas21#215 from camptocamp/allow_vuln_ssl
90109c9 
improvment: add a new parameter to allow the use of vulnerable SSL/TLS
@JGodin-C2C
fix: allow vulnerable ssl versions
89e4243 
Signed-off-by: Julien Godin <[email protected]>
@djjudas21
Merge pull request djjudas21#216 from camptocamp/allow_vuln_ssl
4ddee71
@coreone @djjudas21
Remove is_ip_address function removed from stdlib in 9.x
75d354d 
Bump the lower bound on stdlib to 5.0.0
@nward
Update the puppetlabs firewall module requirement to be >7
93b3c83
@nward
Update calls to the firewall module with modern parameters
a314d78
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@wolfaba @nward @deligatedgeek @djjudas21 @JGodin-C2C @coreone