Create a new log directory exclusively for file-transfer-server, where log files must be stored.
This will likely fix selinux issues upon relabeling and logrotate.
Restorecon :
Launching restorecon on /var/opt/belledonne-communications/log recursively had the effect to relabel all the files. As /var/opt/belledonne-communications/log label was managed by Flexisip, under the label var_log_t, this caused issues with Apache and logrotate.
Apache was not able to write on the existing file-transfer-server log file re-labeled as var_log_t instead of httpd_log_t.
During logrotate, the creation of new files use the label of parent directory, causing the same issue as above. That's why we need the file-transfer-server to have its own exclusive log dir, which would be set to tag httpd_log_t instead of var_log_t.
Activity
assigned to @KyronNextLevel
added 1 commit
- 889f2069 - Only remove selinux label on uninstall, not on update
added 1 commit
- c5d4bc19 - Debian fix by removing useless files in %install also declared in %files
added 1 commit
- 1343f107 - Do not create log files and directories in %posttrans as they are supposed to...
added 1 commit
- 0b28fead - Do not create log file as ghost to allow it to be created withing the package...
added 1 commit
- c7d4ea5b - Make it clear that we dont test the features, but only if the installation of...
requested review from @johan
Nous avons 2 choix :
- soit préparer un script de migration qui devra se lancer après l'installation de ce paquet (ou un manuel) lors d'une mise à jour
- soit intégrer ce script directement dans les scriptlets de mise à jour, ce qui aurait pour impact de devoir les garder le temps que tout le monde migre, ou imposer de passer par une version intermédiaire.
Je préfère la première option.
J'ai déjà préparé des instructions pour conserver les anciens fichiers de logs entre 2 mises à jour. Je vais les lister ici et y ajouter les changements de config.
Edited by Peio RigauxScript de migration (remplacer le groupe apache par www-data pour Debian) :
# Gestion de Selinux sudo mkdir -p /var/opt/belledonne-communications/log/file-transfer-server-temp sudo chown -R apache:apache /var/opt/belledonne-communications/log/file-transfer-server-temp sudo semanage fcontext -a -t httpd_log_t "/var/opt/belledonne-communications/log/file-transfer-server-temp(/.*)?" sudo restorecon -v /var/opt/belledonne-communications/log/flexisip-http-file-transfer-server sudo cp /var/opt/belledonne-communications/log/flexisip-http-file-transfer-server.log /var/opt/belledonne-communications/log/file-transfer-server-temp sudo dnf install bc-flexisip-http-file-transfer-server sudo mv /var/opt/belledonne-communications/log/file-transfer-server-temp/* /var/opt/belledonne-communications/log/flexisip-http-file-transfer-server sudo rm -rf /var/opt/belledonne-communications/log/file-transfer-server-temp sudo semanage fcontext -d -t httpd_log_t "/var/opt/belledonne-communications/log/file-transfer-server-temp(/.*)?" # Mise à jour de la conf sudo sed -i 's/\/var\/opt\/belledonne-communications\/log\/http-file-transfer-server\*.log /\/var\/opt\/belledonne-communications\/log\/flexisip-http-file-transfer-server\/flexisip-http-file-transfer-server\*.log/g' /etc/logrotate.d/flexisip-http-file-transfer-server.conf sudo sed -i 's/\/var\/opt\/belledonne-communications\/log\/flexisip-http-file-transfer-server.log/\/var\/opt\/belledonne-communications\/log\/flexisip-http-file-transfer-server\/flexisip-http-file-transfer-server.log/g' /etc/flexisip-http-file-transfer-server/flexisip-http-file-transfer-server.confEdited by Peio Rigauxadded 2 commits
