Page MenuHomePhabricator
Create Task
Maniphest T358539

Icinga Log Permission Conflict with Puppet Configuration
Closed, ResolvedPublicBUG REPORT
Actions

Description

Problem:
Icinga writes logs as nagios:nagios to /var/log/icinga/icinga.log. However, Puppet sets the permissions of the /var/log/icinga directory as follows:

file { '/var/log/icinga':
   ensure => 'directory',
   owner => $icinga_user,
   group => 'adm',
   mode => '2755',
}

This configuration causes Puppet to change the permissions on every run, with the following notice: Notice: /Stage[main]/Icinga/File[/var/log/icinga/icinga.log]/group: group changed 'nagios' to 'adm' (corrective).

Proposed Solutions:

  1. Option 1: Configure Icinga to write logs as nagios:adm.
  2. Option 2: Update Puppet permissions to set nagios as the group for the /var/log/icinga directory.

Details

SubjectRepoBranchLines +/-
icinga: Set log group to 'nagios' to resolve permission conflictsoperations/puppetproduction+1 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

andrea.denisse created this task.Feb 27 2024, 1:07 AM
Restricted Application removed a project: Patch-For-Review. · View Herald TranscriptFeb 27 2024, 1:07 AM
andrea.denisse claimed this task.Feb 27 2024, 1:07 AM
gerritbot added a comment.Feb 29 2024, 3:57 AM

Change 1007470 had a related patch set uploaded (by Andrea Denisse; author: Andrea Denisse):

[operations/puppet@production] icinga: Set log group to 'adm' for consistency with other tools

https://gerrit.wikimedia.org/r/1007470

gerritbot added a project: Patch-For-Review.Feb 29 2024, 3:57 AM
gerritbot added a comment.Feb 29 2024, 7:48 PM

Change 1007470 had a related patch set uploaded (by Andrea Denisse; author: Andrea Denisse):

[operations/puppet@production] icinga: Set log group to 'nagios' to resolve permission conflicts

https://gerrit.wikimedia.org/r/1007470

gerritbot added a comment.Mar 5 2024, 3:10 PM

Change 1007470 merged by Andrea Denisse:

[operations/puppet@production] icinga: Set log group to 'nagios' to resolve permission conflicts

https://gerrit.wikimedia.org/r/1007470

andrea.denisse closed this task as Resolved.Mar 5 2024, 7:17 PM
lmata moved this task from Inbox to Done on the SRE Observability (FY2023/2024-Q3) board.Thu, Apr 4, 6:12 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL