Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Log files sometimes don't get cleared by cleanup script #95

Open
m90 opened this issue Apr 3, 2020 · 6 comments
Open

Log files sometimes don't get cleared by cleanup script #95

m90 opened this issue Apr 3, 2020 · 6 comments

Comments

@m90
Copy link

m90 commented Apr 3, 2020

I'm trying to package an application for DO using packer.

After creating my image I do run the (top-level) cleanup script provided in this repository and the (top-level) image check script.

Doing so I am running in intermittent failures, having the image check complain about un-cleared log files (either /var/log/ufw.log or /var/log/auth.log or sometimes both of them). I would assume that 75% of the build succeed, the rest will fail for the above reason.

I have a hard time understanding how these log files cannot be caught here:

find /var/log -mtime -1 -type f -exec truncate -s 0 {} \;
rm -rf /var/log/*.gz /var/log/*.[0-9] /var/log/*-????????
and it's even stranger that manually adding:

rm -f /var/log/auth.log /var/log/ufw.log

does not resolve the issue either.

Is there some race condition going on here? I also added set -eo pipefail to the cleanup script so I can be sure that it does not error on something unexpected here before trying to delete the log files.

This is the order of scripts in my Packer config

    {
      "type": "shell",
      "environment_vars": [
        "OFFEN_VERSION={{user `offen_version`}}"
      ],
      "scripts": [
        "scripts/10-install",
        "scripts/20-configure_service",
        "scripts/30-configure_firewall",
        "scripts/40-add_firstrun",
        "scripts/90-cleanup",
        "scripts/99-img_check"
      ]
    }

and for the sake of completeness this is the error output:

    digitalocean: Checking for log files in /var/log                                                                                                                                                        
    digitalocean:                                                                                                                                                                                           
    digitalocean: [WARN] un-cleared log file, /var/log/ufw.log found       
@m90 m90 changed the title Log files sometimes don't get deleted by cleanup script Log files sometimes don't get cleared by cleanup script Apr 3, 2020
@m90
Copy link
Author

m90 commented Apr 3, 2020

So I debugged this further by creating an image that does not run the check and creating a droplet from that image. It seems like someone is writing to /var/log/auth.log after it has been cleared by the cleanup script or it is never cleared:

Apr  3 13:54:43 packer-5e873f75-52b1-b812-72a0-51d57e3237b2 sshd[20845]: error: Could not load host key: /etc/ssh/ssh_host_rsa_key
Apr  3 13:54:43 packer-5e873f75-52b1-b812-72a0-51d57e3237b2 sshd[20845]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Apr  3 13:54:43 packer-5e873f75-52b1-b812-72a0-51d57e3237b2 sshd[20845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Apr  3 13:54:43 packer-5e873f75-52b1-b812-72a0-51d57e3237b2 sshd[20845]: fatal: No supported key exchange algorithms [preauth]
Apr  3 13:55:53 packer-5e873f75-52b1-b812-72a0-51d57e3237b2 sshd[20873]: error: Could not load host key: /etc/ssh/ssh_host_rsa_key
Apr  3 13:55:53 packer-5e873f75-52b1-b812-72a0-51d57e3237b2 sshd[20873]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Apr  3 13:55:53 packer-5e873f75-52b1-b812-72a0-51d57e3237b2 sshd[20873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Apr  3 13:55:53 packer-5e873f75-52b1-b812-72a0-51d57e3237b2 sshd[20873]: fatal: No supported key exchange algorithms [preauth]
Apr  3 13:56:33 packer-5e873f75-52b1-b812-72a0-51d57e3237b2 sshd[20883]: error: Could not load host key: /etc/ssh/ssh_host_rsa_key
Apr  3 13:56:33 packer-5e873f75-52b1-b812-72a0-51d57e3237b2 sshd[20883]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Apr  3 13:56:33 packer-5e873f75-52b1-b812-72a0-51d57e3237b2 sshd[20883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Apr  3 13:56:33 packer-5e873f75-52b1-b812-72a0-51d57e3237b2 sshd[20883]: fatal: No supported key exchange algorithms [preauth]
Apr  3 13:57:04 packer-5e873f75-52b1-b812-72a0-51d57e3237b2 sshd[20891]: error: Could not load host key: /etc/ssh/ssh_host_rsa_key
Apr  3 13:57:04 packer-5e873f75-52b1-b812-72a0-51d57e3237b2 sshd[20891]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Apr  3 13:57:04 packer-5e873f75-52b1-b812-72a0-51d57e3237b2 sshd[20891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Apr  3 13:57:04 packer-5e873f75-52b1-b812-72a0-51d57e3237b2 sshd[20891]: fatal: No supported key exchange algorithms [preauth]
Apr  3 13:57:09 packer-5e873f75-52b1-b812-72a0-51d57e3237b2 systemd-logind[825]: Power key pressed.
Apr  3 13:57:09 packer-5e873f75-52b1-b812-72a0-51d57e3237b2 systemd-logind[825]: Powering Off...
Apr  3 13:57:09 packer-5e873f75-52b1-b812-72a0-51d57e3237b2 systemd-logind[825]: System is powering down.
Apr  3 13:57:09 packer-5e873f75-52b1-b812-72a0-51d57e3237b2 sshd[1055]: Exiting on signal 15

This behavior seems to be tied to adding ufw like this:

#!/bin/bash
set -eo pipefail

configure_firewall () {
  ufw default deny incoming
  ufw default allow outgoing
  ufw allow ssh
  ufw allow http
  ufw allow https
  ufw --force enable
}

echo "---> Configuring UFW firewall..."
configure_firewall
echo "---> Successfully configured firewall."

as I never see the errors about non-cleared logs when I skip that step. Yet, it will create a warning about no firewall being configured.

@m90
Copy link
Author

m90 commented Apr 3, 2020

This seems to be a duplicate of #90

@scott
Copy link
Contributor

scott commented May 13, 2020

I finally had to patch img_check.sh line 634 to get it to pass and get Packer to build the image.

sudo rm /var/log/auth.log  /var/log/kern.log /var/log/ufw.log && checkLogs

Seems less than ideal.

@m90
Copy link
Author

m90 commented May 13, 2020

We worked around it by deleting the logs as the very last step of the cleanup step. This means disk space occupied by them will not be zeroed out though. The image check passes reliably when doing that though. See: https://github.com/offen/digitalocean/blob/f3d73aa1b525c6282b073df8898ea9cfb100237c/scripts/90-cleanup#L38-L41

@m90
Copy link
Author

m90 commented May 13, 2020

The most reliable way to handle this is probably: #90 (comment) - although this will be very hard when done from a CI environment or similar.

@ximon18
Copy link

ximon18 commented May 13, 2020 via email

daniellockyer added a commit to TryGhost/digitalocean-1-click that referenced this issue Jun 8, 2020
refs digitalocean/marketplace-partners#90 and digitalocean/marketplace-partners#95

- this script is breaking the build because there are some leftover logs
  from the build process that it fails on
- the logs cannot be easily removed and this issue is waiting on
  upstream resolution
daniellockyer added a commit to TryGhost/digitalocean-1-click that referenced this issue Jun 8, 2020
refs digitalocean/marketplace-partners#90 and
digitalocean/marketplace-partners#95

- there may be some leftover logs from the snapshot process which would
  cause this to fail
- commenting this out until upstream have a solution
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants