try to fix LOGSTASH-2225 #1555
try to fix LOGSTASH-2225 #1555
Conversation
Change logic from using "chroot --userspec" (which doesn't work with RHEL5) to using "sudo". Side effects: 1. It's no longer possible to explictely set the group that LS will use (LS_GROUP variable removed). 2. Related to #1, supplemental groups for logstash will now work. 3. Due to the way that sudo behaves, I had to shift logfile creation to the non-privileged part, so on upgrades, if one doesn't explicitely chown existing logfiles, it will break. Regarding elastic#3: We could probably chown the logfiles to $LS_USER from within the init script...
|
Can one of the admins verify this patch? |
|
NOTE: RHEL5 EOL is March 31, 2017 -- Why won't they let this DIE already? |
|
I can confirm this works on centos5 and SLES 11 :-) |
|
Using sudo requires 'root' be in the sudoers file. Ugh. Computers are silly. |
|
Second, this removes the chroot jail too. |
|
we can do sudo for user changes and chroot for chrooting, perhaps. I'll see about putting this into pleaserun |
|
I think chroot requires root, thus, we can't sudo first.. we can't sudo after either since sudo (or required files) wouldn't be in the root directory. Maybe work to identify EL5 and run without chroot, otherwise use #1398 ? |
|
Doesn't the chroot call simply chroot to / right now? |
jordansissel
force-pushed
the
master
branch
from
f86287d to
a536eef
Compare
|
The way it's currently done using chroot / is broken and total nonsense. |
|
I think this is a better way to do it: |
|
Jenkins standing by to test this. If you aren't a maintainer, you can ignore this comment. Someone with commit access, please review this and clear it for Jenkins to run; then say 'jenkins, test it'. |
1 similar comment
|
Jenkins standing by to test this. If you aren't a maintainer, you can ignore this comment. Someone with commit access, please review this and clear it for Jenkins to run; then say 'jenkins, test it'. |
|
Is this still an issue? I forgot this was assigned to me. The system I knew was affected by this (RHEL/CentOS 5) is EOL at this time. Newer redhat systems work with the existing scripts we have, and further, Logstash on RHEL 6 will target Upstart (not sysv init), and on RHEL 7 will target systemd (not sysv init). |
|
Going to close; we can reopen if this is still an issue on a non-EOL platform. As an alternative, someone could maintain an init script that worked on these EOL'd platforms and post it here for others to use. |
7 participants
Change logic from using "chroot --userspec" (which doesn't work
with RHEL5) to using "sudo". Side effects:
will use (LS_GROUP variable removed).
creation to the non-privileged part, so on upgrades, if one
doesn't explicitely chown existing logfiles, it will break.
Regarding #3: We could probably chown the logfiles to $LS_USER from
within the init script...