After emerging icinga, the service cannot be started. Reason: The problem is that the icinga process runs with userid "icinga" and wants to create a file /var/icinga/icinga.lock which does not exist yet. But /var/icinga is owned by root, so the process cannot create the lockfile. Proposed solution: Looking into the nagios ebuild, I propose adding a postinst section to the icinga ebuild: pkg_postinst() { einfo "Fixing permissions" chown icinga:icinga "${ROOT}"var/icinga } Another solution (which I would prefer) is doing the permission fix in the init script - this is more runtime-secure
Confirmed, also going to set the lock dir to /var/lock and the tmp file to be stored in /tmp by default.
Created attachment 293347 [details] icinga 1.5.1-r2 if we use plugins, add icinga to the nagios group (to access nrpe) changed the location of icinga.lock from /var/icinga/icinga.lock to /var/run/icinga/icinga.lock changed the location of icinga.tmp from /var/icinga/icinga.tmp to /tmp/icinga/icinga.tmp updated the initscript (attached next) made sure that /var/run/icinga was installed and that both /var/run/icinga and /var/icinga are icinga:icinga
Created attachment 293355 [details] new init.d for new file locations Removed the /var/icinga/icinga.log and /var/icinga/status.sav files and their chowns. Made sure that /tmp/icinga /var/run/icinga /var/log/icinga /var/icinga and /var/log/icinga/icinga.log existed and were correct perms. changed the runas to exec
Created attachment 293359 [details] icinga-1.5.1-r2.ebuild
fix in tree
New ebuild is a little nicer than before, but won't fix the problem. Once the 1.5.1 version ebuild was installed, the owner settings of /var/icinga remain unchanged. All actions in the ebuild's src_install are done in temp dir, and only files+dirs which do not exist in ${ROOT} are copied there. So wrong permissions of existing dirs won't be fixed forever (at least this way). Therefore I proposed to add a postinst section or add some code in /etc/init.d. To fix it forever. BTW: the path /var/icinga is not correct according to the FHS. http://www.pathname.com/fhs/pub/fhs-2.3.pdf The correct path would be /var/lib/icinga. I propose to change the path as quick as possible, before too many people start using this ebuild. The fact that some other ebuilds (like nagios) use /var/<package> as their data directory does not entitle to replicate the mistake.
(In reply to comment #6) > New ebuild is a little nicer than before, but won't fix the problem. Once the > 1.5.1 version ebuild was installed, the owner settings of /var/icinga remain > unchanged. All actions in the ebuild's src_install are done in temp dir, and > only files+dirs which do not exist in ${ROOT} are copied there. So wrong > permissions of existing dirs won't be fixed forever (at least this way). > > Therefore I proposed to add a postinst section or add some code in /etc/init.d. > To fix it forever. > > > BTW: the path /var/icinga is not correct according to the FHS. > http://www.pathname.com/fhs/pub/fhs-2.3.pdf > The correct path would be /var/lib/icinga. I propose to change the path as > quick as possible, before too many people start using this ebuild. The fact > that some other ebuilds (like nagios) use /var/<package> as their data > directory does not entitle to replicate the mistake. The fix is in the initscript, which wasn't chaned in the ebuild... r3 will have /var/lib and the correct initscript.
Created attachment 293425 [details] icinga-1.5.1-r3.ebuild fixes initscript and changes to /var/lib please test
*** Bug 391415 has been marked as a duplicate of this bug. ***