Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 476720 - www-servers/nginx with app-admin/logrotate-3.8.5 - {pre,post}rotate script do not run all the time
Summary: www-servers/nginx with app-admin/logrotate-3.8.5 - {pre,post}rotate script do...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Chema Alonso Josa (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-07-13 14:25 UTC by Thomas Deutschmann
Modified: 2013-08-27 10:59 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
strace output (logrote_435b.log,84.67 KB, text/plain)
2013-07-22 17:15 UTC, Thomas Deutschmann
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev Security 2013-07-13 14:25:00 UTC
Hi,

I noticed that my nginx logs will be rotated as expected, but after rotating, nginx stops logging. If I send USR1 to nginx, nginx will resume logging.

Seems like the logrotate script doesn't send USR1 to nginx, but it is configured to do that:

    # cat /etc/logrotate.d/nginx
    /var/log/webs/*/*.log
    /var/log/nginx/*_log
    {
            daily
            missingok
            rotate 42
            compress
            create 0660 root root
            sharedscripts
            postrotate
                    test -r /run/nginx.pid && kill -USR1 `cat /run/nginx.pid`
            endscript
    }

Then I thought this could have something to do with #474572, so I applied the patch from upstream (BTW: would be nice to have euser_patch support in app-admin/logrotate). But this doesn't change anything (and I also don't get a segfault and I don't have missing files/folder afaik).

I noticed, that I don't see the postrotate action in logrotate's output:

    # logrotate --debug --verbose --force /etc/logrotate.conf 
    reading config file /etc/logrotate.conf
    including /etc/logrotate.d
    reading config file elog-save-summary
    reading config file mcelog
    reading config file nginx
    reading config file openrc
    reading config file rsyncd
    reading config file rsyslog
    reading config file shorewall
    reading config file shorewall6
    
    Handling 11 logs
    
    rotating pattern: /var/log/portage/elog/summary.log  forced from command line (4 rotations)
    empty log files are not rotated, old logs are removed
    switching euid to 250 and egid to 250
    considering log /var/log/portage/elog/summary.log
      log /var/log/portage/elog/summary.log does not exist -- skipping
    switching euid to 0 and egid to 0
    
    rotating pattern: /var/log/mcelog  forced from command line (99 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/mcelog
      log does not need rotating
    
    rotating pattern: /var/log/webs/*/*.log
    /var/log/nginx/*_log
     forced from command line (42 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/webs/00default/access.log
      log does not need rotating
    considering log /var/log/webs/00default/error.log
      log does not need rotating
    considering log /var/log/webs/crl.example.org/access.log
      log does not need rotating
    considering log /var/log/webs/crl.example.org/error.log
      log does not need rotating
    considering log /var/log/webs/ocsp.example.org/access.log
      log needs rotating
    considering log /var/log/webs/ocsp.example.org/error.log
      log does not need rotating
    considering log /var/log/webs/pki.example.org/access.log
      log needs rotating
    considering log /var/log/webs/pki.example.org/error.log
      log does not need rotating
    considering log /var/log/webs/www.example.org/access.log
      log does not need rotating
    considering log /var/log/webs/www.example.org/error.log
      log does not need rotating
    considering log /var/log/nginx/error_log
      log does not need rotating
    rotating log /var/log/webs/ocsp.example.org/access.log, log->rotateCount is 42
    dateext suffix '-20130713'
    glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
    destination /var/log/webs/ocsp.example.org/access.log-20130713.gz already exists, skipping rotation
    rotating log /var/log/webs/pki.example.org/access.log, log->rotateCount is 42
    dateext suffix '-20130713'
    glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
    
    rotating pattern: /var/log/rc.log  forced from command line (4 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/rc.log
      log does not need rotating
    
    rotating pattern: /var/log/rsync.log  forced from command line (7 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/rsync.log
      log /var/log/rsync.log does not exist -- skipping
    
    rotating pattern: /var/log/syslog
     forced from command line (7 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/syslog
      log needs rotating
    rotating log /var/log/syslog, log->rotateCount is 7
    dateext suffix '-20130713'
    glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
    compressing log with: /bin/gzip
    renaming /var/log/syslog to /var/log/syslog-20130713
    creating new /var/log/syslog mode = 0640 uid = 0 gid = 4
    running postrotate script
    running script with arg /var/log/syslog: "
    		kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null || true
    "
    
    rotating pattern: /var/log/mail.info
    /var/log/mail.warn
    /var/log/mail.err
    /var/log/mail.log
    /var/log/daemon.log
    /var/log/kern.log
    /var/log/auth.log
    /var/log/user.log
    /var/log/lpr.log
    /var/log/cron.log
    /var/log/debug
    /var/log/messages
     forced from command line (4 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/mail.info
      log /var/log/mail.info does not exist -- skipping
    considering log /var/log/mail.warn
      log /var/log/mail.warn does not exist -- skipping
    considering log /var/log/mail.err
      log /var/log/mail.err does not exist -- skipping
    considering log /var/log/mail.log
      log /var/log/mail.log does not exist -- skipping
    considering log /var/log/daemon.log
      log needs rotating
    considering log /var/log/kern.log
      log needs rotating
    considering log /var/log/auth.log
      log needs rotating
    considering log /var/log/user.log
      log needs rotating
    considering log /var/log/lpr.log
      log /var/log/lpr.log does not exist -- skipping
    considering log /var/log/cron.log
      log needs rotating
    considering log /var/log/debug
      log needs rotating
    considering log /var/log/messages
      log needs rotating
    rotating log /var/log/daemon.log, log->rotateCount is 4
    dateext suffix '-20130713'
    glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
    compressing log with: /bin/gzip
    rotating log /var/log/kern.log, log->rotateCount is 4
    dateext suffix '-20130713'
    glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
    compressing log with: /bin/gzip
    rotating log /var/log/auth.log, log->rotateCount is 4
    dateext suffix '-20130713'
    glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
    compressing log with: /bin/gzip
    rotating log /var/log/user.log, log->rotateCount is 4
    dateext suffix '-20130713'
    glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
    compressing log with: /bin/gzip
    rotating log /var/log/cron.log, log->rotateCount is 4
    dateext suffix '-20130713'
    glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
    compressing log with: /bin/gzip
    rotating log /var/log/debug, log->rotateCount is 4
    dateext suffix '-20130713'
    glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
    compressing log with: /bin/gzip
    rotating log /var/log/messages, log->rotateCount is 4
    dateext suffix '-20130713'
    glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
    compressing log with: /bin/gzip
    renaming /var/log/daemon.log to /var/log/daemon.log-20130713
    creating new /var/log/daemon.log mode = 0640 uid = 0 gid = 4
    renaming /var/log/kern.log to /var/log/kern.log-20130713
    creating new /var/log/kern.log mode = 0640 uid = 0 gid = 4
    renaming /var/log/auth.log to /var/log/auth.log-20130713
    creating new /var/log/auth.log mode = 0640 uid = 0 gid = 4
    renaming /var/log/user.log to /var/log/user.log-20130713
    creating new /var/log/user.log mode = 0640 uid = 0 gid = 4
    renaming /var/log/cron.log to /var/log/cron.log-20130713
    creating new /var/log/cron.log mode = 0640 uid = 0 gid = 4
    renaming /var/log/debug to /var/log/debug-20130713
    creating new /var/log/debug mode = 0640 uid = 0 gid = 4
    renaming /var/log/messages to /var/log/messages-20130713
    creating new /var/log/messages mode = 0640 uid = 0 gid = 4
    
    rotating pattern: /var/log/shorewall-init.log  forced from command line (4 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/shorewall-init.log
      log does not need rotating
    
    rotating pattern: /var/log/shorewall6-init.log  forced from command line (4 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/shorewall6-init.log
      log does not need rotating
    
    rotating pattern: /var/log/wtmp  forced from command line (1 rotations)
    empty log files are not rotated, only log files >= 1048576 bytes are rotated, old logs are removed
    considering log /var/log/wtmp
      log needs rotating
    rotating log /var/log/wtmp, log->rotateCount is 1
    dateext suffix '-20130713'
    glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
    renaming /var/log/wtmp to /var/log/wtmp-20130713
    creating new /var/log/wtmp mode = 0664 uid = 0 gid = 406
    compressing log with: /bin/gzip
    removing old log /var/log/wtmp-20130701.gz
    
    rotating pattern: /var/log/btmp  forced from command line (1 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/btmp
      log /var/log/btmp does not exist -- skipping

I hope you noticed 2 things:

1) You would expected something like

    running postrotate script
    running script (multiple) with arg /var/log/webs/*/*.log
    /var/log/nginx/*.log : "
    		test -r /run/nginx.pid && kill -USR1 `cat /run/nginx.pid`
    "

2) Notice how the postrotation action for /var/log/syslog will be called:

    running postrotate script
    running script with arg /var/log/syslog: "
    		kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null || true
    "

but after /var/log/syslog, the following logfiles from (r)syslog will rotate:

/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages

After one of these files is rotated, shouldn't the postrotate action, which is configured run again?

    # cat /etc/logrotate.d/rsyslog 
    /var/log/syslog
    {
    	rotate 7
    	daily
    	missingok
    	notifempty
    	delaycompress
    	compress
    	postrotate
    		kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null || true
    	endscript
    }
    
    /var/log/mail.info
    /var/log/mail.warn
    /var/log/mail.err
    /var/log/mail.log
    /var/log/daemon.log
    /var/log/kern.log
    /var/log/auth.log
    /var/log/user.log
    /var/log/lpr.log
    /var/log/cron.log
    /var/log/debug
    /var/log/messages
    {
    	rotate 4
    	weekly
    	missingok
    	notifempty
    	compress
    	delaycompress
    	sharedscripts
    	postrotate
    		kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null || true
    	endscript
    }

If you remove "sharedscripts", everything is working (well, the postrotate action will be called after every file...).

I am running the same configuration on Debian (Debian has logrotate-3.8.1) and I don't see this error here.
I tried to restore logrotate-3.8.1 from Gentoo's CVS but this doesn't solve the error for me. At least, postrotate for the other (r)syslog script will be executed, but the postrotate action for nginx still won't be executed. Again, the same config on Debian is working.

Reproducible: Always
Comment 1 Thomas Deutschmann gentoo-dev Security 2013-07-13 14:25:18 UTC
# emerge --info app-admin/logrotate
Portage 2.1.12.13 (default/linux/amd64/13.0, gcc-4.7.3, glibc-2.17, 3.9.8 x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-3.9.8-x86_64-Intel-R-_Xeon-R-_CPU_E5405_@_2.00GHz-with-gentoo-2.2
KiB Mem:    16435880 total,   1867892 free
KiB Swap:    4194300 total,   4194300 free
Timestamp of tree: Thu, 11 Jul 2013 14:15:01 +0000
ld GNU ld (GNU Binutils) 2.23.1
distcc 3.1 x86_64-pc-linux-gnu [disabled]
app-shells/bash:          4.2_p45
dev-lang/python:          2.7.5, 3.2.5-r1, 3.3.2-r1
dev-util/pkgconfig:       0.28
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.11.8
sys-apps/sandbox:         2.6-r1
sys-devel/autoconf:       2.69
sys-devel/automake:       1.10.3, 1.13.4, 1.14
sys-devel/binutils:       2.23.1
sys-devel/gcc:            4.7.3
sys-devel/gcc-config:     1.8
sys-devel/libtool:        2.4.2
sys-devel/make:           3.82-r4
sys-kernel/linux-headers: 3.9 (virtual/os-headers)
sys-libs/glibc:           2.17
Repositories:

gentoo
    location: /usr/portage
    sync: rsync://rsync.de.gentoo.org/gentoo-portage/
    priority: -1000

ABI="amd64"
ABI_X86="64"
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA"
ACCEPT_PROPERTIES="*"
ACCEPT_RESTRICT="*"
ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci"
APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias"
ARCH="amd64"
AUTOCLEAN="yes"
BOOTSTRAP_USE="cxx unicode python_targets_python3_2 python_targets_python2_7 multilib"
CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author"
CAMERAS="ptp2"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=core2 -mno-movbe -mno-aes -mno-pclmul -mno-popcnt -mno-abm -mno-lwp -mno-fma -mno-fma4 -mno-xop -mno-bmi -mno-bmi2 -mno-tbm -mno-avx -mno-avx2 -mno-sse4.2 -msse4.1 -mno-lzcnt -mno-rdrnd -mno-f16c -mno-fsgsbase --param l1-cache-size=32 --param l1-cache-line-size=64 --param l2-cache-size=6144 -mtune=generic"
CFLAGS_amd64="-m64"
CFLAGS_x32="-mx32"
CFLAGS_x86="-m32"
CHOST="x86_64-pc-linux-gnu"
CHOST_amd64="x86_64-pc-linux-gnu"
CHOST_x32="x86_64-pc-linux-gnux32"
CHOST_x86="i686-pc-linux-gnu"
CLEAN_DELAY="5"
COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog cpu cpufreq disk dns ethstat network nginx ntpd ping uptime rrdcached filecount"
COLLISION_IGNORE="/lib/modules/* *.py[co] *$py.class"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe -march=core2 -mno-movbe -mno-aes -mno-pclmul -mno-popcnt -mno-abm -mno-lwp -mno-fma -mno-fma4 -mno-xop -mno-bmi -mno-bmi2 -mno-tbm -mno-avx -mno-avx2 -mno-sse4.2 -msse4.1 -mno-lzcnt -mno-rdrnd -mno-f16c -mno-fsgsbase --param l1-cache-size=32 --param l1-cache-line-size=64 --param l2-cache-size=6144 -mtune=generic"
DCCC_PATH="/usr/lib64/distcc/bin"
DEFAULT_ABI="amd64"
DISTCC_LOG=""
DISTCC_VERBOSE=""
DISTDIR="/usr/portage/distfiles"
EDITOR="/bin/nano"
ELIBC="glibc"
EMERGE_DEFAULT_OPTS="--quiet-build=n --verbose"
EMERGE_WARNING_DELAY="10"
EPREFIX=""
EROOT="/"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
FETCHCOMMAND="wget -t 3 -T 60 --passive-ftp -O "${DISTDIR}/${FILE}" "${URI}""
FETCHCOMMAND_RSYNC="rsync -avP "${URI}" "${DISTDIR}/${FILE}""
FETCHCOMMAND_SFTP="bash -c "x=\${2#sftp://} ; host=\${x%%/*} ; port=\${host##*:} ; host=\${host%:*} ; [[ \${host} = \${port} ]] && port=22 ; eval \"declare -a ssh_opts=(\${3})\" ; exec sftp -P \${port} \"\${ssh_opts[@]}\" \"\${host}:/\${x#*/}\" \"\$1\"" sftp "${DISTDIR}/${FILE}" "${URI}" "${PORTAGE_SSH_OPTS}""
FETCHCOMMAND_SSH="bash -c "x=\${2#ssh://} ; host=\${x%%/*} ; port=\${host##*:} ; host=\${host%:*} ; [[ \${host} = \${port} ]] && port=22 ; exec rsync --rsh=\"ssh -p\${port} \${3}\" -avP \"\${host}:/\${x#*/}\" \"\$1\"" rsync "${DISTDIR}/${FILE}" "${URI}" "${PORTAGE_SSH_OPTS}""
FFLAGS="-O2 -pipe"
GCC_SPECS=""
GENTOO_MIRRORS="http://ftp.uni-erlangen.de/pub/mirrors/gentoo/ ftp://mirror.netcologne.de/gentoo/ ftp://ftp.halifax.rwth-aachen.de/gentoo/ http://mirror.manitu.net/gentoo/ http://ftp.uni-kl.de/pub/linux/gentoo/distfiles/ http://distfiles.gentoo.org"
GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx"
GRUB_PLATFORMS=""
GUILE_LOAD_PATH="/usr/share/guile/1.8"
HISTFILESIZE="10000"
HISTSIZE="5000"
HISTTIMEFORMAT="[%F %T]: "
HOME="/root"
INFOPATH="/usr/share/info:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.7.3/info:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.23.1/info"
INPUT_DEVICES="keyboard mouse evdev"
IUSE_IMPLICIT="prefix"
KERNEL="linux"
LANG="en_US.UTF-8"
LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text"
LC_NUMERIC="de_DE.UTF-8"
LC_PAPER="de_DE.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LDFLAGS_amd64="-m elf_x86_64"
LDFLAGS_x32="-m elf32_x86_64"
LDFLAGS_x86="-m elf_i386"
LESS="-R -M --shift 5"
LESSOPEN="|lesspipe %s"
LIBDIR_amd64="lib64"
LIBDIR_amd64_fbsd="lib64"
LIBDIR_n32="lib32"
LIBDIR_n64="lib64"
LIBDIR_o32="lib"
LIBDIR_ppc="lib32"
LIBDIR_ppc64="lib64"
LIBDIR_s390="lib32"
LIBDIR_s390x="lib64"
LIBDIR_sparc32="lib32"
LIBDIR_sparc64="lib64"
LIBDIR_x32="libx32"
LIBDIR_x86="lib32"
LIBDIR_x86_fbsd="lib32"
LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer"
LINGUAS="en de"
LOGNAME="root"
LS_COLORS="rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.pdf=00;32:*.ps=00;32:*.txt=00;32:*.patch=00;32:*.diff=00;32:*.log=00;32:*.tex=00;32:*.doc=00;32:*.aac=00;36:*.au=00;36:*.flac=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.axa=00;36:*.oga=00;36:*.spx=00;36:*.xspf=00;36:"
MAIL="/var/mail/root"
MAKEOPTS="-j9"
MANPATH="/usr/local/share/man:/usr/share/man:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.7.3/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.23.1/man"
MULTILIB_ABIS="amd64 x86"
MULTILIB_STRICT_DENY="64-bit.*shared object"
MULTILIB_STRICT_DIRS="/lib32 /lib /usr/lib32 /usr/lib /usr/kde/*/lib32 /usr/kde/*/lib /usr/qt/*/lib32 /usr/qt/*/lib /usr/X11R6/lib32 /usr/X11R6/lib"
MULTILIB_STRICT_EXEMPT="(perl5|gcc|gcc-lib|binutils|eclipse-3|debug|portage|udev)"
NETBEANS="apisupport cnd groovy gsf harness ide identity j2ee java mobility nb php profiler soa visualweb webcommon websvccommon xml"
NGINX_MODULES_HTTP="access auth_basic autoindex browser charset empty_gif fastcgi gzip limit_conn limit_req map referer rewrite spdy proxy"
OFFICE_IMPLEMENTATION="libreoffice"
OLDPWD="/root"
PAGER="/usr/bin/less"
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.7.3"
PHP_TARGETS="php5-4"
PKGDIR="/usr/portage/packages"
PORTAGE_ARCHLIST="ppc sparc64-freebsd ppc-openbsd x86-openbsd ppc64 x86-winnt x86-fbsd ppc-aix alpha arm x86-freebsd s390 amd64 arm-linux x86-macos x64-openbsd ia64-hpux hppa x86-netbsd ppc64-linux x86-cygwin amd64-linux ia64-linux x86 sparc-solaris x64-freebsd sparc64-solaris x86-linux x64-macos sparc m68k-mint ia64 mips ppc-macos x86-interix hppa-hpux amd64-fbsd x64-solaris m68k sh x86-solaris sparc-fbsd"
PORTAGE_BIN_PATH="/usr/lib64/portage/bin"
PORTAGE_COMPRESS_EXCLUDE_SUFFIXES="css gif htm[l]? jp[e]?g js pdf png"
PORTAGE_CONFIGROOT="/"
PORTAGE_DEBUG="0"
PORTAGE_DEPCACHEDIR="/var/cache/edb/dep"
PORTAGE_ELOG_CLASSES="warn error info log qa"
PORTAGE_ELOG_MAILFROM="portage@localhost"
PORTAGE_ELOG_MAILSUBJECT="[portage] ebuild log for ${PACKAGE} on ${HOST}"
PORTAGE_ELOG_MAILURI="root"
PORTAGE_ELOG_SYSTEM="save"
PORTAGE_FETCH_CHECKSUM_TRY_MIRRORS="5"
PORTAGE_FETCH_RESUME_MIN_SIZE="350K"
PORTAGE_GID="250"
PORTAGE_GPG_SIGNING_COMMAND="gpg --sign --digest-algo SHA256 --clearsign --yes --default-key "${PORTAGE_GPG_KEY}" --homedir "${PORTAGE_GPG_DIR}" "${FILE}""
PORTAGE_INST_GID="0"
PORTAGE_INST_UID="0"
PORTAGE_INTERNAL_CALLER="1"
PORTAGE_OVERRIDE_EPREFIX=""
PORTAGE_PYM_PATH="/usr/lib64/portage/pym"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_RSYNC_RETRIES="-1"
PORTAGE_SYNC_STALE="30"
PORTAGE_TMPDIR="/var/tmp"
PORTAGE_VERBOSE="1"
PORTAGE_WORKDIR_MODE="0700"
PORTAGE_XATTR_EXCLUDE="security.*"
PORTDIR="/usr/portage"
PORT_LOGDIR_CLEAN="find "${PORT_LOGDIR}" -type f ! -name "summary.log*" -mtime +7 -delete"
PROFILE_ONLY_VARIABLES="ARCH ELIBC IUSE_IMPLICIT KERNEL USERLAND USE_EXPAND_IMPLICIT USE_EXPAND_UNPREFIXED USE_EXPAND_VALUES_ARCH USE_EXPAND_VALUES_ELIBC USE_EXPAND_VALUES_KERNEL USE_EXPAND_VALUES_USERLAND"
PWD="/usr/portage/app-admin/logrotate"
PYTHONDONTWRITEBYTECODE="1"
PYTHON_SINGLE_TARGET="python2_7"
PYTHON_TARGETS="python2_7 python3_2"
RESUMECOMMAND="wget -c -t 3 -T 60 --passive-ftp -O "${DISTDIR}/${FILE}" "${URI}""
RESUMECOMMAND_RSYNC="rsync -avP "${URI}" "${DISTDIR}/${FILE}""
RESUMECOMMAND_SSH="bash -c "x=\${2#ssh://} ; host=\${x%%/*} ; port=\${host##*:} ; host=\${host%:*} ; [[ \${host} = \${port} ]] && port=22 ; exec rsync --rsh=\"ssh -p\${port} \${3}\" -avP \"\${host}:/\${x#*/}\" \"\$1\"" rsync "${DISTDIR}/${FILE}" "${URI}" "${PORTAGE_SSH_OPTS}""
ROOT="/"
ROOTPATH="/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.7.3"
RPMDIR="/usr/portage/rpm"
RUBYOPT="-rauto_gem"
RUBY_TARGETS="ruby19 ruby20"
SHELL="/bin/bash"
SHLVL="1"
SSH_AUTH_SOCK="/tmp/ssh-Vttb3NRVUW/agent.1545"
SSH_CLIENT="85.116.194.187 3830 22"
SSH_CONNECTION="85.116.194.187 3830 85.236.48.100 22"
SSH_TTY="/dev/pts/2"
SYMLINK_LIB="yes"
SYNC="rsync://rsync.de.gentoo.org/gentoo-portage/"
TERM="linux"
UNINSTALL_IGNORE="/lib/modules/*"
USE="acl amd64 berkdb bzip2 cli cracklib crypt cxx dri fortran gdbm gpm iconv idn ipv6 mmx modules mudflap multilib ncurses nls nptl openmp pam pcre readline session sse sse2 sse3 ssl tcpd unicode zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog cpu cpufreq disk dns ethstat network nginx ntpd ping uptime rrdcached filecount" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en de" NGINX_MODULES_HTTP="access auth_basic autoindex browser charset empty_gif fastcgi gzip limit_conn limit_req map referer rewrite spdy proxy" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-4" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" RUBY_TARGETS="ruby19 ruby20" USERLAND="GNU" VIDEO_CARDS="matrox" XTABLES_ADDONS="geoip"
USER="root"
USERLAND="GNU"
USE_EXPAND="ABI_X86 ALSA_CARDS APACHE2_MODULES APACHE2_MPMS CALLIGRA_FEATURES CAMERAS COLLECTD_PLUGINS CROSSCOMPILE_OPTS CURL_SSL DRACUT_MODULES DVB_CARDS ELIBC ENLIGHTENMENT_MODULES FCDSL_CARDS FFTOOLS FOO2ZJS_DEVICES FRITZCAPI_CARDS GPSD_PROTOCOLS GRUB_PLATFORMS INPUT_DEVICES KERNEL LCD_DEVICES LIBREOFFICE_EXTENSIONS LINGUAS LIRC_DEVICES MISDN_CARDS MONKEYD_PLUGINS NETBEANS_MODULES NGINX_MODULES_HTTP NGINX_MODULES_MAIL OFED_DRIVERS OFFICE_IMPLEMENTATION OPENMPI_FABRICS OPENMPI_OFED_FEATURES OPENMPI_RM PHP_TARGETS PYTHON_SINGLE_TARGET PYTHON_TARGETS QEMU_SOFTMMU_TARGETS QEMU_USER_TARGETS RUBY_TARGETS SANE_BACKENDS USERLAND VIDEO_CARDS VOICEMAIL_STORAGE XFCE_PLUGINS XTABLES_ADDONS"
USE_EXPAND_HIDDEN="CROSSCOMPILE_OPTS ELIBC KERNEL USERLAND"
USE_EXPAND_IMPLICIT="ARCH ELIBC KERNEL USERLAND"
USE_EXPAND_UNPREFIXED="ARCH"
USE_EXPAND_VALUES_ARCH="alpha amd64 amd64-fbsd amd64-linux arm arm-linux hppa hppa-hpux ia64 ia64-hpux ia64-linux m68k m68k-mint mips ppc ppc64 ppc64-linux ppc-aix ppc-macos ppc-openbsd s390 sh sparc sparc64-freebsd sparc64-solaris sparc-fbsd sparc-solaris x64-freebsd x64-macos x64-openbsd x64-solaris x86 x86-cygwin x86-fbsd x86-freebsd x86-interix x86-linux x86-macos x86-netbsd x86-openbsd x86-solaris x86-winnt"
USE_EXPAND_VALUES_ELIBC="AIX Cygwin Darwin FreeBSD glibc HPUX Interix mintlib musl NetBSD OpenBSD SunOS uclibc Winnt"
USE_EXPAND_VALUES_KERNEL="AIX Cygwin Darwin FreeBSD freemint HPUX Interix linux NetBSD OpenBSD SunOS Winnt"
USE_EXPAND_VALUES_USERLAND="BSD GNU"
USE_ORDER="env:pkg:conf:defaults:pkginternal:repo:env.d"
VIDEO_CARDS="matrox"
XTABLES_ADDONS="geoip"
_="/usr/bin/emerge"

=================================================================
                        Package Settings
=================================================================

app-admin/logrotate-3.8.5 was built with the following:
USE="acl (-selinux)"
Comment 2 Thomas Deutschmann gentoo-dev Security 2013-07-13 14:32:41 UTC
From a Debian system with logrotate-3.8.1-4:

# logrotate --debug --verbose --force /etc/logrotate.conf
reading config file /etc/logrotate.conf
including /etc/logrotate.d
reading config file apt
reading config file aptitude
reading config file dpkg
reading config file iptraf
reading config file munin-node
reading config file nginx
reading config file percona-server-server-5.5
reading config file php5-fpm
reading config file rsyslog

Handling 13 logs

[...]

rotating pattern: /var/log/webs/*/*.log
/var/log/nginx/*.log  forced from command line (52 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/webs/00default/access.log
  log needs rotating
considering log /var/log/webs/00default/error.log
  log does not need rotating
considering log /var/log/webs/example-debian.org/access.log
  log needs rotating
considering log /var/log/webs/example-debian.org/error.log
  log needs rotating
considering log /var/log/nginx/error.log
  log does not need rotating
considering log /var/log/nginx/other_vhosts_access.log
  log does not need rotating
rotating log /var/log/webs/00default/access.log, log->rotateCount is 52
dateext suffix '-20130713'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
compressing log with: /bin/gzip
[ ... renaming stripped ...]
running prerotate script
running script (multiple) with arg /var/log/webs/*/*.log
/var/log/nginx/*.log : "
		if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
			run-parts /etc/logrotate.d/httpd-prerotate; \
		fi \
"
renaming /var/log/webs/00default/access.log to /var/log/webs/00default/access.log.1
creating new /var/log/webs/00default/access.log mode = 0660 uid = 33 gid = 4
renaming /var/log/webs/example-debian.org/access.log to /var/log/webs/example-debian.org/access.log.1
creating new /var/log/webs/example-debian.org/access.log mode = 0660 uid = 33 gid = 4
renaming /var/log/webs/example-debian.org/error.log to /var/log/webs/example-debian.org/error.log.1
creating new /var/log/webs/example-debian.org/error.log mode = 0660 uid = 33 gid = 4
renaming /var/log/webs/example-debian.org/suhosin.log to /var/log/webs/example-debian.org/suhosin.log.1
creating new /var/log/webs/example-debian.org/suhosin.log mode = 0660 uid = 33 gid = 4
running postrotate script
running script (multiple) with arg /var/log/webs/*/*.log
/var/log/nginx/*.log : "
		[ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`
"
removing old log /var/log/webs/00default/access.log.53.gz
error: error opening /var/log/webs/00default/access.log.53.gz: No such file or directory

[...]

rotating pattern: /var/log/mail.log
/var/log/cron.log
/var/log/messages.log
/var/log/secure.log
/var/log/firewall.log
 forced from command line (5 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/mail.log
  log needs rotating
considering log /var/log/cron.log
  log needs rotating
considering log /var/log/messages.log
  log needs rotating
considering log /var/log/secure.log
  log needs rotating
considering log /var/log/firewall.log
  log does not need rotating
rotating log /var/log/mail.log, log->rotateCount is 5
dateext suffix '-20130713'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
compressing log with: /bin/gzip
[ ... renaming stripped ...]
rotating log /var/log/cron.log, log->rotateCount is 5
dateext suffix '-20130713'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
compressing log with: /bin/gzip
[ ... renaming stripped ...]
rotating log /var/log/messages.log, log->rotateCount is 5
dateext suffix '-20130713'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
compressing log with: /bin/gzip
[ ... renaming stripped ...]
rotating log /var/log/secure.log, log->rotateCount is 5
dateext suffix '-20130713'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
compressing log with: /bin/gzip
[ ... renaming stripped ...]
renaming /var/log/mail.log to /var/log/mail.log.1
creating new /var/log/mail.log mode = 0640 uid = 0 gid = 4
renaming /var/log/cron.log to /var/log/cron.log.1
creating new /var/log/cron.log mode = 0640 uid = 0 gid = 4
renaming /var/log/messages.log to /var/log/messages.log.1
creating new /var/log/messages.log mode = 0640 uid = 0 gid = 4
renaming /var/log/secure.log to /var/log/secure.log.1
creating new /var/log/secure.log mode = 0640 uid = 0 gid = 4
running postrotate script
running script (multiple) with arg /var/log/mail.log
/var/log/cron.log
/var/log/messages.log
/var/log/secure.log
/var/log/firewall.log
: "
		invoke-rc.d rsyslog rotate > /dev/null
"
removing old log /var/log/mail.log.6.gz
error: error opening /var/log/mail.log.6.gz: No such file or directory
Comment 3 Chema Alonso Josa (RETIRED) gentoo-dev 2013-07-18 09:51:02 UTC
Thanks for reporting.

Can you check if [1] fixes the problem?

[1] https://fedorahosted.org/logrotate/changeset/433
Comment 4 Thomas Deutschmann gentoo-dev Security 2013-07-18 10:47:39 UTC
Hi,

to apply r433 I also need to apply r432. Just for the records.

logrotate-3.8.5 with the applied changes from r433 will fix the problem with (r)syslog (=when kern.log, auth.log, user.log ... rotate, postrotate action will now be called), but the postrotation action for the nginx log will still not be called.
Comment 5 Thomas Deutschmann gentoo-dev Security 2013-07-18 10:55:06 UTC
Maybe this will help you:

# tree /var/log/webs/
/var/log/webs/
├── 00default
│   ├── access.log
│   ├── access.log-20130616.gz
│   ├── access.log-20130617.gz
│   ├── error.log
│   └── error.log-20130616.gz
├── crl.example.org
│   ├── access.log
│   ├── access.log-20130616.gz
│   ├── access.log-20130617.gz
│   ├── access.log-20130618.gz
│   ├── access.log-20130619.gz
│   ├── access.log-20130620.gz
│   ├── access.log-20130621.gz
│   ├── access.log-20130627.gz
│   ├── access.log-20130629.gz
│   ├── access.log-20130704.gz
│   ├── access.log-20130706.gz
│   ├── access.log-20130711.gz
│   ├── access.log-20130717.gz
│   ├── access.log-20130718.gz
│   ├── error.log
│   ├── error.log-20130616.gz
│   └── error.log-20130617.gz
├── ocsp.example.org
│   ├── access.log
│   ├── access.log-20130616.gz
│   ├── access.log-20130617.gz
│   ├── access.log-20130618.gz
│   ├── access.log-20130619.gz
│   ├── access.log-20130620.gz
│   ├── access.log-20130621.gz
│   ├── access.log-20130622.gz
│   ├── access.log-20130626.gz
│   ├── access.log-20130628.gz
│   ├── access.log-20130629.gz
│   ├── access.log-20130702.gz
│   ├── access.log-20130706.gz
│   ├── access.log-20130710.gz
│   ├── access.log-20130712.gz
│   ├── access.log-20130713.gz
│   ├── access.log-20130714.gz
│   ├── access.log-20130715.gz
│   ├── access.log-20130716.gz
│   ├── access.log-20130717.gz
│   ├── access.log-20130718.gz
│   ├── error.log
│   ├── error.log-20130616.gz
│   ├── error.log-20130617.gz
│   ├── error.log-20130621.gz
│   ├── error.log-20130622.gz
│   ├── error.log-20130628.gz
│   ├── error.log-20130629.gz
│   ├── error.log-20130702.gz
│   ├── error.log-20130715.gz
│   ├── error.log-20130716.gz
│   ├── error.log-20130717.gz
│   └── error.log-20130718.gz
├── pki.example.org
│   ├── access.log
│   ├── access.log-20130616.gz
│   ├── access.log-20130617.gz
│   ├── access.log-20130618.gz
│   ├── access.log-20130620.gz
│   ├── access.log-20130621.gz
│   ├── access.log-20130709.gz
│   ├── access.log-20130714.gz
│   ├── access.log-20130716.gz
│   ├── error.log
│   ├── error.log-20130616.gz
│   └── error.log-20130617.gz
└── srv1.example.org
    ├── access.log
    ├── access.log-20130616.gz
    ├── access.log-20130626.gz
    ├── access.log-20130627.gz
    ├── access.log-20130628.gz
    ├── access.log-20130706.gz
    ├── access.log-20130710.gz
    ├── access.log-20130712.gz
    ├── access.log-20130713.gz
    ├── access.log-20130714.gz
    ├── error.log
    ├── error.log-20130616.gz
    ├── error.log-20130626.gz
    ├── error.log-20130627.gz
    ├── error.log-20130628.gz
    └── error.log-20130710.gz

5 directories, 83 files
# tree /var/log/nginx/
/var/log/nginx/
├── error_log
├── error_log-20130617.gz
├── error_log-20130621.gz
├── error_log-20130626.gz
├── error_log-20130627.gz
├── error_log-20130704.gz
└── other_vhosts_access.log



# logrotate --debug --verbose --force /etc/logrotate.conf 
reading config file /etc/logrotate.conf
including /etc/logrotate.d
reading config file elog-save-summary
reading config file mcelog
reading config file nginx
reading config file openrc
reading config file rsyncd
reading config file rsyslog
reading config file shorewall
reading config file shorewall6

[...]

Handling 11 logs
rotating pattern: /var/log/webs/*/*.log
/var/log/nginx/*_log
 forced from command line (42 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/webs/00default/access.log
  log does not need rotating
considering log /var/log/webs/00default/error.log
  log does not need rotating
considering log /var/log/webs/crl.example.org/access.log
  log needs rotating
considering log /var/log/webs/crl.example.org/error.log
  log does not need rotating
considering log /var/log/webs/ocsp.example.org/access.log
  log needs rotating
considering log /var/log/webs/ocsp.example.org/error.log
  log does not need rotating
considering log /var/log/webs/pki.example.org/access.log
  log needs rotating
considering log /var/log/webs/pki.example.org/error.log
  log does not need rotating
considering log /var/log/webs/srv1.example.org/access.log
  log does not need rotating
considering log /var/log/webs/srv1.example.org/error.log
  log does not need rotating
considering log /var/log/nginx/error_log
  log does not need rotating
rotating log /var/log/webs/crl.example.org/access.log, log->rotateCount is 42
dateext suffix '-20130718'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
destination /var/log/webs/crl.example.org/access.log-20130718.gz already exists, skipping rotation
rotating log /var/log/webs/ocsp.example.org/access.log, log->rotateCount is 42
dateext suffix '-20130718'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
destination /var/log/webs/ocsp.example.org/access.log-20130718.gz already exists, skipping rotation
rotating log /var/log/webs/pki.example.org/access.log, log->rotateCount is 42
dateext suffix '-20130718'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'

[...]
Comment 6 Chema Alonso Josa (RETIRED) gentoo-dev 2013-07-22 16:39:08 UTC
Thanks.

I tested last archive [1] in a (I think) similar but simpler scenario as yours. The postrotate script gets executed.

<snip>
[...]
rotating pattern: /var/log/webs/*/*.log
/var/log/nginx/*_log
 forced from command line (42 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/webs/00default/access.log
  log does not need rotating
considering log /var/log/webs/00default/error.log
  log does not need rotating
considering log /var/log/webs/one.example.org/access.log
  log needs rotating
considering log /var/log/webs/one.example.org/error.log
  log does not need rotating
considering log /var/log/webs/two.example.org/access.log
  log needs rotating
considering log /var/log/webs/two.example.org/error.log
  log does not need rotating
considering log /var/log/nginx/error_log
  log does not need rotating
rotating log /var/log/webs/one.example.org/access.log, log->rotateCount is 42
dateext suffix '-20130722'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed
rotating log /var/log/webs/two.example.org/access.log, log->rotateCount is 42
dateext suffix '-20130722'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed
renaming /var/log/webs/one.example.org/access.log to /var/log/webs/one.example.org/access.log-20130722
creating new /var/log/webs/one.example.org/access.log mode = 0660 uid = 0 gid = 0
renaming /var/log/webs/two.example.org/access.log to /var/log/webs/two.example.org/access.log-20130722
creating new /var/log/webs/two.example.org/access.log mode = 0660 uid = 0 gid = 0
running postrotate script
running script with arg /var/log/webs/*/*.log
/var/log/nginx/*_log
: "
		test -r /run/nginx.pid && kill -USR1 `cat /run/nginx.pid`
"
compressing log with: /bin/gzip
compressing log with: /bin/gzip
[...]
</snip>

Please, confirm the scenario is similar to yours and test if last version works in your box.

[1] https://fedorahosted.org/logrotate/changeset/435/trunk?old_path=%2F&format=zip
Comment 7 Thomas Deutschmann gentoo-dev Security 2013-07-22 17:15:01 UTC
Created attachment 353896 [details]
strace output

Hi,

no, r435 did not change anything on my box(es).

I attached a strace log. Not sure if this will help you.

Could it be ACL-related?

# getfacl /var/log/webs/
getfacl: Removing leading '/' from absolute path names
# file: var/log/webs/
# owner: root
# group: root
user::rwx
group::r-x
other::--x


# getfacl /var/log/webs/pki.example.com/
getfacl: Removing leading '/' from absolute path names
# file: var/log/webs/pki.example.com/
# owner: root
# group: root
user::rwx
user:nginx:rwx
group::rwx
mask::rwx
other::---
default:user::rwx
default:user:nginx:rwx
default:group::rwx
default:mask::rwx
default:other::---

All subfolders in /var/log/webs have similar ACLs.
Comment 8 Thomas Deutschmann gentoo-dev Security 2013-07-22 17:32:53 UTC
Hi,

OK it is NOT an ACL problem.

I rolled out a new web server with our configuration and installed logrotate r435. It is working.

Now I switched back to a box, where logrotate r435 is failing.
I moved all the old logs out of the way:

Before I moved the files:

# tree /var/log/webs/
/var/log/webs/
├── 00default
│   ├── access.log
│   ├── access.log-20130616.gz
│   ├── access.log-20130617.gz
│   ├── error.log
│   └── error.log-20130616.gz
├── crl.example.com
│   ├── access.log
│   ├── access.log-20130616.gz
│   ├── access.log-20130617.gz
│   ├── access.log-20130618.gz
│   ├── access.log-20130619.gz
│   ├── access.log-20130620.gz
│   ├── access.log-20130621.gz
│   ├── access.log-20130627.gz
│   ├── access.log-20130629.gz
│   ├── access.log-20130704.gz
│   ├── access.log-20130706.gz
│   ├── access.log-20130711.gz
│   ├── access.log-20130717.gz
│   ├── access.log-20130718.gz
│   ├── access.log-20130719.gz
│   ├── access.log-20130720.gz
│   ├── error.log
│   ├── error.log-20130616.gz
│   └── error.log-20130617.gz
├── ocsp.example.com
│   ├── access.log
│   ├── access.log-20130616.gz
│   ├── access.log-20130617.gz
│   ├── access.log-20130618.gz
│   ├── access.log-20130619.gz
│   ├── access.log-20130620.gz
│   ├── access.log-20130621.gz
│   ├── access.log-20130622.gz
│   ├── access.log-20130626.gz
│   ├── access.log-20130628.gz
│   ├── access.log-20130629.gz
│   ├── access.log-20130702.gz
│   ├── access.log-20130706.gz
│   ├── access.log-20130710.gz
│   ├── access.log-20130712.gz
│   ├── access.log-20130713.gz
│   ├── access.log-20130714.gz
│   ├── access.log-20130715.gz
│   ├── access.log-20130716.gz
│   ├── access.log-20130717.gz
│   ├── access.log-20130718.gz
│   ├── access.log-20130719.gz
│   ├── access.log-20130720.gz
│   ├── access.log-20130721.gz
│   ├── access.log-20130722.gz
│   ├── error.log
│   ├── error.log-20130616.gz
│   ├── error.log-20130617.gz
│   ├── error.log-20130621.gz
│   ├── error.log-20130622.gz
│   ├── error.log-20130628.gz
│   ├── error.log-20130629.gz
│   ├── error.log-20130702.gz
│   ├── error.log-20130715.gz
│   ├── error.log-20130716.gz
│   ├── error.log-20130717.gz
│   └── error.log-20130718.gz
├── pki.example.com
│   ├── access.log
│   ├── access.log-20130616.gz
│   ├── access.log-20130617.gz
│   ├── access.log-20130618.gz
│   ├── access.log-20130620.gz
│   ├── access.log-20130621.gz
│   ├── access.log-20130709.gz
│   ├── access.log-20130714.gz
│   ├── access.log-20130716.gz
│   ├── access.log-20130719.gz
│   ├── error.log
│   ├── error.log-20130616.gz
│   └── error.log-20130617.gz
└── srv1.example.com
    ├── access.log
    ├── access.log-20130616.gz
    ├── access.log-20130626.gz
    ├── access.log-20130627.gz
    ├── access.log-20130628.gz
    ├── access.log-20130706.gz
    ├── access.log-20130710.gz
    ├── access.log-20130712.gz
    ├── access.log-20130713.gz
    ├── access.log-20130714.gz
    ├── access.log-20130719.gz
    ├── access.log-20130720.gz
    ├── error.log
    ├── error.log-20130616.gz
    ├── error.log-20130626.gz
    ├── error.log-20130627.gz
    ├── error.log-20130628.gz
    └── error.log-20130710.gz

5 directories, 92 files

Now it looks like:

# tree /var/log/webs/
/var/log/webs/
├── 00default
│   ├── access.log
│   └── error.log
├── crl.example.com
│   ├── access.log
│   └── error.log
├── ocsp.example.com
│   ├── access.log
│   └── error.log
├── pki.example.com
│   ├── access.log
│   └── error.log
└── srv1.example.com
    ├── access.log
    └── error.log


and without the previous rotated and compressed logfiles it is also working on that box. So there is a problem when there are rotated logs?!

Now I moved back some logfiles. And it is working with:

# tree /var/log/webs/
/var/log/webs/
├── 00default
│   ├── access.log
│   ├── access.log-20130616.gz
│   ├── access.log-20130617.gz
│   ├── error.log
│   └── error.log-20130616.gz
├── crl.example.com
│   ├── access.log
│   ├── access.log-20130616.gz
│   ├── access.log-20130617.gz
│   ├── access.log-20130618.gz
│   ├── access.log-20130619.gz
│   ├── access.log-20130620.gz
│   ├── access.log-20130621.gz
│   ├── access.log-20130627.gz
│   ├── access.log-20130629.gz
│   ├── access.log-20130704.gz
│   ├── access.log-20130706.gz
│   ├── access.log-20130711.gz
│   ├── access.log-20130717.gz
│   ├── access.log-20130718.gz
│   ├── access.log-20130719.gz
│   ├── access.log-20130720.gz
│   ├── error.log
│   ├── error.log-20130616.gz
│   └── error.log-20130617.gz
├── ocsp.example.com
│   ├── access.log
│   └── error.log
├── pki.example.com
│   ├── access.log
│   ├── access.log-20130616.gz
│   ├── access.log-20130617.gz
│   ├── access.log-20130618.gz
│   ├── access.log-20130620.gz
│   ├── access.log-20130621.gz
│   ├── access.log-20130709.gz
│   ├── access.log-20130714.gz
│   ├── access.log-20130716.gz
│   ├── access.log-20130719.gz
│   ├── error.log
│   ├── error.log-20130616.gz
│   └── error.log-20130617.gz
└── srv1.example.com
    ├── access.log
    ├── access.log-20130616.gz
    ├── access.log-20130626.gz
    ├── access.log-20130627.gz
    ├── access.log-20130628.gz
    ├── access.log-20130706.gz
    ├── access.log-20130710.gz
    ├── access.log-20130712.gz
    ├── access.log-20130713.gz
    ├── access.log-20130714.gz
    ├── access.log-20130719.gz
    ├── access.log-20130720.gz
    ├── error.log
    ├── error.log-20130616.gz
    ├── error.log-20130626.gz
    ├── error.log-20130627.gz
    ├── error.log-20130628.gz
    └── error.log-20130710.gz

5 directories, 57 files


When I move back the logs from the ocsp web, logrotate will fail again.
I think this should help you.
Comment 9 Thomas Deutschmann gentoo-dev Security 2013-07-22 19:50:23 UTC
OK, the problem seems to be

/var/log/webs/
└── ocsp.example.com
    └── access.log-20130722.gz

If I remove just this file, logrotate will rotate all my nginx logs as expected and run the pre/postrotation actions.

Note, today is 2013-07-22.


Now, watch carefully:

rotating pattern: /var/log/webs/*/*.log
/var/log/nginx/*_log
 forced from command line (42 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/webs/00default/access.log
  log does not need rotating
considering log /var/log/webs/00default/error.log
  log does not need rotating
considering log /var/log/webs/crl.example.com/access.log
  log needs rotating
considering log /var/log/webs/crl.example.com/error.log
  log does not need rotating
considering log /var/log/webs/ocsp.example.com/access.log
  log needs rotating
considering log /var/log/webs/ocsp.example.com/error.log
  log does not need rotating
considering log /var/log/webs/pki.example.com/access.log
  log needs rotating
considering log /var/log/webs/pki.example.com/error.log
  log does not need rotating
considering log /var/log/webs/srv1.example.com/access.log
  log does not need rotating
considering log /var/log/webs/srv1.example.com/error.log
  log does not need rotating
considering log /var/log/nginx/error_log
  log needs rotating
rotating log /var/log/webs/crl.example.com/access.log, log->rotateCount is 42
dateext suffix '-20130722'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
rotating log /var/log/webs/ocsp.example.com/access.log, log->rotateCount is 42
dateext suffix '-20130722'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
destination /var/log/webs/ocsp.example.com/access.log-20130722.gz already exists, skipping rotation
rotating log /var/log/webs/pki.example.com/access.log, log->rotateCount is 42
dateext suffix '-20130722'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
rotating log /var/log/nginx/error_log, log->rotateCount is 42
dateext suffix '-20130722'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'

4 files need rotation:

- /var/log/webs/crl.example.com/access.log
- /var/log/webs/ocsp.example.com/access.log
- /var/log/webs/pki.example.com/access.log
- /var/log/nginx/error_log

Logrotate will begin with "/var/log/webs/crl.example.com/access.log". No problem. Logfile is beeng rotated.

Next is "/var/log/webs/ocsp.example.com/access.log". Logrotate encounters an error: destination /var/log/webs/ocsp.example.com/access.log-20130722.gz already exists 

And see what logrotate also says: skipping rotation

Now, instead of just skipping "/var/log/webs/ocsp.example.com/access.log", logrotate seems to skip remaining logfile (/var/log/webs/pki.example.com/access.log and /var/log/nginx/error_log will not be handled) and also pre/postrotating (due to this error).
Comment 10 Chema Alonso Josa (RETIRED) gentoo-dev 2013-07-27 14:59:24 UTC
(In reply to Thomas D. from comment #9)
> Now, instead of just skipping "/var/log/webs/ocsp.example.com/access.log",
> logrotate seems to skip remaining logfile
> (/var/log/webs/pki.example.com/access.log and /var/log/nginx/error_log will
> not be handled) and also pre/postrotating (due to this error).

Sorry, I've been pretty busy until today. Thanks for the info.

I get the same results here but I think the code is behaving correctly according to the condition about pre/post scripts in changeset 435 [1]

This condition states: do the pre/post if requested and there are not errors when using sharedscripts option (our case). Since there is an error (the compressed logs already exists for access.log-20130722.gz) the post script is not executed.

AFAIK upstream is going to release a new version shortly, so feel free to open a bug upstream if this behaviour does not satisfy you.

[1] https://fedorahosted.org/logrotate/changeset/435
Comment 11 Johan Bergström 2013-08-08 03:12:14 UTC
3.8.6 was released the other day but isn't in tree yet. Lets try it out when it lands.
Comment 12 Chema Alonso Josa (RETIRED) gentoo-dev 2013-08-13 14:03:27 UTC
logrotate-3.8.6 in the tree now.
Comment 13 Thomas Deutschmann gentoo-dev Security 2013-08-20 14:37:25 UTC
Hi,

with 3.8.6 (and the manually fixed error from c9), I don't see this error anymore. So from my view, I would call it fixed. Thanks Chema.

Regarding c9 I am not sure if I will ask upstream. If logrotate will encounter an error it sounds right for me to stop. I'll check if logrotate will report this failure (e.g. via exit code?). If yes, everything seems fine for me. But anyway, this has nothing to do with this bug report.

Again, thanks!
Comment 14 Chema Alonso Josa (RETIRED) gentoo-dev 2013-08-27 10:59:43 UTC
> Again, thanks!

YW. Closing bug

Cheers!