postrotate command in logrotate configuration fails
Summary
The postrotate command in the logrotate configuration fails since it specifies an incorrect node name and the ejabberd user is not inserted in /usr/bin/ejabberdctl. It looks like removing the --node ejabberd
flag from the logrotate configuration and setting INSTALLUSER="jabber"
in /usr/bin/ejabberdctl resolves the issue.
Description:
The postrotate command (ejabberdctl --node ejabberd reopen-log
) specified in the logrotate configuration included in the package consistently fails with the following error message (in the logrotate.service journal) whenever it is run:
WARNING: It is not recommended to run ejabberd as root
Kernel pid terminated (application_controller) ("{application_start_failure,kernel,{{shutdown,{failed_to_start_child,net_sup,{shutdown,{failed_to_start_child,auth,{{badmatch,error},[{filename,basedir_join_home,1,[{file,\"filename.erl\"},{line,1028}]},{filename,getenv,3,[{file,\"filename.erl\"},{line,1016}]},{filename,basedir,3,[{file,\"filename.erl\"},{line,890}]},{auth,read_cookie,0,[{file,\"auth.erl\"},{line,385}]},{auth,init_no_setcookie,0,[{file,\"auth.erl\"},{line,309}]},{auth,init,1,[{file,\"auth.erl\"},{line,165}]},{gen_server,init_it,2,[{file,\"gen_server.erl\"},{line,980}]},{gen_server,init_it,6,[{file,\"gen_server.erl\"},{line,935}]}]}}}}},{kernel,start,[normal,[]]}}}")
Crash dump is being written to: /var/log/ejabberd/erl_crash_YYYYMMDD-XXXXXX.dump...done
error: error running shared postrotate script for '/var/log/ejabberd/ejabberd.log '
As a result, the logrotate.service systemd unit is marked as failed and systemctl is-system-running
reports the system status as “degraded”.
After looking through the ejabberd source code for a bit, I believe the root cause of this is the fact that this package modifies ejabberd.service to use the jabber user and group, but does not set the INSTALLUSER option in /usr/bin/ejabberdctl accordingly, which effectively means that ejabberdctl does not know what’s the right user for ejabberd.
It seems that, ordinarily, one would pass the --enable-user
option to the configure script and that would cause the correct user to be inserted into both files (ejabberdctl and ejabberd.service) by the build system. However, the PKGBUILD does not use this option (probably because --enable-user
requires the user to exist beforehand) and instead manually patches only ejabberd.service. This results in a mismatch between ejabberd.service and ejabberdctl that results in the above error message. Manually changing INSTALLUSER to "jabber"
in ejabberdctl allows ejabberdctl to use the correct user, fixing the above error.
That said, it is not yet sufficient for the log rotation to complete successfully, as a second, unrelated error occurs. In the logrotate.service log, this only produces a generic error: error running shared postrotate script for '/var/log/ejabberd/ejabberd.log '
message. However, when running the postrotate command manually, one can see the actual error message, which is Failed RPC connection to the node ejabberd@<hostname>: nodedown
, where <hostname>
is the unqualified hostname of the machine running the command.
This is because of the --node ejabberd
flag in the postrotate command - since the node name does not include a hostname portion, the current hostname is automatically appended. The systemd unit, on the other hand, does not explicitly specify a node name, which causes it to use the default value ejabberd@localhost
instead of ejabberd@<hostname>
. It is this mismatch in the hostname portion of the node name which causes the postrotate command to fail.
As far as I can tell, the --node ejabberd
flag is a relic from the days when Arch still used sysvinit and this package included an init script that also explicitly specified the node name when starting the daemon. However, since the systemd unit no longer includes such a flag, it seems that --node ejabberd
can simply be removed from the logrotate configuration now, which finally allows it to run without errors.
Additional info:
- package versions: ejabberd 23.10-1, erlang-nox 26.2.3-1, logrotate 3.21.0-2
Steps to reproduce:
- Install ejabberd and logrotate packages
- Start the ejabberd.service systemd unit
- Ensure the logrotate.timer systemd unit is started
- Wait for logrotate to rotate the ejabberd log
- Run
systemctl status logrotate.service
and observe that the status is “failed (Result: exit-code)” and the log excerpt shows the error message mentioned in the description above.