[Users] broken precreated templates

Ilya A. Otyutskiy sharp at thesharp.ru
Sat Jan 7 13:06:39 EST 2012


I have a bunch of EL6 (Scientific Linux, to be precise) containers up
and running from a bunch of EL6 HNs. Today I discovered that my log
files on those containers was never rotated. Literally: _never_. I've
started to dig why the bloody hell. I thought of everything. First of
all I thought about broken logrotate, but the verbose runs from
command line showed me that it works just fine. After that I thought
that there is something dirty with cron. It appears that Red Hat made
a switch from vixie-cron to cronie on their EL6 release. I checked the
/var/log/cron log and the contents of the /etc/cron.d directory and
learned that cronie only runs hourly jobs the regular way. No daily
stuff there. That surprised me as shit. I started to dig further. From
that hourly job (/etc/cron.d/0hourly) it runs the contents
/etc/cron.hourly using run-parts as it should. And there is only one
script inside cron.hourly -- 0anacron. Anacron does the job now. It
has its advantages, but it's not the topic. There is two packages
bundled inside EL6: cronie-anacron and cronie-noanacron. First one
does stuff regularly as we all are keen to and the second one is the
default which has this asynchronous behavior. Well, let's stick to the
defaults. After learning all that stuff I took a look at one of my HN
and I saw there that anacron was doing just fine there. It was running
daily as it should, there were traces of anacron in /var/log/cron log.
On the container, /var/log/cron was clean of anacron traces. It means
that it never worked there. That's some bloody mess, eh?

So, if the HN is fine and problem only appears inside the containers
it was obvious that there is something broken inside the template. I
use custom Scientific Linux templates based off the default one from
the website. It appears that on normal SL6 install the
/etc/cron.hourly/0anacron is 755, while inside my template it was 644.
That's the problem. All hourly runs were dry runs, hence no daily
runs, no logrotates, et cetera.

I've downloaded the original scientific-6-x86_64 template from the
website and checked it. It has that problem. Out of curiosity I've
checked the centos-6-x86_64 template -- it has that problem too.

So while I'm writing a quick puppet hack to change the permission bits
on my affected hosts, why don't you fix your templates, eh? It's a
disaster, really.

-- 
SY, Ilya A. Otyutskiy aka Sharp


More information about the Users mailing list