Roots Discourse

Logrotate: error running shared postrotate script

Hello all,

I am having some logrotate permission issues it seems.

For my prod server I provisioned a few months ago, I was receiving different logrotate emails:

/etc/cron.daily/logrotate:

Usage: /etc/init.d/nginx {start|stop|status|restart|reload|force-reload|upgrade|configtest|check-reload}

error: error running shared postrotate script for '"/srv/www/**/logs/*.log"

run-parts: /etc/cron.daily/logrotate exited with return code 1

I tried a few different things but no change. Yesterday I just provisioned a new server and transferred the site. But, I noticed that a different site and server I created last week sent the same email so now I am pretty sure that the new server will also do this.

In searching, i found a page that showed this command for logrotate error checking:
/usr/sbin/logrotate --verbose /etc/logrotate.conf && echo $?
Which returned a ton of this:
rotating pattern: /var/log/alternatives.log monthly (12 rotations)
empty log files are not rotated, old logs are removed
switching euid to 0 and egid to 106
error: error switching euid to 0 and egid to 106: Operation not permitted

rotating pattern: /var/log/apport.log after 1 days (7 rotations)
empty log files are not rotated, old logs are removed
switching euid to 0 and egid to 106
error: error switching euid to 0 and egid to 106: Operation not permitted

rotating pattern: /var/log/apt/term.log monthly (12 rotations)
empty log files are not rotated, old logs are removed
switching euid to 0 and egid to 106
error: error switching euid to 0 and egid to 106: Operation not permitted

rotating pattern: /var/log/apt/history.log monthly (12 rotations)
empty log files are not rotated, old logs are removed
switching euid to 0 and egid to 106
error: error switching euid to 0 and egid to 106: Operation not permitted

I did just think to run the same command on one of my working servers and get the same exact output so maybe this has nothing to do with it.

Can anyone help me figure out why the servers I created in the last 6 weeks are so are all sending me error logrotate emails? The first site was also sending me letsencrypt emails that I need to update my ssl certs… it is not creating them automatically. Not sure yet if related or a separate issue.

Thanks!
Josh

Ok… I did some digging and realized that most of the info needed was right there in the error email. I know what the issue is but not why it is happening or how to fix.

The wordpress logrotate postscript command is:
service nginx rotate
When I run this on one of my old servers I get:
* Re-opening nginx log files nginx
This is correct.

When I run it on the last 3 servers I have created in the last 6-8 weeks, I get:
Usage: /etc/init.d/nginx {start|stop|status|restart|reload|force-reload|upgrade|configtest|check-reload}

Basically, all my newer DO 18.04 boxes do not have the nginx rotate command?

I have searched to figure this out but no terms I’m coming up with are bringing up anything except that this should work on 18.04.

Does anyone please have any ideas? It looks like I can change everything to nginx reload instead but I’d much rather figure out what is happening here and what got updated and how this isn’t affecting others.

Thanks!
Josh

I just provisioned a new test staging server… no deploys.

I ssh in and ran service nginx rotate and got back:
Usage: /etc/init.d/nginx {start|stop|status|restart|reload|force-reload|upgrade|configtest|check-reload}

I have a feeling this is going to become a bigger thing for more people.

I also received 2 logrotate emails this morning from much older servers that have been working fine for years:

run-parts: /etc/cron.daily/do-agent exited with return code 100
/etc/cron.daily/logrotate:
* Re-opening nginx log files nginx
…done.
/etc/cron.daily/ubuntu-advantage-tools:
E: Cache is out of sync, can’t x-ref a package file

run-parts: /etc/cron.daily/do-agent exited with return code 100
/etc/cron.daily/logrotate:
* Re-opening nginx log files nginx
…done.

Not sure if these return code 100 and cache out of sync errors are related but maybe?

All searches make it seem like ROTATE should be a command available to our nginx service and it looks like it used to be on my old 18.04 servers but not new ones… confirmed the news ones are all 18.04.

Anybody?

Thanks,
Josh

Ok so, still no clue what is happening here and why no one else is having this issue. It seems that newly provisioned trellis servers on DO do not have the nginx rotate command so the post command of logrotate sends an error out.

This does not seem to cause any big errors as the server does start to use the new log files at some point anyway.

BUT, to fix, I went into /trellis/group_vars/all/logrotate.yml
and changed postrotate: service nginx rotate to postrotate: service nginx reload

This stops any cron error emails from being sent out and also seems to stop the usual cron rotate emails I have been receiving for years. I guess the rotate command has output and reload does not.

I’ll mark this as solved but would still love to know why this command has disappeared and no one else is receiving these error emails.

Thanks,
Josh