puppet-rsyslog icon indicating copy to clipboard operation
puppet-rsyslog copied to clipboard

Published 20 hours ago verified publisher icon saz

Errors with default config for Centos 5.11

Open ksemaev opened this issue 8 years ago • 16 comments

Loading with default settings class { 'rsyslog::client': } gives errors on Centos 5.11 (rsyslog 3.22.1):

Dec 17 17:27:43 cnt3 rsyslogd: [origin software="rsyslogd" swVersion="3.22.1" x-pid="2578" x-info="http://www.rsyslog.com"] (re)start
Dec 17 17:27:43 cnt3 rsyslogd: [origin software="rsyslogd" swVersion="3.22.1" x-pid="2578" x-info="http://www.rsyslog.com"] (re)start
Dec 17 17:27:43 cnt3 rsyslogd-3003: invalid or yet-unknown config file command - have you forgotten to load a module? [try http://www.rsyslog.com/e/3003 ]
Dec 17 17:27:43 cnt3 rsyslogd-3003: invalid or yet-unknown config file command - have you forgotten to load a module? [try http://www.rsyslog.com/e/3003 ]
Dec 17 17:27:43 cnt3 rsyslogd: the last error occured in /etc/rsyslog.conf, line 21
Dec 17 17:27:43 cnt3 rsyslogd: the last error occured in /etc/rsyslog.conf, line 21

Which basicly reports for those settings:

$SystemLogRateLimitInterval 1
$SystemLogRateLimitBurst 100
$PrivDropToUser root
$PrivDropToGroup root

ksemaev avatar Dec 17 '16 14:12 ksemaev

Can you check, if this error still exists with the newest release?

saz avatar Jan 18 '17 14:01 saz

You mean the newest release of module? I am using the last one: 5.0.0 from Nov 18th 2016 and the problem remains.

ksemaev avatar Jan 18 '17 15:01 ksemaev

Your rsyslog version is 3.22.1?

saz avatar Jan 18 '17 15:01 saz

Yep. it's the last avaliable for centos 5.11 (https://www.rpmfind.net/linux/rpm2html/search.php?query=rsyslog&submit=Search+...&system=Centos&arch=)

ksemaev avatar Jan 18 '17 16:01 ksemaev

It looks like, as if this version is lacking support for rate limiting on imuxsock.

Can you set rsyslog::client::rate_limit_burst and rsyslog::client::rate_limit_interval to undef and check if it's working for you?

saz avatar Jan 18 '17 17:01 saz

Tried changing to undef in https://github.com/saz/puppet-rsyslog/blob/master/manifests/params.pp so now I only have them in my rsyslog.conf without values:

#
# Set rate limit for messages received.
#
$SystemLogRateLimitInterval
$SystemLogRateLimitBurst

ksemaev avatar Jan 18 '17 18:01 ksemaev

You're right. Can you show me the params you're passing in?

saz avatar Jan 18 '17 18:01 saz

Surely, I have them in hiera, so:

classes:
   - rsyslog::client

rsyslog::client::log_remote: false
rsyslog::client::log_local: true
rsyslog::client::spool_size: '10m'

ksemaev avatar Jan 18 '17 18:01 ksemaev

Can you change the following lines in templates/client/config.conf.erb from

<% if scope.lookupvar('rsyslog::client::rate_limit_burst') and scope.lookupvar('rsyslog::client::rate_limit_burst') != :undef -%>
$SystemLogRateLimitBurst <%= scope.lookupvar('rsyslog::client::rate_limit_burst') %>
<% end -%>
<% if scope.lookupvar('rsyslog::client::rate_limit_interval') and scope.lookupvar('rsyslog::client::rate_limit_interval') != :undef -%>
$SystemLogRateLimitInterval <%= scope.lookupvar('rsyslog::client::rate_limit_interval') %>
<% end -%>

to

<% if @rate_limit_burst -%>
$SystemLogRateLimitBurst <%= @rate_limit_burst %>
<% end -%>
<% if @rate_limit_interval -%>
$SystemLogRateLimitInterval <%= @rate_limit_interval %>
<% end -%>

and check the generated rsyslog config again?

saz avatar Jan 18 '17 19:01 saz

Tried, but no luck, these two parametrs stayed with no value (even removed /etc/rsyslog.conf for better luck before syncing).

#
# Set rate limit for messages received.
#
$SystemLogRateLimitInterval
$SystemLogRateLimitBurst

ksemaev avatar Jan 18 '17 19:01 ksemaev

I've found the issue. Those settings were duplicated in rsyslog and rsyslog::client. rsyslog::client::rate_limit_interval and rsyslog::client::rate_limit_burst are now removed from rsyslog::client in favor of rsyslog::system_log_rate_limit_interval and rsyslog::system_log_rate_limit_burst.

In your case, you have to change those two params to either false or undef. Please give the current master a try.

saz avatar Jan 18 '17 20:01 saz

Sorry for so much trouble, but after updating module (removing those "rate_limit_interval" lines from client.pp) and setting values ("system_log_rate_limit") in params.pp left me with this :

  1. setting rsyslog::system_log_rate_limit_interval to undef leaves this string in config:
# Set rate limit for messages received.
#
$SystemLogRateLimitInterval

or 2) setting rsyslog::system_log_rate_limit_interval to false leaves this string in config:

# Set rate limit for messages received.
#
$SystemLogRateLimitInterval false

So the string "$SystemLogRateLimitInterval" stays in config file. I tried to remove it from params.pp absolutely, but no change: it is still in config file. Is there any way to get rid of it?)))

ksemaev avatar Jan 18 '17 20:01 ksemaev

Have you tried the master? I think that there is more to it than your manual edits and I think that the master should fix it. If you insist on manual edits for now, you must make sure you implement all the changes in commit 9db3f5b.

ubellavance avatar Jan 28 '17 20:01 ubellavance

In reference to your original error... PrivDropToUser and PrivDropToGroup are not available in rsyslogd until 4.1.1. I have submitted a pull request with the fix.

sirinek avatar May 21 '17 18:05 sirinek

@ksemaev The issue with system_log_rate_limit_interval and system_log_rate_limit_burst is also included in my pull request. The variables used in the template file were not in scope in rsyslog::config where the template file is called from.

sirinek avatar May 22 '17 13:05 sirinek

With sirinek's commit worked perfectly

ksemaev avatar May 29 '17 10:05 ksemaev