From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] logwatch: mdadm status missing - Fix for Bug 12080
Date: Sat, 09 Oct 2021 13:30:02 +0100 [thread overview]
Message-ID: <F773AC2A-5272-4197-A430-CDC762BA74A7@ipfire.org> (raw)
In-Reply-To: <20211006134835.3476503-1-adolf.belka@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 6408 bytes --]
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Thank you!
> On 6 Oct 2021, at 14:48, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>
> - Addition of mdadm module to logwatch
> - Addition of logwatch to sudoers list to run mdadm commands
> - patch to change logwatch mdadm.conf to allow scan for raid drives, change mdadm script
> to run mdadm scan commands with sudo, allow clean but degraded drives to be listed
> in the output.
>
> Fixes: 12080
> Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
> config/logwatch/sudoers/logwatch-mdadm | 2 +
> config/rootfiles/common/logwatch | 6 ++-
> lfs/logwatch | 8 +++-
> .../logwatch-7.5.5-enable-mdadm-sudo.patch | 46 +++++++++++++++++++
> 4 files changed, 59 insertions(+), 3 deletions(-)
> create mode 100644 config/logwatch/sudoers/logwatch-mdadm
> create mode 100644 src/patches/logwatch/logwatch-7.5.5-enable-mdadm-sudo.patch
>
> diff --git a/config/logwatch/sudoers/logwatch-mdadm b/config/logwatch/sudoers/logwatch-mdadm
> new file mode 100644
> index 000000000..cdc524def
> --- /dev/null
> +++ b/config/logwatch/sudoers/logwatch-mdadm
> @@ -0,0 +1,2 @@
> +# The following commands need to be executed by logwatch in case there's an MD Raid
> +logwatch ALL=(root) NOPASSWD: /sbin/mdadm --misc --detail /dev/md*, /sbin/mdadm --detail --scan
> diff --git a/config/rootfiles/common/logwatch b/config/rootfiles/common/logwatch
> index c47fb4199..1e4a0a81b 100644
> --- a/config/rootfiles/common/logwatch
> +++ b/config/rootfiles/common/logwatch
> @@ -3,6 +3,8 @@ etc/logwatch/conf
> #etc/logwatch/logwatch.cron
> etc/logwatch/scripts
> etc/logwatch/scripts/services
> +#etc/sudoers.d
> +etc/sudoers.d/logwatch-mdadm
> usr/sbin/logwatch
> #usr/share/logwatch
> #usr/share/logwatch/HOWTO-Customize-LogWatch
> @@ -117,7 +119,7 @@ usr/share/logwatch/default.conf/services/kernel.conf
> #usr/share/logwatch/default.conf/services/knockd.conf
> #usr/share/logwatch/default.conf/services/lvm.conf
> #usr/share/logwatch/default.conf/services/mailscanner.conf
> -#usr/share/logwatch/default.conf/services/mdadm.conf
> +usr/share/logwatch/default.conf/services/mdadm.conf
> #usr/share/logwatch/default.conf/services/mod_security2.conf
> usr/share/logwatch/default.conf/services/modprobe.conf
> #usr/share/logwatch/default.conf/services/mountd.conf
> @@ -262,7 +264,7 @@ usr/share/logwatch/scripts/services/kernel
> #usr/share/logwatch/scripts/services/knockd
> #usr/share/logwatch/scripts/services/lvm
> #usr/share/logwatch/scripts/services/mailscanner
> -#usr/share/logwatch/scripts/services/mdadm
> +usr/share/logwatch/scripts/services/mdadm
> #usr/share/logwatch/scripts/services/mod_security2
> usr/share/logwatch/scripts/services/modprobe
> #usr/share/logwatch/scripts/services/mountd
> diff --git a/lfs/logwatch b/lfs/logwatch
> index 8baaef2ce..628dafe6f 100644
> --- a/lfs/logwatch
> +++ b/lfs/logwatch
> @@ -74,6 +74,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>
> cd $(DIR_APP)/lib && patch < $(DIR_SRC)/src/patches/logwatch/logwatch-7.3.6-date_manip6.patch
> cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.5.4-disable_iptables.patch
> + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/logwatch/logwatch-7.5.5-enable-mdadm-sudo.patch
>
> @cd $(DIR_APP) && chmod 755 install_logwatch.sh
> cd $(DIR_APP) && yes "" | ./install_logwatch.sh
> @@ -103,6 +104,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> chmod -v 755 /var/log/logwatch
> -rm -rf /etc/logwatch/conf
> ln -vsf /usr/share/logwatch/default.conf /etc/logwatch/conf
> -
> +
> + -mkdir -p /etc/sudoers.d
> + chmod -v 755 /etc/sudoers.d
> + install -v -m 644 $(DIR_SRC)/config/logwatch/sudoers/logwatch-mdadm \
> + /etc/sudoers.d/logwatch-mdadm
> +
> @rm -rf $(DIR_APP)
> @$(POSTBUILD)
> diff --git a/src/patches/logwatch/logwatch-7.5.5-enable-mdadm-sudo.patch b/src/patches/logwatch/logwatch-7.5.5-enable-mdadm-sudo.patch
> new file mode 100644
> index 000000000..b7034077b
> --- /dev/null
> +++ b/src/patches/logwatch/logwatch-7.5.5-enable-mdadm-sudo.patch
> @@ -0,0 +1,46 @@
> +diff -Naur logwatch-7.5.5-orig/conf/services/mdadm.conf logwatch-7.5.5/conf/services/mdadm.conf
> +--- logwatch-7.5.5-orig/conf/services/mdadm.conf 2021-01-22 21:59:40.000000000 +0100
> ++++ logwatch-7.5.5/conf/services/mdadm.conf 2021-10-04 13:52:30.850057355 +0200
> +@@ -13,7 +13,7 @@
> + # Logwatch will try to find md devices in /etc/mdadm.conf or
> + # /etc/mdadm/mdadm.conf. If none of these files exist it can scan actively
> + # for md devices. Set to 'Yes' to enable active scanning:
> +-$mdadm_enable_scan = No
> ++$mdadm_enable_scan = Yes
> +
> + # Logwatch will emit an error for md devices listed in /etc/mdadm.conf
> + # that are not present. If you do not want this (e.g. raid devices may come
> +diff -Naur logwatch-7.5.5-orig/scripts/services/mdadm logwatch-7.5.5/scripts/services/mdadm
> +--- logwatch-7.5.5-orig/scripts/services/mdadm 2021-01-22 21:59:40.000000000 +0100
> ++++ logwatch-7.5.5/scripts/services/mdadm 2021-10-06 11:41:14.800307603 +0200
> +@@ -35,7 +35,7 @@
> + } elsif ( -f "/etc/mdadm/mdadm.conf" ) {
> + open(MDADM,"< /etc/mdadm/mdadm.conf");
> + } elsif ($enable_scan) {
> +- open(MDADM,"mdadm --detail --scan 2>/dev/null|");
> ++ open(MDADM,"sudo mdadm --detail --scan 2>/dev/null|");
> + }
> + while (<MDADM>) {
> + if (/^ARRAY/) {
> +@@ -51,7 +51,7 @@
> + next;
> + }
> +
> +- open(MDADM,"mdadm --misc --detail $dev 2>&1 |");
> ++ open(MDADM,"sudo mdadm --misc --detail $dev 2>&1 |");
> + while (<MDADM>) {
> + if ($_ =~ /cannot open .*: No such file or directory/) {
> + print $_ unless $ignore_missing;
> +@@ -74,7 +74,11 @@
> +
> + if ($Detail <= 4) {
> + if (lc($mdhash{'state'}) =~ /clean|active/) {
> +- print "$dev : $mdhash{'state'}\n" if $Detail;
> ++ if (lc($mdhash{'state'}) =~ /degraded/) {
> ++ print "$dev : $mdhash{'state'}\n";
> ++ } else {
> ++ print "$dev : $mdhash{'state'}\n" if $Detail;
> ++ }
> + } else {
> + print "$dev : $mdhash{'state'}\n";
> + if (defined($mdhash{'middle devices'})) {
> --
> 2.33.0
>
prev parent reply other threads:[~2021-10-09 12:30 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-06 13:48 Adolf Belka
2021-10-09 12:30 ` Michael Tremer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=F773AC2A-5272-4197-A430-CDC762BA74A7@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox