-
Notifications
You must be signed in to change notification settings - Fork 100
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Log files sometimes don't get cleared by cleanup script #95
Comments
So I debugged this further by creating an image that does not run the check and creating a droplet from that image. It seems like someone is writing to
This behavior seems to be tied to adding #!/bin/bash
set -eo pipefail
configure_firewall () {
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow http
ufw allow https
ufw --force enable
}
echo "---> Configuring UFW firewall..."
configure_firewall
echo "---> Successfully configured firewall." as I never see the errors about non-cleared logs when I skip that step. Yet, it will create a warning about no firewall being configured. |
This seems to be a duplicate of #90 |
I finally had to patch
Seems less than ideal. |
We worked around it by deleting the logs as the very last step of the cleanup step. This means disk space occupied by them will not be zeroed out though. The image check passes reliably when doing that though. See: https://github.com/offen/digitalocean/blob/f3d73aa1b525c6282b073df8898ea9cfb100237c/scripts/90-cleanup#L38-L41 |
The most reliable way to handle this is probably: #90 (comment) - although this will be very hard when done from a CI environment or similar. |
If the imaging tool, eg Packer, can create and destroy the cloud firewall, then this is easy. Packer CAN do this for AWS, but not for DO.
… On 13 May 2020, at 19:24, Frederik Ring ***@***.***> wrote:
The most reliable way to handle this is probably: #90 (comment) - although this will be very hard when done from a CI environment or similar.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
refs digitalocean/marketplace-partners#90 and digitalocean/marketplace-partners#95 - this script is breaking the build because there are some leftover logs from the build process that it fails on - the logs cannot be easily removed and this issue is waiting on upstream resolution
refs digitalocean/marketplace-partners#90 and digitalocean/marketplace-partners#95 - there may be some leftover logs from the snapshot process which would cause this to fail - commenting this out until upstream have a solution
I'm trying to package an application for DO using
packer
.After creating my image I do run the (top-level) cleanup script provided in this repository and the (top-level) image check script.
Doing so I am running in intermittent failures, having the image check complain about un-cleared log files (either
/var/log/ufw.log
or/var/log/auth.log
or sometimes both of them). I would assume that 75% of the build succeed, the rest will fail for the above reason.I have a hard time understanding how these log files cannot be caught here:
marketplace-partners/scripts/cleanup.sh
Lines 11 to 12 in 28849bb
does not resolve the issue either.
Is there some race condition going on here? I also added
set -eo pipefail
to the cleanup script so I can be sure that it does not error on something unexpected here before trying to delete the log files.This is the order of scripts in my Packer config
and for the sake of completeness this is the error output:
The text was updated successfully, but these errors were encountered: