Skip to content

Commit

Permalink
rpm: do not delete system account (#598)
Browse files Browse the repository at this point in the history
In the previous versions (5.0.0, 5.0.1), when fluent-package was
removed, system account (user and group are intended to be removed)

But there is a case that it fails to remove fluentd group because of
compatible GID is assigned for td-agent and fluentd when
fluent-package was introduced with upgrading from td-agent v4.

  Removing fluentd user...
userdel: group fluentd is the primary group of another user and is not
removed.
  Removing fluentd group...
  groupdel: cannot remove the primary group of user 'td-agent'
  Removing td-agent user...
  userdel: td-agent mail spool (/var/spool/mail/td-agent) not found
  userdel: td-agent home directory (/var/lib/td-agent) not found

This is a bug of fluent-package apparently.

This kind of inconsistency causes maintainer script error when
reinstalling td-agent or fluent-package again.

And moreover, if system account (user and group) was removed
completely, there is a case that no user can access generated logs
when user re-installed td-agent or fluent-package. (mismatch of
UID/GID which is newly created)

This case also should be considered.
(Keep system account after removing package)

---------

Signed-off-by: Kentaro Hayashi <[email protected]>
Co-authored-by: Daijiro Fukuda <[email protected]>
  • Loading branch information
kenhys and daipom authored Nov 17, 2023
1 parent 38abca6 commit 8604678
Show file tree
Hide file tree
Showing 6 changed files with 30 additions and 22 deletions.
20 changes: 0 additions & 20 deletions fluent-package/yum/fluent-package.spec.in
Original file line number Diff line number Diff line change
Expand Up @@ -284,26 +284,6 @@ if [ $1 -eq 0 ]; then
fi
fi

if [ $1 -eq 0 ]; then
# Removing
if getent passwd @SERVICE_NAME@ >/dev/null; then
echo "Removing @SERVICE_NAME@ user..."
/usr/sbin/userdel --remove @SERVICE_NAME@
fi
if getent group @SERVICE_NAME@ >/dev/null; then
echo "Removing @SERVICE_NAME@ group..."
/usr/sbin/groupdel @SERVICE_NAME@
fi
if getent passwd @COMPAT_SERVICE_NAME@ >/dev/null; then
echo "Removing @COMPAT_SERVICE_NAME@ user..."
/usr/sbin/userdel --remove @COMPAT_SERVICE_NAME@
fi
if getent group @COMPAT_SERVICE_NAME@ >/dev/null; then
echo "Removing @COMPAT_SERVICE_NAME@ group..."
/usr/sbin/groupdel @COMPAT_SERVICE_NAME@
fi
fi

%posttrans
if [ -f %{v4migration} ]; then
if [ ! -f /usr/sbin/@COMPAT_SERVICE_NAME@ ]; then
Expand Down
4 changes: 2 additions & 2 deletions fluent-package/yum/install-test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -83,8 +83,8 @@ for conf_path in /etc/td-agent/td-agent.conf /etc/fluent/fluentd.conf; do
fi
done

(! getent passwd fluentd >/dev/null)
(! getent group fluentd >/dev/null)
getent passwd fluentd >/dev/null
getent group fluentd >/dev/null

if [ $ENABLE_UPGRADE_TEST -eq 1 ]; then
echo "UPGRADE TEST from v4"
Expand Down
12 changes: 12 additions & 0 deletions fluent-package/yum/systemd-test/install-newly.sh
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,18 @@ test -e /var/log/fluent/fluentd.log
sudo $DNF remove -y fluent-package
sudo systemctl daemon-reload

case $1 in
local)
getent passwd fluentd >/dev/null
getent group fluentd >/dev/null
;;
*)
# TODO: Remove this branch after the following fix is applied to the latest release.
# https://github.com/fluent/fluent-package-builder/pull/598
(! getent passwd fluentd >/dev/null)
(! getent group fluentd >/dev/null)
;;
esac
# `sudo systemctl daemon-reload` clears the service completely.
# (The result of `systemctl status` will be `unfound`)
# Note: RPM does not leave links like `@/etc/systemd/system/fluentd.service`.
Expand Down
5 changes: 5 additions & 0 deletions fluent-package/yum/systemd-test/update-from-v4.sh
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,11 @@ test -e /var/log/fluent/fluentd.log
sudo $DNF remove -y fluent-package
sudo systemctl daemon-reload

getent passwd td-agent >/dev/null
getent group td-agent >/dev/null
getent passwd fluentd >/dev/null
getent group fluentd >/dev/null

# `sudo systemctl daemon-reload` clears the service completely.
# (The result of `systemctl status` will be `unfound`)
# Note: RPM does not leave links like `@/etc/systemd/system/fluentd.service`.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -97,3 +97,9 @@ test -e /var/log/fluent/fluentd.log
sudo $DNF remove -y fluent-package
(! systemctl status --no-pager td-agent)
(! systemctl status --no-pager fluentd)

getent passwd td-agent >/dev/null
getent group td-agent >/dev/null
getent passwd fluentd >/dev/null
getent group fluentd >/dev/null

5 changes: 5 additions & 0 deletions fluent-package/yum/systemd-test/update-to-next-version.sh
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,11 @@ test -e /var/log/fluent/fluentd.log
sudo $DNF remove -y fluent-package
sudo systemctl daemon-reload

(! getent passwd td-agent >/dev/null)
(! getent group td-agent >/dev/null)
getent passwd fluentd >/dev/null
getent group fluentd >/dev/null

# `sudo systemctl daemon-reload` clears the service completely.
# (The result of `systemctl status` will be `unfound`)
# Note: RPM does not leave links like `@/etc/systemd/system/fluentd.service`.
Expand Down

0 comments on commit 8604678

Please sign in to comment.