A couple comments below.
On Mon, May 3, 2021 at 2:24 PM Francesco Poli <invernom...@paranoici.org> wrote:
>
> On Sun, 2 May 2021 14:11:59 -0700 Ross Boylan wrote:
>
> [...]
> > On Sun, May 2, 2021 at 11:08 AM Francesco Poli
> > <invernom...@paranoici.org> wrote:
> [...]
> > > I wonder why logcheck does not send hourly mail messages about
> > > anacron...
> > >
> >
> > For logcheck to send a message there must be something in the logs it
> > checks and it must either match a pattern logcheck thinks is
> > noteworthy or (from memory) fail to match a pattern for things that
> > are OK. I haven't reviewed exactly why the messages are being noted,
> > albeit at logcheck's lowest severity level. I configured logcheck to
> > use workstation mode.
>
> In my humble opinion, this is the point that needs to be better
> scrutinized.
> Anacron systemd timer fires hourly, but logcheck does not consider it
> as something worth a mail message.
> On the other hand, it annoys users with messages about apt-listbugs
> systemd timer triggers, which are equally "normal".
>
> I would be grateful, if you could find out why.
> I am asking you, since you seem to be more knowledgeable about logcheck
> than me.
This strikes me as secondary to avoiding having hourly runs for a
daily job, but I've tracked down what's going on.
There are specific patterns to ignore the relevant messages. For
example, for anacron
==================/etc/logcheck/logcheck.ignore.d/server/anacron
========================
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ anacron\[[0-9]+\]: Anacron
[.[:alnum:]]+ started on [0-9-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ anacron\[[0-9]+\]: Jobs will be
executed sequentially$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ anacron\[[0-9]+\]: Normal exit
\([0-9]+ jobs* run\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ anacron\[[0-9]+\]: Will run job
`[._[:alnum:]-]+' in [0-9]+ min\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ anacron\[[0-9]+\]: Job
`[._[:alnum:]-]+' started$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ anacron\[[0-9]+\]: Job
`[._[:alnum:]-]+' terminated$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ anacron\[[0-9]+\]: Job
`[._[:alnum:]-]+' terminated (\(exit status: [[:digit:]]+\)
)?\(mailing output\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ anacron\[[0-9]+\]: Updated
timestamp for job `[._[:alnum:]-]+' to [0-9-]+$
=============================================================================
The file ships as part of the logcheck-database package, although
individual packages can also install such files directly,
i.e., it could have shipped as part of anacron.
But
================== ...ignore.d.server/systemd =================================
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]:
(Starting|Stopping) [ +[:alnum:]/]+\.(\.\.)?$
============================================================
looks as if it should match the Starting..., but the expression [
+[:alnum:]/]+ does not match "-" in "apt-listbugs". Changing it to
[- +[:alnum:]/]+ does get it to match. I think "-" needs to be first
to avoid having it interpreted as indicating a range. There is also a
rule for Finished, but it enumerates specific text to look for and
apt-listbugs isn't on it (I'm having trouble pasting from the testing
VM--the rule has changed since buster; the snips above are from
buster).
>
> [...]
> > Let's see how apt-daily-upgrade works:
> [...]
> > ExecStartPre=-/usr/lib/apt/apt-helper wait-online
> [...]
> >
> > 3. network targets in [Unit] to (try to?) assure connectivity. BTW,
> > for some insight into why the network target doesn't work as expected,
> > see https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/.
> > I still find it annoying, but I appreciate the point that it is not
> > straightforward to say exactly what the network being "up" means.
>
> This is one of the trickiest parts.
> There seems to be no reliable method to check whether a box is "online".
>
> Please note that apt-daily-upgrade uses "/usr/lib/apt/apt-helper
> wait-online", which is shipped by package 'apt', see its [source].
>
> [source]:
> <https://salsa.debian.org/apt-team/apt/-/blob/main/cmdline/apt-helper.cc>
>
> I could not find any man page for that helper command.
>
> It seems to me that that helper fails to detect whether an Ethernet
> interface (managed with ifup/ifdown) is configured.
>
> # ifdown enp0s25
>
> Internet is not reachable... but, nonetheless the command immediately
> exits reporting a zero exit status:
>
> $ /usr/lib/apt/apt-helper wait-online
> $ echo $?
> 0
>
> After bringing the interface back up:
>
> # ifup enp0s25
>
> Internet is again reachable... but... no difference:
>
> $ /usr/lib/apt/apt-helper wait-online
> $ echo $?
> 0
>
> If it cannot see that a network interface of the box it is running on
> is down... what about issues farther away from the local host?
>
> I don't think this approach could work for apt-listbugs...
Granted that detecting if the network is "really" up has no perfect
solution, it seems to me there's no strong reason for apt-listbugs to
be more paranoid about it than other packages, where by paranoid I
mean checking every hour because it's possible there was a network
problem.
>
> [...]
> > > The timer would only trigger once every (slightly less than one) day:
> > > if your system is not online during that only attempt, you are out of
> > > luck for another day or so...
> >
> > I think OnActiveSec triggers an initial run 5minutes after system startup.
> > Have I misunderstood the semantics?
>
> That's correct, I think.
> But then, after the boot, you only have one attempt a day, more or less.
>
> So, unless you reboot at least once a day (and be online shortly
> after!), you may fail several attempts in a row, just because you are
> not online at the "right" time...
There is a 5 minute delay, and network targets to try to assure connectivity.
>
> [...]
> > > I am open to suggestions on how to change the Description field for the
> > > timer.
> > > I see that the Description for the anacron timer is "Trigger anacron
> > > every hour": maybe I should think about a Description that uses the
> > > word "hourly", rather than "daily".
> >
> > If sticking with the current setup but changing the message, it currently is
> > Starting Daily apt-listbugs preferences cleanup...
> > (or Finishing ....).
> > Maybe
> > Starting check for daily apt-listbugs preferences cleanup...
> > and/or different messages depending on what happened:
> > Skipping daily apt-listbugs preferences cleanup. Too soon.
> > or
> > Finished run of daily apt-listbugs preferences cleanup.
>
> I don't think I can customize the message generated by systemd: it's
> apparently "Starting <Description>..." and "Finished <Description>.".
> I can only change the Description field, as far as I can tell.
>
> But your suggestion is not too bad.
> Maybe something like:
>
> Description=Hourly check for daily apt-listbugs preferences cleanup
>
That sounds pretty good to me.
> A bit clumsy, perhaps.
> I have to think about it.
>
> >
> > BTW, I don't know what the job is doing,
>
> Please take a look at the apt-listbugs(1) man page:
>
> [...]
> | Each package pin is automatically removed by a daily cron job (or by an
> | equivalent systemd timer), as soon as the corresponding bug is fixed in
> | (or no longer affects) the package version available for installation
> | or upgrade. When the pin is removed, the installation or upgrade of the
> | package becomes possible again.
> [...]
>
Thank you for the pointer. I had no idea it was so ambitious!
> > but should it also do it after
> > someone dpkg-reconfigure's apt-listbugs?
>
> Does "dpkg-reconfigure apt-listbugs" do anything?
> Maybe I am just tired right now, but I think it does nothing...
I got apt-listbugs and apt-listchanges mixed up; the latter can be
meaningfully changed with dpk-reconfigure. I think you're right:
dpkg-reconfigure is a no-op for apt-listbugs. debconf-show doesn't
indicate that apt-listbugs has any settings, though some of the things
in /etc/apt/apt.conf.d/10apt-listbugs look as if they'd be natural for
that approach.
Ross
