[Bug 271069] syslogd service inside client jail requires restart before server jail receives logs

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 25 Apr 2023 19:44:13 UTC

            Bug ID: 271069
           Summary: syslogd service inside client jail requires restart
                    before server jail receives logs
           Product: Base System
           Version: 13.2-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: me@svmhdvn.name

I'm not sure if this is an actual bug or an issue with my system configuration:


In a centralized logging configuration with one client jail (sending logs) and
one server jail (receiving logs and writing them to local files), syslogd
inside the *client* jail requires a restart before I can observe on the
*server* jail that the logs are successfully received. This is observed on a
fresh start of the *server* jail, followed by a fresh start of the *client*

Is there a race condition or order of operations problem somewhere? Let me know
if I need to supply more info about the configuration.


I have a simple configuration of two standard thick jails (named 'ssh' and
'logs') with this configuration:

===== /etc/jail.conf =====
exec.timeout = 30;
stop.timeout = 30;
path = "/usr/jail/guests/${name}";
host.hostname = "${name}.my.domain";
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
logs {
    ip6.addr = "re0|fdac::aaaa:201/64";
ssh {
    ip6.addr = "re0|fdac::aaaa:202/64";
    depend = "logs";

Each jail has the same content in their host files and no DNS servers (i.e.
name resolution is available through hosts files only):

===== /etc/hosts =====
fdac::aaaa:201    logs.my.domain logs
fdac::aaaa:202    ssh.my.domain ssh

In the client jail ssh.my.domain:

===== /etc/syslog.conf ====
*.*    @logs.my.domain

===== /etc/rc.conf ====
syslogd_flags="-8 -O syslog -s -v -v"

In the server jail logs.my.domain:

===== /etc/syslog.conf ====
*.*    /var/log/ssh.my.domain.log

===== /etc/rc.conf ====
syslogd_flags="-8 -O syslog -a '*.my.domain' -v -v"

Steps to repro (as root):

1. in the jailhost:
    # service jail onestart logs
    # service jail onestart ssh
2. inside logs.my.domain (for observing received logs):
    # tail -f /var/log/ssh.my.domain.log
    [...] follow the log
3. inside ssh.my.domain:
    # logger "hello from ssh" <--- *NOT* observed on the log server
    # service syslogd restart
    # logger "hello from ssh" <--- SUCCESS visible in log server

You are receiving this mail because:
You are the assignee for the bug.