Hey,
I spent some time reviewing logrotate scripts because we had some
reports on logrotation when SELinux was preventing it. TL;DR -
resolved the issue, filed temporary fix for our policy and RHEL BZ.
Comments below:
/var/log/foreman/*.log
Works ok, copy and truncate.
/var/log/foreman-proxy/proxy.log
/var/log/foreman-proxy/smart_proxy_dynflow_core.log
Logrotate sends SIGUSR1 which is prevented by SELinux, tracked under
http://projects.theforeman.org/issues/19053
/var/log/puppet/*log
Similar problem but SIGUSR2
For both above, I filed a RHEL BZ
https://bugzilla.redhat.com/show_bug.cgi?id=1527522 and I filed a
temporary PR to solve this via our own policy rule until RHEL 7.6 is
out. https://github.com/theforeman/foreman-selinux/pull/75
Candlepin - had some issues in the past, these are solved now.
Pulp - logs into syslog, no rotation needed.
···
--
Later,
Lukas @lzap Zapletal