Skip to content

Logrotate Handler Causes Role to Fail When Log Already Exists #913

New issue
New issue
Open
#914
Open
Logrotate Handler Causes Role to Fail When Log Already Exists#913
#914
Labels
bugSomething isn't working
@marshallwp

Description

@marshallwp
marshallwp
opened on Oct 13, 2025

Bug Overview

If:

  • You are updating an existing installation of nginx installed and configured by this role
  • The role was previously used to configure logrotate
  • The previously installed nginx instance has run long enough for at least one log rotation to occur
  • You rerun this ansible nginx role.

Then the role will fail when the logrotate handler is run, with an error similar to:

RUNNING HANDLER [nginxinc.nginx : (Handler) Start logrotate] *********************************************************************************************************************************************************
fatal: [youtrack]: FAILED! => {
    "changed": false,
    "cmd": [
        "logrotate",
        "-f",
        "/etc/logrotate.d/nginx"
    ],
    "delta": "0:00:00.295036",
    "end": "2025-10-13 10:06:57.227363",
    "rc": 1,
    "start": "2025-10-13 10:06:56.932327"
}

STDERR:

error: destination /var/log/nginx/access.log-20251013 already exists, skipping rotation
error: destination /var/log/nginx/error.log-20251013 already exists, skipping rotation


MSG:

non-zero return code
...ignoring

RUNNING HANDLER [nginxinc.nginx : (Handler) Print logrotate error if config check fails] *****************************************************************************************************************************
fatal: [youtrack]: FAILED! => {
    "failed_when_result": true,
    "logrotate_check['stderr_lines']": [
        "error: destination /var/log/nginx/access.log-20251013 already exists, skipping rotation",
        "error: destination /var/log/nginx/error.log-20251013 already exists, skipping rotation"
    ]
}

Despite this being a benign and expected condition on existing installs, it is configured to be treated as fatal, and blocks further execution of the playbook.

Expected Behavior

The role notes the error, but does not treat it as a failure and continues on. This will require changing the failed_when condition on the debug step to exclude this specific error.

ansible-role-nginx/handlers/main.yml

Lines 60 to 68 in 5271d0c

- name: (Handler) Print logrotate error if config check fails
ansible.builtin.debug:
var: logrotate_check['stderr_lines']
failed_when: logrotate_check['rc'] != 0
when:
- logrotate_check['stderr_lines'] is defined
- logrotate_check['stderr_lines'] != []
- logrotate_check['rc'] != 0
listen: (Handler) Run logrotate

Steps to Reproduce the Bug

Run an Ansible playbook with the nginx role to reconfigure/validate the state of an existing nginx instance. This instance must have have a file with the expected name of a rotated log. This can be created either via logrotation or via touch.

When the execution reaches the logrotate handlers steps it will fail.

NOTE: This issue occurs even if nginx_logrotate_conf_enable: false as that value is ignored by the handlers.

Environment Details

  • Target deployment platforms: KVM VMs
  • Target OSs: Oracle Linux 9
  • Host OS (where you are running Ansible from): DevContainer - ghcr.io/ansible/community-ansible-dev-tools:latest
  • Version of the NGINX Ansible role (or specific commit): 0.25.0
  • Version of Ansible: 2.17.6
  • How is Ansible being managed: CLI
  • Version of Jinja2 (if you are using any templating capability): 3.1.4

Additional Context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions