Bug 1437456
| Summary: | auditFilePath is logging to master container instead of host. | |||
|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Joel Rosental R. <jrosenta> | |
| Component: | Installer | Assignee: | Giuseppe Scrivano <gscrivan> | |
| Status: | CLOSED ERRATA | QA Contact: | Gaoyun Pei <gpei> | |
| Severity: | low | Docs Contact: | ||
| Priority: | low | |||
| Version: | 3.4.0 | CC: | aos-bugs, jokerman, jrosenta, mmccomas, myllynen, pweil, sdodson, smunilla | |
| Target Milestone: | --- | |||
| Target Release: | 3.4.z | |||
| Hardware: | Unspecified | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1440779 (view as bug list) | Environment: | ||
| Last Closed: | 2017-06-15 18:37:12 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1440779 | |||
|
Description
Joel Rosental R.
2017-03-30 11:10:16 UTC
Remotely related: https://bugzilla.redhat.com/show_bug.cgi?id=1439619 . Proposed fix: https://github.com/openshift/openshift-ansible/pull/3872 And for the system container version: https://github.com/openshift/origin/pull/13657 backported to 1.4: https://github.com/openshift/openshift-ansible/pull/3886 Verify this bug with openshift-ansible-3.4.93-1.git.0.a6c353e.el7.noarch.rpm
Enable audit config for a containerized installation in ansible inventory file:
openshift_master_audit_config={"enabled": true, "auditFilePath": "/var/log/audit-ocp.log", "maximumFileRetentionDays": 10,"maximumRetainedFiles": 10,"maximumFileSizeMegabytes": 100}
After installation, check master config file
auditConfig:
auditFilePath: /var/log/audit-ocp.log
enabled: true
maximumFileRetentionDays: 10
maximumFileSizeMegabytes: 100
maximumRetainedFiles: 10
On master host, check the log file
-bash-4.2# tail /var/log/audit-ocp.log
2017-06-05T06:22:12.504559595Z AUDIT: id="0b6fca69-d7e3-4e6b-b5fa-2fbef4ff8f7e" ip="172.18.2.189" method="GET" user="system:node:ip-172-18-2-189.ec2.internal" as="<self>" asgroups="<lookup>" namespace="<none>" uri="/api/v1/watch/services?resourceVersion=4835&timeoutSeconds=587"
2017-06-05T06:22:12.504981404Z AUDIT: id="0b6fca69-d7e3-4e6b-b5fa-2fbef4ff8f7e" response="200"
Inside the master contaier, check the log file
[root@ip-172-18-4-224 origin]# tail /var/log/audit-ocp.log
2017-06-05T06:22:50.780492517Z AUDIT: id="dbedd68c-48e8-49d6-beb2-4015dda16dfb" ip="172.18.4.224" method="GET" user="system:serviceaccount:openshift-infra:job-controller" as="<self>" asgroups="<lookup>" namespace="<none>" uri="/apis/batch/v2alpha1/jobs"
2017-06-05T06:22:50.780854646Z AUDIT: id="dbedd68c-48e8-49d6-beb2-4015dda16dfb" response="200"
2017-06-05T06:22:52.27943335Z AUDIT: id="78cc8182-d921-407a-a08c-aea48f48e10d" ip="172.18.4.224" method="GET" user="system:openshift-master" as="<self>" asgroups="<lookup>" namespace="<none>" uri="/api/v1/nodes?resourceVersion=0"
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:1425 |