Bug 1630759

Summary: Can not enable audit log in OCP3.10
Product: OpenShift Container Platform Reporter: wangzhida <zhiwang>
Component: MasterAssignee: Michal Fojtik <mfojtik>
Status: CLOSED DUPLICATE QA Contact: Xingxing Xia <xxia>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.10.0CC: aos-bugs, jokerman, mmccomas
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-09-19 11:59:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description wangzhida 2018-09-19 08:23:12 UTC 
Description of problem:

Follow this doc to config audit for OCP3.10:
https://docs.openshift.com/container-platform/3.10/install_config/master_node_configuration.html#master-node-config-audit-config

However, after restart master with CMD: master-restart api & master-restart controllers, There are no log output to /var/log/


Steps to Reproduce:
1. edit /etc/origin/master/master-config.yaml
2. add below lines and save
    auditConfig:
      auditFilePath: "/var/log/audit-ocp.log"
      enabled: true
      maximumFileRetentionDays: 10
      maximumFileSizeMegabytes: 10
      maximumRetainedFiles: 10

3. restart api and controllers with below CMD and get reply 2
    #master-restart api 
    #2
    #master-restart controllers
    #2 

4. test with command $oc get pod etc.. and check /var/log

Actual results:
   No files named audit-ocp.log exist。 

Expected results:
  It should see a file named audit-ocp.log
 
Additional info:

   There is no issue in OCP3.9, But the restart command is different with 3.10, That is : systemctl restart atomic-openshift-master-api. and this command can not be used in OCP 3.10
Comment 1 Xingxing Xia 2018-09-19 11:59:34 UTC 

*** This bug has been marked as a duplicate of bug 1565555 ***