Bug 1631087
Summary: | Cannot see basic audit log | |||
---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Renato Puccini <rpuccini> | |
Component: | Master | Assignee: | Maciej Szulik <maszulik> | |
Status: | CLOSED ERRATA | QA Contact: | ge liu <geliu> | |
Severity: | high | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 3.9.0 | CC: | aos-bugs, bandrade, jokerman, maszulik, mfojtik, mmccomas, wsun, xxia | |
Target Milestone: | --- | |||
Target Release: | 3.9.z | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: |
Cause:
Default log format for audit was set to json.
Consequence:
Audit log was always printed using json format.
Fix:
Allow setting log format as specified in master-config.yaml
Result:
Audit log contains values per configured log format.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1632154 1632155 (view as bug list) | Environment: | ||
Last Closed: | 2018-11-20 03:12:03 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1632154, 1632155 |
Description
Renato Puccini
2018-09-19 20:46:25 UTC
Failed to verify it with latest ocp vesion: oc v3.9.47 kubernetes v1.9.1+a0ce1bc657 features: Basic-Auth GSSAPI Kerberos SPNEGO basic audit config in master-config.yaml: auditConfig: auditFilePath: "/etc/origin/master/audit-ocp.log" enabled: true maximumFileRetentionDays: 10 maximumFileSizeMegabytes: 10 maximumRetainedFiles: 10 audit-ocp.log: {"kind":"Event","apiVersion":"audit.k8s.io/v1beta1","metadata":{"creationTimestamp":"2018-10-15T04:48:54Z"},"level":"Metadata","timestamp":"2018-10-15T04:48:54Z","auditID":"f96a325c-8b85-4c2e-bc7b-d623fad28a15","stage":"RequestReceived","requestURI":"/api/v1/namespaces/kube-service-catalog/configmaps/service-catalog-controller-manager","verb":"update","user":{"username":"system:serviceaccount:kube-service-catalog:service-catalog-controller","uid":"aaecac90-d02a-11e8-b631-0e95e51c6da0","groups":["system:serviceaccounts","system:serviceaccounts:kube-service-catalog","system:authenticated"]},"sourceIPs":["10.129.0.6"],"objectRef":{"resource":"configmaps","namespace":"kube-service-catalog","name":"service-catalog-controller-manager","apiVersion":"v1"},"requestReceivedTimestamp":"2018-10-15T04:48:54.646813Z","stageTimestamp":"2018-10-15T04:48:54.646813Z"} Ge liu you need to explicitly specify logFormat parameter, if you don't we default to json for backwards compatibility. So this is working as expected. Verified in ocp: openshift v3.9.47 kubernetes v1.9.1+a0ce1bc657 etcd 3.2.16 master-config.yaml: auditConfig: auditFilePath: "/etc/origin/master/1audit-ocp.log" logFormat: legacy enabled: true maximumFileRetentionDays: 10 maximumFileSizeMegabytes: 10 maximumRetainedFiles: 10 2018-10-15T07:30:33.97529349-04:00 AUDIT: id="6c7b2a34-2a03-4b54-82f1-b382d0ebcb0d" stage="RequestReceived" ip="172.18.13.11" method="list" user="system:node:ip-172-18-13-11.ec2.internal" groups="\"system:nodes\",\"system:authenticated\"" as="<self>" asgroups="<lookup>" namespace="<none>" uri="/apis/network.openshift.io/v1/egressnetworkpolicies?limit=500&resourceVersion=0" response="<deferred>" @maszulik, as we discussed on irc, I will file a new doc bug to trace the doc issues, thx Commit pushed to master at https://github.com/openshift/origin https://github.com/openshift/origin/commit/2a2b7f254f858d83b4ad038f8db6cb923501a943 Merge pull request #21081 from soltysh/bug1631087 Bug 1632155 - Accept logFormat when passed to audit config Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:2908 |