Bug 2131941

Summary: Audit 3.0 replaces audispd with auditd in RHEL 8
Product: Red Hat OpenStack Reporter: Stephane Vigan <svigan>
Component: tripleo-ansibleAssignee: OSP Team <rhos-maint>
Status: CLOSED CURRENTRELEASE QA Contact: Joe H. Rahme <jhakimra>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 16.2 (Train)CC: alee, cjeanner, cylopez, dwilde, ggrasza, jhakimra, jschluet, lsvaty, rhos-maint
Target Milestone: z4Keywords: Triaged
Target Release: ---Flags: lsvaty: needinfo? (jhakimra)
lsvaty: needinfo? (rhos-maint)
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: tripleo-ansible-0.8.1-2.20221005190228.f251fee.el8ost openstack-tripleo-heat-templates-11.6.1-2.20221010235131.e0d438c.el8ost Doc Type: Bug Fix
Doc Text:
puppet-auditd isn't maintained anymore, and we switched to a custom made ansible module in order to properly manage the service.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-06-26 12:57:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stephane Vigan 2022-10-04 08:20:23 UTC 
Description of problem:

When using template /usr/share/openstack-tripleo-heat-templates/environments/auditd.yaml to an OSP16.2.2 deployment, it fails with error : 

Oct  4 07:28:24 overcloud-controller-0 puppet-user[841885]: Notice: /Stage[main]/Auditd/File[/etc/audit/rules.d/audit.rules]/ensure: removed
Oct  4 07:28:24 overcloud-controller-0 puppet-user[841885]: Error: Could not set 'file' on ensure: No such file or directory @ dir_s_mkdir - /etc/audisp/audispd.conf20221004-841884-163y6cl.lock (file: /etc/puppet/modules/auditd/manifests/init.pp, line: 503)
Oct  4 07:28:24 overcloud-controller-0 puppet-user[841885]: Error: Could not set 'file' on ensure: No such file or directory @ dir_s_mkdir - /etc/audisp/audispd.conf20221004-841884-163y6cl.lock (file: /etc/puppet/modules/auditd/manifests/init.pp, line: 503)
Oct  4 07:28:24 overcloud-controller-0 puppet-user[841885]: Wrapped exception:
Oct  4 07:28:24 overcloud-controller-0 puppet-user[841885]: No such file or directory @ dir_s_mkdir - /etc/audisp/audispd.conf20221004-841884-163y6cl.lock
Oct  4 07:28:24 overcloud-controller-0 puppet-user[841885]: Error: /Stage[main]/Auditd/File[/etc/audisp/audispd.conf]/ensure: change from 'absent' to 'file' failed: Could not set 'file' on ensure: No such file or directory @ dir_s_mkdir - /etc/audisp/audispd.conf20221004-841884-163y6cl.lock (file: /etc/puppet/modules/auditd/manifests/init.pp, line: 503)

Version-Release number of selected component (if applicable):

OSP 16.2.2
openstack-tripleo-heat-templates-11.6.1-2.20220116004912.el8ost.noarch
puppet-auditd-2.2.1-2.20220110212259.189b22b.el8ost.noarch


Based on https://access.redhat.com/solutions/3806561 audisp configuration in now part of auditd.conf.
Comment 2 Cédric Jeanneret 2022-11-14 10:06:59 UTC 
Hello there,

puppet-auditd isn't maintained anymore, and we switched to ansible. It will be in for the next zstream.

Cheers,

C.