Bug 2230250

Summary: "foreman-rake audits:expire" cron job exited without running
Product: Red Hat Satellite Reporter: Hao Chang Yu <hyu>
Component: Audit LogAssignee: Adam Lazik <alazik>
Status: CLOSED CURRENTRELEASE QA Contact: Satellite QE Team <sat-qe-bz-list>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.13.3CC: ahumbe, alazik, apetrova, aruzicka
Target Milestone: UnspecifiedKeywords: Documentation, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-02-22 14:33:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Hao Chang Yu 2023-08-09 07:10:10 UTC 
Description of problem:
Getting the following messages in the cronjob log.
----------------
/var/log/foreman/cron.log-20230727:[2023-07-27 01:01:01] The interval for keeping the Audits is not defined in the settings, exiting...
/var/log/foreman/cron.log-20230728:[2023-07-28 01:00:59] The interval for keeping the Audits is not defined in the settings, exiting...
/var/log/foreman/cron.log-20230729:[2023-07-29 01:01:01] The interval for keeping the Audits is not defined in the settings, exiting...
/var/log/foreman/cron.log-20230730:[2023-07-30 01:01:01] The interval for keeping the Audits is not defined in the settings, exiting...
/var/log/foreman/cron.log-20230731:[2023-07-31 01:00:59] The interval for keeping the Audits is not defined in the settings, exiting...
/var/log/foreman/cron.log-20230801:[2023-08-01 01:01:00] The interval for keeping the Audits is not defined in the settings, exiting...
/var/log/foreman/cron.log-20230802:[2023-08-02 01:00:58] The interval for keeping the Audits is not defined in the settings, exiting...
/var/log/foreman/cron.log-20230803:[2023-08-03 01:01:00] The interval for keeping the Audits is not defined in the settings, exiting...
/var/log/foreman/cron.log-20230804:[2023-08-04 01:00:59] The interval for keeping the Audits is not defined in the settings, exiting...
/var/log/foreman/cron.log-20230805:[2023-08-05 01:01:01] The interval for keeping the Audits is not defined in the settings, exiting...
/var/log/foreman/cron.log-20230806:[2023-08-06 01:01:00] The interval for keeping the Audits is not defined in the settings, exiting...
/var/log/foreman/cron.log-20230807:[2023-08-07 01:01:02] The interval for keeping the Audits is not defined in the settings, exiting...
/var/log/foreman/cron.log-20230808:[2023-08-08 01:01:01] The interval for keeping the Audits is not defined in the settings, exiting...
/var/log/foreman/cron.log-20230809:[2023-08-09 01:01:02] The interval for keeping the Audits is not defined in the settings, exiting...
----------------


This is because the audit_period setting is empty by default.
~~~
# hammer settings info --name audits_period
Id:            audits_period
Name:          audits_period
Description:   Duration in days to preserve audits for. Leave empty to disable the audits cleanup.
Category:      General
Settings type: 
Value:
~~~

Based on the documentation, default should be 90 days.
~~~
16.1. Deleting Audit Records

Audit records are created automatically in Satellite. You can use the foreman-rake audits:expire command to remove audits at any time. You can also use a cron job to schedule audit record deletions at the set interval that you want.

By default, using the foreman-rake audits:expire command removes audit records that are older than 90 days. You can specify the number of days to keep the audit records by adding the days option and add the number of days. 
~~~



How reproducible:
always

Steps to Reproduce:
1. Run foreman-rake audits:expire

Actual results:
The interval for keeping the Audits is not defined in the settings, exiting...


Expected results:
deleted some audit history
Comment 1 Adam Ruzicka 2023-08-10 07:42:56 UTC 
The cron and the setting were added as part of https://bugzilla.redhat.com/show_bug.cgi?id=1703496 . Digging through history a bit this sounds intentional, or at least per https://projects.theforeman.org/issues/27024#note-4 . The infrastructure is there in case anyone needs it, in which case they can just set a setting instead of fiddling with crons.

Would it be ok if we updated the documentation instead?
Comment 2 Hao Chang Yu 2023-08-10 07:59:51 UTC 
(In reply to Adam Ruzicka from comment #1)
> The cron and the setting were added as part of
> https://bugzilla.redhat.com/show_bug.cgi?id=1703496 . Digging through
> history a bit this sounds intentional, or at least per
> https://projects.theforeman.org/issues/27024#note-4 . The infrastructure is
> there in case anyone needs it, in which case they can just set a setting
> instead of fiddling with crons.
> 
> Would it be ok if we updated the documentation instead?

There is a risk. The customer expect it to run and do the clean up because it has been like that for long time. If this script stop running suddenly, customers might not notice that and the database size can blow up slowly until the storage size is full.
Comment 4 Adam Ruzicka 2023-08-10 08:05:48 UTC 
What has been like that for a long time?
Comment 5 Hao Chang Yu 2023-08-10 08:28:55 UTC 
(In reply to Adam Ruzicka from comment #4)
> What has been like that for a long time?

the 90 days default
Comment 6 Adam Ruzicka 2023-08-10 14:56:08 UTC 
Now this is a bit tricky. If I'm reading things right, before 6.12 there was a default cleanup interval, but it wasn't set up by us to run periodically. The users had to go in and set it up themselves. With 6.12 the situation flipped - it is set up to run periodically ootb, but the interval is unset so it doesn't do anything. Is this assessment correct or have I missed anything?
Comment 7 Hao Chang Yu 2023-08-11 01:10:31 UTC 
(In reply to Adam Ruzicka from comment #6)
> Now this is a bit tricky. If I'm reading things right, before 6.12 there was

Before 6.11

> a default cleanup interval

In 6.10 (foreman-2.5.2.21-1.el7sat.noarch), /usr/share/foreman/lib/tasks/audits.rake
~~~
  def before_date
    @before_date ||= ENV['days'] ? ENV['days'].to_i.days.ago : 90.days.ago
  end
~~~

>, but it wasn't set up by us to run periodically.
> The users had to go in and set it up themselves.

Yes, I think you are right. The cron job is not in 6.10. In this case, it is probably fine to just correct the documentation?
Comment 8 Adam Ruzicka 2023-08-11 08:40:14 UTC 
Alright, thank you.
Comment 10 Adam Lazik 2024-02-02 14:00:13 UTC 
Hi!
I prepared a draft of the new documentation that clarifies the automatic and manual deletion of audits. This draft will go through an SME review, and as such, the contents are subject to change.
https://github.com/theforeman/foreman-documentation/pull/2738
Comment 11 Adam Lazik 2024-02-22 14:33:25 UTC 
The new documentation has been published:
6.14: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html-single/administering_red_hat_satellite/index#Deleting_Audit_Records_Automatically_admin
6.13: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.13/html-single/administering_red_hat_satellite/index#Deleting_Audit_Records_Automatically_admin
6:12: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.12/html-single/administering_red_hat_satellite/index#Deleting_Audit_Records_Automatically_admin