8.5.4. Enabling Syslog for Cartridge Logs from Gears
Procedure 8.6. To Enable Application and Gear Context for Cartridge Logs
+++ Docs to support Bug #1096155 +++
In order to resolve the problem in bug 1096155, custom SELinux policy is required until it can be shipped as part of RHEL. This should be noted somewhere in this section.
When a gear is created on a node host with a particular UID, and gears are set up to log to the syslog, the syslog mmopenshift module caches gear environment variables to avoid having to look them up for every log entry. The problem comes when this gear is destroyed and later replaced by another with the same UID. Due to the bug, the logging cache is never cleared so the logs for the new gear appear with the context identifying it as the old one.
The necessary SELinux policy module is as follows:
module rsyslog7-mmopenshift 1.0;
require {
type syslogd_t;
type inotifyfs_t;
class dir read;
}
#============= syslogd_t ==============
# enable rsyslog7-mmopenshift to receive inotify events so that when
# a gear is removed, the cached context for its UID can also be removed.
allow syslogd_t inotifyfs_t:dir read;
------------------------------
https://github.com/openshift/openshift-extras/pull/398/files indicates how to compile and install this module. This docs section should indicate how to do this.
Once rsyslog7-7.4.7-5.7.el6op ships (should be OSE 2.1.3), that combined with the updated policy will address the bug.
Once an updated selinux-policy RPM ships with RHEL (> selinux-policy-3.7.19-237.el6), this step will no longer be necessary.