Bug 1439619 – Audit configuration issues

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1439619 - Audit configuration issues

Summary:	Audit configuration issues

Status:	CLOSED ERRATA

Aliases:	None

Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer (Show other bugs)
Sub Component:
Version:	3.4.1
Hardware:	Unspecified Unspecified

Priority	unspecified Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Giuseppe Scrivano
QA Contact:	Gaoyun Pei
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2017-04-06 06:27 EDT by Marko Myllynen
Modified:	2017-12-18 22:12 EST (History)
CC List:	7 users (show)

See Also:
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:	undefined
Story Points:	---
Clone Of:
Environment:
Last Closed:	2017-08-10 01:20:02 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2017:1716	normal	SHIPPED_LIVE	Red Hat OpenShift Container Platform 3.6 RPM Release Advisory	2017-08-10 05:02:50 EDT

Groups: None (edit)

Description Marko Myllynen 2017-04-06 06:27:28 EDT

Description of problem:
https://github.com/openshift/openshift-ansible/blob/master/inventory/byo/hosts.ose.example has:

# Enable API service auditing, available as of 3.2
#openshift_master_audit_config={"basicAuditEnabled": true}
Version-Release number of selected component (if applicable):

The correct parameter would be "enabled" .

It also seem to be impossible to provide more than one parameter in the inventory file, they are not expanded properly but instead appear as-is in the result master-config.yaml.

Comment 2 Takeshi Larsson 2017-04-06 08:40:19 EDT

Had this issue as well in 3.3/3.4, I had to change to Enabled to get it working. However a coworker used "basicAuditEnabled" and that worked fine for him.

Comment 4 Giuseppe Scrivano 2017-05-09 10:39:00 EDT

opened a PR:

https://github.com/openshift/openshift-ansible/pull/4130

Comment 6 Gaoyun Pei 2017-05-15 05:50:49 EDT

Verify this bug with openshift-ansible-3.6.68-1.git.0.9cbe2b7.el7.noarch.rpm

[root@gpei-test-ansible installer-master]# grep  "openshift_master_audit_config" /usr/share/doc/openshift-ansible-docs-3.6.68/docs/example-inventories/*
/usr/share/doc/openshift-ansible-docs-3.6.68/docs/example-inventories/hosts.origin.example:#openshift_master_audit_config={"enabled": true}
/usr/share/doc/openshift-ansible-docs-3.6.68/docs/example-inventories/hosts.ose.example:#openshift_master_audit_config={"enabled": true}

When set openshift_master_audit_config={"enabled": true} in ansible inventory file for ha master env installation, all masters would have the following options configured in /etc/origin/master/master-config.yaml
auditConfig:
  enabled: true

Comment 8 errata-xmlrpc 2017-08-10 01:20:02 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1716

Note You need to log in before you can comment on or make changes to this bug.