1495103 – audit log doesn't work now

Bug 1495103 - audit log doesn't work now

Summary: audit log doesn't work now

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Master
Sub Component:
Version:	3.7.0
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	3.7.0
Assignee:	Maciej Szulik
QA Contact:	Wang Haoran
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-09-25 08:21 UTC by ge liu
Modified:	2017-11-28 22:12 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: Inappropriate master initialization, which was swallowing the bits of configuration responsible for auditing. Consequence: The audit was not enabled properly. Fix: Fix the master initiation so that audit properties are passed accordingly. Result: Audit is working as expected.
Clone Of:
Environment:
Last Closed:	2017-11-28 22:12:28 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2017:3188	0	normal	SHIPPED_LIVE	Moderate: Red Hat OpenShift Container Platform 3.7 security, bug, and enhancement update	2017-11-29 02:34:54 UTC

Description ge liu 2017-09-25 08:21:49 UTC

Description of problem:

Config audit log in master-config.yaml, then restart openshift master service, the audit log file have not be created as expected.
 Setup audit in master-config file:

auditConfig:
  auditFilePath: "/var/log/audit-ocp.log"
  enabled: true
  maximumFileRetentionDays: 10
  maximumFileSizeMegabytes: 10
  maximumRetainedFiles: 10



openshift v3.7.0-0.127.0
kubernetes v1.7.0+80709908fd
etcd 3.2.1

How reproducible:
Always


Steps to Reproduce:

As description above.

Actual results:
audit log have not be created.
Expected results:
audit log be created.

Comment 1 Maciej Szulik 2017-09-26 08:41:39 UTC

There was a bug that was resolved when enabling advanced audit [1]. You need to wait for a build with that in. 


[1] https://github.com/openshift/origin/pull/16128

Comment 2 Maciej Szulik 2017-09-27 05:49:08 UTC

Just checked builds starting from 3.7.0-0.128.0] should have that fix.

Comment 3 ge liu 2017-09-27 09:10:20 UTC

We will test it after puddle:3.7.0-0.128.0 ready for using.

Comment 4 ge liu 2017-09-28 08:25:56 UTC

Verified with ocp version:
openshift v3.7.0-0.131.0
kubernetes v1.7.0+80709908fd
etcd 3.2.1

Verified steps are following recreate steps.

Comment 8 errata-xmlrpc 2017-11-28 22:12:28 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3188

Note You need to log in before you can comment on or make changes to this bug.