Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1619453

Summary: File path validations fails when putting audit logs under /var/log
Product: OpenShift Container Platform Reporter: Matthew Robson <mrobson>
Component: InstallerAssignee: Michael Gugino <mgugino>
Status: CLOSED DUPLICATE QA Contact: Johnny Liu <jialiu>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.10.0CC: aos-bugs, jokerman, mmccomas, sdodson
Target Milestone: ---   
Target Release: 3.10.z   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-08-21 18:03:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Matthew Robson 2018-08-20 21:18:01 UTC 
Description of problem:

Putting the audit log under /var/log/XX causes the installer to fail.

We use /var/log/audit-ocp.log as the default in 3.10 docs: https://docs.openshift.com/container-platform/3.10/install_config/master_node_configuration.html#master-node-config-audit-config

INSTALLER STATUS ***********************************************************************************************************************************************************************
Initialization  : In Progress (0:00:58)


Failure summary:


  1. Hosts:    osemndvl04w001.paychex.com, osemndvl04w002.paychex.com, osemndvl04w003.paychex.com
     Play:     Retrieve existing master configs and validate
     Task:     Check for file paths outside of /etc/origin/master in master's config
     Message:  A string value that appears to be a file path located outside of
               /etc/origin/master/, /var/lib/origin, /etc/origin/cloudprovider, /etc/origin/kubelet-plugins, /usr/libexec/kubernetes/kubelet-plugins has been found in /etc/origin/master/master-config.yaml.
               In 3.10 and newer, all files needed by the master must reside inside of
               those directories or a subdirectory or it will not be readable by the
               master process. Please migrate all files needed by the master into
               one of /etc/origin/master/, /var/lib/origin, /etc/origin/cloudprovider, /etc/origin/kubelet-plugins, /usr/libexec/kubernetes/kubelet-plugins or a subdirectory and update your master configs before
               proceeding. The string found was: /var/log/audit-ocp.log
               ***********************
               NOTE: the following items do not need to be migrated, they will be migrated
               for you: oauthConfig.identityProviders


Version-Release number of the following components:
3.10

How reproducible:

Always

Steps to Reproduce:
1. Set the audit log per our documented examples and it fails

Actual results:
Please include the entire output from the last TASK line through the end of output if an error is generated

Install fails.

Expected results:

Audit logging should be allowed under /var/log/

Additional info:
Please attach logs from ansible-playbook with the -vvv flag