1619453 – File path validations fails when putting audit logs under /var/log

Bug 1619453 - File path validations fails when putting audit logs under /var/log

Summary: File path validations fails when putting audit logs under /var/log

Keywords:
Status:	CLOSED DUPLICATE of bug 1565555
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	3.10.0
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	3.10.z
Assignee:	Michael Gugino
QA Contact:	Johnny Liu
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-08-20 21:18 UTC by Matthew Robson
Modified:	2018-08-21 18:03 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-08-21 18:03:40 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Matthew Robson 2018-08-20 21:18:01 UTC

Description of problem:

Putting the audit log under /var/log/XX causes the installer to fail.

We use /var/log/audit-ocp.log as the default in 3.10 docs: https://docs.openshift.com/container-platform/3.10/install_config/master_node_configuration.html#master-node-config-audit-config

INSTALLER STATUS ***********************************************************************************************************************************************************************
Initialization  : In Progress (0:00:58)


Failure summary:


  1. Hosts:    osemndvl04w001.paychex.com, osemndvl04w002.paychex.com, osemndvl04w003.paychex.com
     Play:     Retrieve existing master configs and validate
     Task:     Check for file paths outside of /etc/origin/master in master's config
     Message:  A string value that appears to be a file path located outside of
               /etc/origin/master/, /var/lib/origin, /etc/origin/cloudprovider, /etc/origin/kubelet-plugins, /usr/libexec/kubernetes/kubelet-plugins has been found in /etc/origin/master/master-config.yaml.
               In 3.10 and newer, all files needed by the master must reside inside of
               those directories or a subdirectory or it will not be readable by the
               master process. Please migrate all files needed by the master into
               one of /etc/origin/master/, /var/lib/origin, /etc/origin/cloudprovider, /etc/origin/kubelet-plugins, /usr/libexec/kubernetes/kubelet-plugins or a subdirectory and update your master configs before
               proceeding. The string found was: /var/log/audit-ocp.log
               ***********************
               NOTE: the following items do not need to be migrated, they will be migrated
               for you: oauthConfig.identityProviders


Version-Release number of the following components:
3.10

How reproducible:

Always

Steps to Reproduce:
1. Set the audit log per our documented examples and it fails

Actual results:
Please include the entire output from the last TASK line through the end of output if an error is generated

Install fails.

Expected results:

Audit logging should be allowed under /var/log/

Additional info:
Please attach logs from ansible-playbook with the -vvv flag

Note You need to log in before you can comment on or make changes to this bug.