Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1636266

Summary: advanced audit documentation inconsistent with control plane running in static pods
Product: OpenShift Container Platform Reporter: raffaele spazzoli <rspazzol>
Component: DocumentationAssignee: Vikram Goyal <vigoyal>
Status: CLOSED DUPLICATE QA Contact: Xiaoli Tian <xtian>
Severity: unspecified Docs Contact: Vikram Goyal <vigoyal>
Priority: unspecified    
Version: 3.10.0CC: aos-bugs, jokerman, mmccomas, stwalter
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-12-04 21:17:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description raffaele spazzoli 2018-10-04 21:27:11 UTC 
Document URL: 
https://docs.openshift.com/container-platform/3.10/install_config/master_node_configuration.html#master-node-config-audit-config

Section Number and Name: 

Describe the issue: 
when the control plane runs in pods only some directory are mounted from the host and can be used for the audit file.
The examples given by documentation are all wrong in this respect and will lead to issues in 3.10.

Suggestions for improvement: 
1. use one of the allowed/mounted directory in the examples.
2. even better mount /var/log in the master pod so the log can be create in the expected place.

Additional information:
Comment 1 Steven Walter 2018-10-05 19:19:39 UTC 
When trying to run with something outside of the new required locations (as the current examples tell you to), you'll get:


  1. Hosts:    10.10.92.127
     Play:     Retrieve existing master configs and validate
     Task:     Check for file paths outside of /etc/origin/master in master's config
     Message:  A string value that appears to be a file path located outside of
               /etc/origin/master/, /var/lib/origin, /etc/origin/cloudprovider, /etc/origin/kubelet-plugins, /usr/libexec/kubernetes/kubelet-plugins has been found in /etc/origin/master/master-config.yaml.
               In 3.10 and newer, all files needed by the master must reside inside of
               those directories or a subdirectory or it will not be readable by the
               master process. Please migrate all files needed by the master into
               one of /etc/origin/master/, /var/lib/origin, /etc/origin/cloudprovider, /etc/origin/kubelet-plugins, /usr/libexec/kubernetes/kubelet-plugins or a subdirectory and update your master configs before
               proceeding. The string found was: /var/log/audit.log
               ***********************
               NOTE: the following items do not need to be migrated, they will be migrated
               for you: oauthConfig.identityProviders
Comment 2 Steven Walter 2018-10-05 19:20:27 UTC 
This might also be a duplciate of 1622044. If it is, we should close this in favor of the older one.
Comment 3 Scott Dodson 2018-12-04 21:17:07 UTC 

*** This bug has been marked as a duplicate of bug 1622044 ***