Instruction for testing the fix: 1. Deploy an HA overcloud 2. verify that HAProxy logs are now stored into a new dedicated file /var/log/containers/haproxy/haproxy.log 3. verify that there's no SELinux denials due to this new file access Notes: . HAProxy logs should still be stored in the journal, as systemd forwards its logs to rsyslog, which in turns stores haproxy entries into the new haproxy log file . HA routers (that spawn an HAProxy) won't store any log under /var/log/containers/hapoxy/haproxy.log
Verified, [stack@undercloud-0 ~]$ ansible controller-0 -b -mshell -a'rpm -qa |grep puppet-tripleo' [WARNING]: Found both group and host with same name: undercloud [WARNING]: Consider using the yum, dnf or zypper module rather than running rpm. If you need to use command because yum, dnf or zypper is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of this message. controller-0 | SUCCESS | rc=0 >> puppet-tripleo-9.3.1-0.20190119004939.e8adf4b.el7ost.noarch [stack@undercloud-0 ~]$ ansible controller-0 -b -mshell -a'head /var/log/containers/haproxy/haproxy.log' [WARNING]: Found both group and host with same name: undercloud controller-0 | SUCCESS | rc=0 >> Feb 28 09:50:16 controller-2 haproxy[11]: Proxy aodh started. Feb 28 09:50:16 controller-2 haproxy[11]: Proxy cinder started. Feb 28 09:50:16 controller-2 haproxy[11]: Proxy glance_api started. Feb 28 09:50:16 controller-2 haproxy[11]: Proxy gnocchi started. Feb 28 09:50:16 controller-2 haproxy[11]: Proxy haproxy.stats started. Feb 28 09:50:16 controller-2 haproxy[11]: Proxy heat_api started. Feb 28 09:50:16 controller-2 haproxy[11]: Proxy heat_cfn started. Feb 28 09:50:16 controller-2 haproxy[11]: Proxy horizon started. Feb 28 09:50:16 controller-2 haproxy[11]: Proxy keystone_admin started. Feb 28 09:50:16 controller-2 haproxy[11]: Proxy keystone_public started. [stack@undercloud-0 ~]$ ansible controller-0 -b -mshell -a'grep haproxy /var/log/secure' [WARNING]: Found both group and host with same name: undercloud controller-0 | FAILED | rc=1 >> non-zero return code
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0446