Bug 1678612 - [Nextgen] can't open new logfile: open /var/log/openshift-apiserver/audit.log: permission denied
Summary: [Nextgen] can't open new logfile: open /var/log/openshift-apiserver/audit.log...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Master
Version: 4.1.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.1.0
Assignee: Maciej Szulik
QA Contact: Xingxing Xia
URL:
Whiteboard:
: 1679601 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-02-19 08:31 UTC by Xingxing Xia
Modified: 2019-06-04 10:44 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-04 10:44:14 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:0758 None None None 2019-06-04 10:44:20 UTC

Description Xingxing Xia 2019-02-19 08:31:09 UTC
Description of problem:
Many such errors
$ oc logs ds/apiserver -n openshift-apiserver
...
E0219 08:13:30.573189       1 metrics.go:86] Error in audit plugin 'log' affecting 1 audit events: can't open new logfile: open /var/log/openshift-apiserver/audit.log: permission denied
...

Version-Release number of selected component (if applicable):
$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.0.0-0.nightly-2019-02-18-223936   True        False         5h16m   Cluster version is 4.0.0-0.nightly-2019-02-18-223936

How reproducible:
Always

Steps to Reproduce:
1. Create nextgen env
2. Check log
$ oc logs ds/apiserver -n openshift-apiserver

Actual results:
2. Many above errors

Expected results:
2. No such errors

Additional info:
$ oc rsh -n openshift-apiserver ds/apiserver
sh-4.2# ls /var/log/
anaconda  btmp  lastlog  openshift-apiserver  rhsm  tallylog  wtmp  yum.log
sh-4.2# ls /var/log/openshift-apiserver
ls: cannot open directory /var/log/openshift-apiserver: Permission denied
sh-4.2# ls -ld /var/log/openshift-apiserver
drwxr-xr-x. 2 root root 6 Feb 19 02:56 /var/log/openshift-apiserver
sh-4.2# getfacl /var/log/openshift-apiserver
getfacl: Removing leading '/' from absolute path names
# file: var/log/openshift-apiserver
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

Comment 1 shahan 2019-02-19 08:54:22 UTC
FYI, related issue from upstream: https://github.com/openshift/origin/issues/22050

Comment 3 Xingxing Xia 2019-02-22 05:00:26 UTC
*** Bug 1679601 has been marked as a duplicate of this bug. ***

Comment 4 Xingxing Xia 2019-02-25 11:00:51 UTC
Verified in build 4.0.0-0.nightly-2019-02-24-045124

Comment 7 errata-xmlrpc 2019-06-04 10:44:14 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0758


Note You need to log in before you can comment on or make changes to this bug.