Bug 1710723 - If Advanced Audit is configured during initial installation, Control plane pods didn't come up
Summary: If Advanced Audit is configured during initial installation, Control plane po...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.11.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 3.11.z
Assignee: Joseph Callen
QA Contact: Gaoyun Pei
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-05-16 07:46 UTC by Daein Park
Modified: 2019-06-26 09:08 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-26 09:08:11 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:1605 None None None 2019-06-26 09:08:20 UTC

Description Daein Park 2019-05-16 07:46:34 UTC
Description of problem:

If "openshift_master_audit_config" is configured during first installation, the control plane is failed. Because policyFile can not be found due to not copying to the specified path.

Look "policyFile" parameter, the policy file can configure only target path.
~~~
openshift_master_audit_config={"enabled": true, "auditFilePath": "/var/lib/origin/audit-ocp.log", "maximumFileRetentionDays": 14, "maximumFileSizeMegabytes": 500, "maximumRetainedFiles": 5, "policyFile": "/etc/origin/master/adv-audit.yaml", "logFormat":"json"}
~~~

Version-Release number of the following components:
rpm -q openshift-ansible

openshift-ansible-3.11.98-1.git.0.3cfa7c3.el7.noarch

rpm -q ansible

ansible-2.6.6-1.el7ae.noarch

ansible --version

ansible 2.6.6
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, May 31 2018, 09:41:32) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]

How reproducible:
You can always reproduce it if you are configured "openshift_master_audit_config" with "policyFile".

Actual results:
The installer was failed with "Message:  Control plane pods didn't come up".

Expected results:
The policy file of audit will be copied to right path and succeed the installation.


Additional info:
Advanced Audit: https://docs.openshift.com/container-platform/3.11/install_config/master_node_configuration.html#master-node-config-advanced-audit

Comment 8 errata-xmlrpc 2019-06-26 09:08:11 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1605


Note You need to log in before you can comment on or make changes to this bug.