Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1869293

Summary: The configmap name looks confusing in aide-ds pod logs
Product: OpenShift Container Platform Reporter: xiyuan
Component: File Integrity OperatorAssignee: Matt Rogers <mrogers>
Status: CLOSED ERRATA QA Contact: xiyuan
Severity: low Docs Contact:
Priority: low    
Version: 4.6CC: jhrozek, josorior, mrogers, nkinder, pdhamdhe
Target Milestone: ---   
Target Release: 4.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-24 15:15:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description xiyuan 2020-08-17 12:26:28 UTC
escription of Problem:
The configmap name looks confusing in aide-ds pod logs

Version-Release number of selected component (if applicable):
4.6.0-0.nightly-2020-08-16-072105

How Reproducible:
Always

Steps to Reproduce:
1. install file-integrity-operator:
$ git clone git:openshift/file-integrity-operator.git
$ oc login -u kubeadmin -p <pw>
$ oc create -f file-integrity-operator/deploy/ns.yaml
$ oc project openshift-file-integrity
$ for l in `ls -1 file-integrity-operator/deploy/crds/*crd.yaml`; do $ oc create -f $l; done
$ oc create -f file-integrity-operator/deploy/

2. create a fileintegrity without a configmap:
$ oc apply -f - <<EOF
apiVersion: fileintegrity.openshift.io/v1alpha1
kind: FileIntegrity
metadata:
  name: example-fileintegrity
  namespace: openshift-file-integrity
spec:
  # Change to debug: true to enable more verbose logging from the logcollector
  # container in the aide pods
  debug: false
  config: {}
EOF


Actual Results:
1. if there is no failure triggered, there is "Created OK configMap 'aide-ds-example-fileintegrity2-juzhao-osp-2lp4l-master-0'" in aide-ds pod. However, the configmap aide-ds-example-fileintegrity2-juzhao-osp-2lp4l-master-0 not exist.

$ oc logs pod/aide-ds-example-fileintegrity2-ghrf8
Starting the AIDE runner daemon
running aide check
aide check returned status 0
Created OK configMap 'aide-ds-example-fileintegrity2-juzhao-osp-2lp4l-master-0'
running aide check
aide check returned status 0
Created OK configMap 'aide-ds-example-fileintegrity2-juzhao-osp-2lp4l-master-0'
running aide check

$ oc get cm | grep aide-ds-example-fileintegrity2
$ 

2. If there is failures triggered, there is "Created log configMap 'aide-ds-example-fileintegrity2-juzhao-osp-2lp4l-master-0'" in logs of aide-ds pod. However, the configmap  aide-ds-example-fileintegrity2-juzhao-osp-2lp4l-master-0 not exist. 
$ oc logs pod/aide-ds-example-fileintegrity2-ghrf8 | tail
Created OK configMap 'aide-ds-example-fileintegrity2-juzhao-osp-2lp4l-master-0'
running aide check
aide check returned status 0
Created OK configMap 'aide-ds-example-fileintegrity2-juzhao-osp-2lp4l-master-0'
running aide check
aide check returned status 0
Created OK configMap 'aide-ds-example-fileintegrity2-juzhao-osp-2lp4l-master-0'
running aide check
aide check returned status 1
Created log configMap 'aide-ds-example-fileintegrity2-juzhao-osp-2lp4l-master-0'

$ oc extract cm/aide-ds-example-fileintegrity2-juzhao-osp-2lp4l-master-0 --confirm
Error from server (NotFound): configmaps "aide-ds-example-fileintegrity2-juzhao-osp-2lp4l-master-0" not found

$ oc get cm | grep aide-ds-example-fileintegrity2
aide-ds-example-fileintegrity2-juzhao-osp-2lp4l-master-0-failed      1      17s
aide-ds-example-fileintegrity2-juzhao-osp-2lp4l-worker-klbk5         0      9s
aide-ds-example-fileintegrity2-juzhao-osp-2lp4l-worker-q8dqz         0      3s
aide-ds-example-fileintegrity2-juzhao-osp-2lp4l-worker-qrmrj         0      7s
$ oc get cm | grep aide-ds-example-fileintegrity2
aide-ds-example-fileintegrity2-juzhao-osp-2lp4l-master-0-failed      1      40s
$ oc extract cm/aide-ds-example-fileintegrity2-juzhao-osp-2lp4l-master-0-failed --confirm
integritylog
$ cat integritylog 
Entry /hostroot/etc/DIR_COLORS in databases has different attributes: 30020001d b8020081d
...
Entry /hostroot/etc/xdg/autostart in databases has different attributes: 30020001d b0020081d
Entry /hostroot/etc/xdg/systemd in databases has different attributes: 30020001d b0020081d
Entry /hostroot/etc/xdg/systemd/user in databases has different attributes: 30000001d b0000081d
open_dir():No such file or directory: /hostroot/opt/cni
AIDE 0.15.1 found differences between database and filesystem!!
Start timestamp: 2020-08-17 11:38:45

Summary:
  Total number of files:        33908
  Added files:                        1
  Removed files:                0
  Changed files:                0

---------------------------------------------------
Added files:
---------------------------------------------------

added: /hostroot/root/test1

Expected Results:
1. if there is no failure triggered, remove the log "Created OK configMap 'aide-ds-example-fileintegrity2-juzhao-osp-2lp4l-master-0'" in logs of aide-ds pod. 
2. If there is failures triggered, there is "Created log configMap 'aide-ds-example-fileintegrity2-juzhao-osp-2lp4l-master-0-failed'" in logs of aide-ds pod.

Comment 2 xiyuan 2020-08-18 03:13:34 UTC
Hi Matt, 
There is no timestamp in the logs. Is it possible to add it? Thanks.
So a user will know when a failure was triggered.

Comment 3 Juan Antonio Osorio 2020-09-09 17:32:03 UTC
Is the original issue closed? Should we use a separate bug to track the timestamp RFE?

Is `oc logs <pod name> -c <container name> --timestamps` enough to fill the timestamp requirement?

Comment 15 errata-xmlrpc 2021-02-24 15:15:36 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633