Bug 2131941 - Audit 3.0 replaces audispd with auditd in RHEL 8 [NEEDINFO]
Summary: Audit 3.0 replaces audispd with auditd in RHEL 8
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: tripleo-ansible
Version: 16.2 (Train)
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: z4
: ---
Assignee: OSP Team
QA Contact: Joe H. Rahme
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-10-04 08:20 UTC by Stephane Vigan
Modified: 2023-06-26 12:57 UTC (History)
9 users (show)

Fixed In Version: tripleo-ansible-0.8.1-2.20221005190228.f251fee.el8ost openstack-tripleo-heat-templates-11.6.1-2.20221010235131.e0d438c.el8ost
Doc Type: Bug Fix
Doc Text:
puppet-auditd isn't maintained anymore, and we switched to a custom made ansible module in order to properly manage the service.
Clone Of:
Environment:
Last Closed: 2023-06-26 12:57:44 UTC
Target Upstream Version:
Embargoed:
lsvaty: needinfo? (jhakimra)
lsvaty: needinfo? (rhos-maint)

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 853607 0 None MERGED New role, replacing puppet-auditd 2022-11-14 10:06:58 UTC
OpenStack gerrit 853936 0 None MERGED Use the new tripleo_auditd ansible role instead of puppet 2022-11-14 10:06:58 UTC
OpenStack gerrit 853937 0 None MERGED tripleo_auditd: Clear unused default of tripleo_auditd_rules 2022-11-14 10:06:58 UTC
Red Hat Issue Tracker OSP-19139 0 None None None 2022-10-05 10:06:08 UTC

Description Stephane Vigan 2022-10-04 08:20:23 UTC 
Description of problem:

When using template /usr/share/openstack-tripleo-heat-templates/environments/auditd.yaml to an OSP16.2.2 deployment, it fails with error : 

Oct  4 07:28:24 overcloud-controller-0 puppet-user[841885]: Notice: /Stage[main]/Auditd/File[/etc/audit/rules.d/audit.rules]/ensure: removed
Oct  4 07:28:24 overcloud-controller-0 puppet-user[841885]: Error: Could not set 'file' on ensure: No such file or directory @ dir_s_mkdir - /etc/audisp/audispd.conf20221004-841884-163y6cl.lock (file: /etc/puppet/modules/auditd/manifests/init.pp, line: 503)
Oct  4 07:28:24 overcloud-controller-0 puppet-user[841885]: Error: Could not set 'file' on ensure: No such file or directory @ dir_s_mkdir - /etc/audisp/audispd.conf20221004-841884-163y6cl.lock (file: /etc/puppet/modules/auditd/manifests/init.pp, line: 503)
Oct  4 07:28:24 overcloud-controller-0 puppet-user[841885]: Wrapped exception:
Oct  4 07:28:24 overcloud-controller-0 puppet-user[841885]: No such file or directory @ dir_s_mkdir - /etc/audisp/audispd.conf20221004-841884-163y6cl.lock
Oct  4 07:28:24 overcloud-controller-0 puppet-user[841885]: Error: /Stage[main]/Auditd/File[/etc/audisp/audispd.conf]/ensure: change from 'absent' to 'file' failed: Could not set 'file' on ensure: No such file or directory @ dir_s_mkdir - /etc/audisp/audispd.conf20221004-841884-163y6cl.lock (file: /etc/puppet/modules/auditd/manifests/init.pp, line: 503)

Version-Release number of selected component (if applicable):

OSP 16.2.2
openstack-tripleo-heat-templates-11.6.1-2.20220116004912.el8ost.noarch
puppet-auditd-2.2.1-2.20220110212259.189b22b.el8ost.noarch


Based on https://access.redhat.com/solutions/3806561 audisp configuration in now part of auditd.conf.
Comment 2 Cédric Jeanneret 2022-11-14 10:06:59 UTC 
Hello there,

puppet-auditd isn't maintained anymore, and we switched to ansible. It will be in for the next zstream.

Cheers,

C.
Note You need to log in before you can comment on or make changes to this bug.