Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2217952

Summary: "unable to send audit message" messages are logged during undercloud deployment for aodh_db_sync and neutron_db_sync
Product: Red Hat OpenStack Reporter: Cédric Jeanneret <cjeanner>
Component: openstack-tripleo-heat-templatesAssignee: OSP Team <rhos-maint>
Status: CLOSED ERRATA QA Contact: Joe H. Rahme <jhakimra>
Severity: medium Docs Contact:
Priority: medium    
Version: 17.1 (Wallaby)CC: astupnik, mburns
Target Milestone: z2Keywords: Triaged
Target Release: 17.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-14.3.1-17.1.20231027003740.8a20da5.el8ost Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-01-16 14:36:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Cédric Jeanneret 2023-06-27 15:30:20 UTC 
This bug was initially created as a copy of Bug #2217889

I am copying this bug because: 
We need to get proper backport of the audit write capability patch.


Description of problem:

It looks like symptoms similar to upstream bugs https://bugs.launchpad.net/tripleo/+bug/1989247 and https://bugs.launchpad.net/tripleo/+bug/1942076 are reproduced in RHOSP 17.0:

Jun 19 20:03:24 director ansible-tripleo_container_manage[23525]: [WARNING] ERROR: Can't run container aodh_db_sync#012stderr: + sudo -E kolla_set_configs#012sudo: unable to send audit message: Operation not permitted
Jun 19 20:05:33 director ansible-tripleo_container_manage[23525]: [WARNING] ERROR: Can't run container neutron_db_sync#012stderr: + sudo -E kolla_set_configs#012sudo: unable to send audit message: Operation not permitted

From upstream's bug description it looks like it was a blocker for upstream. For customer's RHOSP 17.0 deployment it was cosmetic problem which didn't break anything. But it is misleading.


Version-Release number of selected component (if applicable):
python3-tripleoclient-16.5.1-0.20221207110335.23dbe54.el9ost.noarch


How reproducible:
Run undercloud deployment command for RHOSP 17.0


Actual results:
"sudo: unable to send audit message: Operation not permitted" errors are logged

Expected results:
"sudo: unable to send audit message: Operation not permitted" errors are not logged
Comment 1 Takashi Kajinami 2023-07-03 09:19:18 UTC 
We later noticed podman 3.0 in CentOS8/RHEL8 does not contain https://github.com/containers/podman/pull/13744/commits/1cd529b22d40205c1f3246ed49f07e3615cf8292
thus does not allow using both privileged and cap add at the same time.

Because of this nova_migration_target container is not able to start in CentOS 8.
As a quick fix we decided to exclude this specific container.

If anyone find actual problems caused by the warning coming from nova_migration_target,
that needs further investigation mainly from nova's perspective. (We probably need to
check whether the container requires requires priviledge or not, first)
Comment 15 errata-xmlrpc 2024-01-16 14:36:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 17.1.2 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2024:0185