Thanks, Aleks. The first solution works fine. The second one seems a little bit odd IMHO. Have a nice week.
-- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 2018-08-15 17:21 GMT-03:00 Aleksandar Lazic <[email protected]>: > Hi. > > I'm pretty sure that the directory `/var/lib/origin/openpaas-oscp-audit` > does > not exist in the api container. > The line was copied from a rpm install in 3.7 for 3.10 > > You can adopt the path in the config or create directory > > Adopt path: > openshift_master_audit_config={"enabled": "true", "auditFilePath": > "/var/lib/origin/ocp-audit.log", "maximumFileRetentionDays": "14", > "maximumFileSizeMegabytes": "500", "maximumRetainedFiles": "5"} > > > Create directory: > > [root@master001 ~]# oc -n openshift-apiserver get po > > oc -n openshift-apiserver rsh <POD> ls -la /var/lib/origin/ > > I think you will need to create it in the api container. > oc -n openshift-apiserver rsh <POD> mkdir /var/lib/origin/openpaas-oscp- > audit/ > > Hth > Aleks > > Am 15.08.2018 um 12:02 schrieb Mateus Caruccio: > > Hi everyone. > > > > After a fresh install of OKD 3.10, I'm unable to properly save audit > logs into > > a host dir. The default path from the hosts.example [1] tries to write > into an > > unwriteable dir. > > > > What is the recommended solution for this? > > > > The /var/log/audit/audit.log file from the host: > > > > type=AVC msg=audit(1534326872.648:1703901): avc: denied { write } for > > pid=22634 comm="openshift" name="openpaas-oscp-audit" dev="xvda1" > ino=15097948 > > scontext=system_u:system_r:container_t:s0:c143,c334 > > tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=dir > > type=SYSCALL msg=audit(1534326872.648:1703901): arch=c000003e > syscall=257 > > success=no exit=-13 a0=ffffffffffffff9c a1=c42ce61100 a2=80241 a3=1a4 > items=0 > > ppid=22624 pid=22634 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 > > sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="openshift" > > exe="/usr/bin/openshift" subj=system_u:system_r:container_t:s0:c143,c334 > > key=(null) > > type=PROCTITLE msg=audit(1534326872.648:1703901): > > proctitle=6F70656E7368696674007374617274006D617374657200617069002D2D63 > 6F6E6669673D2F6574632F6F726967696E2F6D61737465722F6D61737465 > 722D636F6E6669672E79616D6C002D2D6C6F676C6576656C3D31 > > > > And the logs of the API container > > > > E0815 09:52:21.826793 1 metrics.go:86] Error in audit plugin 'log' > > affecting 1 audit events: can't open new logfile: open > > /var/lib/origin/openpaas-oscp-audit/openpaas-oscp-audit.log: permission > denied > > Impacted events: > > 2018-08-15T09:52:21.826616689Z AUDIT: > > id="90c74b44-bbeb-495f-bb2b-543e2c1b23f1" stage="RequestReceived" > > ip="10.0.108.99" method="get" user="system:openshift-master" > > groups="\"system:masters\",\"system:openshift-master\",\" > system:authenticated\"" > > as="<self>" asgroups="<lookup>" namespace="openshift-web-console" > > uri="/api/v1/namespaces/openshift-web-console/ > configmaps/webconsole-config" > > response="<deferred>" > > E0815 09:52:21.828096 1 metrics.go:86] Error in audit plugin 'log' > > affecting 1 audit events: can't open new logfile: open > > /var/lib/origin/openpaas-oscp-audit/openpaas-oscp-audit.log: permission > denied > > Impacted events: > > 2018-08-15T09:52:21.826616689Z AUDIT: > > id="90c74b44-bbeb-495f-bb2b-543e2c1b23f1" stage="ResponseComplete" > > ip="10.0.108.99" method="get" user="system:openshift-master" > > groups="\"system:masters\",\"system:openshift-master\",\" > system:authenticated\"" > > as="<self>" asgroups="<lookup>" namespace="openshift-web-console" > > uri="/api/v1/namespaces/openshift-web-console/ > configmaps/webconsole-config" > > response="404" > > > > > > > > [1] https://github.com/openshift/openshift-ansible/blob/ > 2e78bc99fdd240e8be653facb93118f1597e801f/inventory/hosts.example#L927 > > > > -- > > Mateus Caruccio / Master of Puppets > > GetupCloud.com > > We make the infrastructure invisible > > Gartner Cool Vendor 2017 > > > > > > _______________________________________________ > > dev mailing list > > [email protected] > > http://lists.openshift.redhat.com/openshiftmm/listinfo/dev > > >
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
