Re: [logging] Re: EFK logging stack: including the Kafka output plugin and the multiline aggregation plugin
Thanks for this! Will follow up in the PRs. On 08/20/2018 01:47 AM, Alessandro Menti wrote: Hi Rich And Louis, Please submit PRs against origin-aggregated-logging and openshift-ansible. Note that for origin-aggregated-logging we will require integration testing, which may require the installation of kafka by the test, and some form of documentation i.e. a markdown doc for the docs/ subdir. I have submitted the following PRs: * https://github.com/openshift/openshift-ansible/pull/9668 * https://github.com/openshift/origin-aggregated-logging/pull/1302 * https://github.com/openshift/openshift-docs/pull/11642 I have marked them as [WIP] as: - I still need to add integration testing; - the RPMs needed by the Fluentd image still need to be added upstream. As far as the RPMs go, we (Red Hat devs) would like to use your spec files as references in order to create the packages we deliver to our Red Hat customers, if they are available in a public repo with an appropriate open source license. SPECs and SRPMs are available at https://github.com/AlessandroMenti/openshift-kafka-for-fluentd-rpms for review. Note that I have added a few more packages than those required as I intend to submit a second set of PRs to enable Fluentd monitoring via Prometheus, the ones required are: - rubygem-fluent-plugin-concat - rubygem-fluent-plugin-kafka - rubygem-ltsv - rubygem-poseidon_cluster - rubygem-poseidon - rubygem-zk - rubygem-zookeeper Also note that, in many cases, I omitted checks because the prerequisites are not packaged in RHEL (I can do this, but it would require significant additional work). As for the license, I have obtained approval for the company I work at to release this work under an open source license - could the MIT license be fine (in line with the three spec files I adapted from the Fedora ones for three packages not included in these PRs, but present in the repo)? Regards, Alessandro Menti ___ dev mailing list dev@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
Re: Audit logs can be written
Thanks, Aleks. The first solution works fine. The second one seems a little bit odd IMHO. Have a nice week. -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017 2018-08-15 17:21 GMT-03:00 Aleksandar Lazic : > Hi. > > I'm pretty sure that the directory `/var/lib/origin/openpaas-oscp-audit` > does > not exist in the api container. > The line was copied from a rpm install in 3.7 for 3.10 > > You can adopt the path in the config or create directory > > Adopt path: > openshift_master_audit_config={"enabled": "true", "auditFilePath": > "/var/lib/origin/ocp-audit.log", "maximumFileRetentionDays": "14", > "maximumFileSizeMegabytes": "500", "maximumRetainedFiles": "5"} > > > Create directory: > > [root@master001 ~]# oc -n openshift-apiserver get po > > oc -n openshift-apiserver rsh ls -la /var/lib/origin/ > > I think you will need to create it in the api container. > oc -n openshift-apiserver rsh mkdir /var/lib/origin/openpaas-oscp- > audit/ > > Hth > Aleks > > Am 15.08.2018 um 12:02 schrieb Mateus Caruccio: > > Hi everyone. > > > > After a fresh install of OKD 3.10, I'm unable to properly save audit > logs into > > a host dir. The default path from the hosts.example [1] tries to write > into an > > unwriteable dir. > > > > What is the recommended solution for this? > > > > The /var/log/audit/audit.log file from the host: > > > > type=AVC msg=audit(1534326872.648:1703901): avc: denied { write } for > > pid=22634 comm="openshift" name="openpaas-oscp-audit" dev="xvda1" > ino=15097948 > > scontext=system_u:system_r:container_t:s0:c143,c334 > > tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=dir > > type=SYSCALL msg=audit(1534326872.648:1703901): arch=c03e > syscall=257 > > success=no exit=-13 a0=ff9c a1=c42ce61100 a2=80241 a3=1a4 > items=0 > > ppid=22624 pid=22634 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 > > sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="openshift" > > exe="/usr/bin/openshift" subj=system_u:system_r:container_t:s0:c143,c334 > > key=(null) > > type=PROCTITLE msg=audit(1534326872.648:1703901): > > proctitle=6F70656E7368696674007374617274006D617374657200617069002D2D63 > 6F6E6669673D2F6574632F6F726967696E2F6D61737465722F6D61737465 > 722D636F6E6669672E79616D6C002D2D6C6F676C6576656C3D31 > > > > And the logs of the API container > > > > E0815 09:52:21.826793 1 metrics.go:86] Error in audit plugin 'log' > > affecting 1 audit events: can't open new logfile: open > > /var/lib/origin/openpaas-oscp-audit/openpaas-oscp-audit.log: permission > denied > > Impacted events: > > 2018-08-15T09:52:21.826616689Z AUDIT: > > id="90c74b44-bbeb-495f-bb2b-543e2c1b23f1" stage="RequestReceived" > > ip="10.0.108.99" method="get" user="system:openshift-master" > > groups="\"system:masters\",\"system:openshift-master\",\" > system:authenticated\"" > > as="" asgroups="" namespace="openshift-web-console" > > uri="/api/v1/namespaces/openshift-web-console/ > configmaps/webconsole-config" > > response="" > > E0815 09:52:21.828096 1 metrics.go:86] Error in audit plugin 'log' > > affecting 1 audit events: can't open new logfile: open > > /var/lib/origin/openpaas-oscp-audit/openpaas-oscp-audit.log: permission > denied > > Impacted events: > > 2018-08-15T09:52:21.826616689Z AUDIT: > > id="90c74b44-bbeb-495f-bb2b-543e2c1b23f1" stage="ResponseComplete" > > ip="10.0.108.99" method="get" user="system:openshift-master" > > groups="\"system:masters\",\"system:openshift-master\",\" > system:authenticated\"" > > as="" asgroups="" namespace="openshift-web-console" > > uri="/api/v1/namespaces/openshift-web-console/ > configmaps/webconsole-config" > > response="404" > > > > > > > > [1] https://github.com/openshift/openshift-ansible/blob/ > 2e78bc99fdd240e8be653facb93118f1597e801f/inventory/hosts.example#L927 > > > > -- > > Mateus Caruccio / Master of Puppets > > GetupCloud.com > > We make the infrastructure invisible > > Gartner Cool Vendor 2017 > > > > > > ___ > > dev mailing list > > dev@lists.openshift.redhat.com > > http://lists.openshift.redhat.com/openshiftmm/listinfo/dev > > > ___ dev mailing list dev@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/dev