Bug 1862426: gather the audit logs for oauth apiserver #144
Conversation
openshift-ci-robot
added
the
size/M
There was a problem hiding this comment.
If we make these changes, we can close; #143 and work on merging this; once https://bugzilla.redhat.com/show_bug.cgi?id=1861746 is investigated and fixed.
| done | \ | ||
| xargs --max-args=4 --max-procs=45 bash -c \ | ||
| 'echo "INFO: Started downloading $4 from $3"; | ||
| oc adm node-logs $3 --path=$1/$4 | gzip > $2/$3-$4.gz; |
There was a problem hiding this comment.
Can you add --since ${SINCE_TIMEFRAME} to this?
There was a problem hiding this comment.
@sferich888 , I have added the --since parameter, but it doesn't seem to actually do anything.
There was a problem hiding this comment.
The --since parameter is only applied to journal logs. It it ignored for --path logs, which are simply served by an instance of http.FileServer.
There was a problem hiding this comment.
What other ways can we limit the collection?
Is an awk script needed?
#!/usr/bin/gawk -f BEGIN { starttime = mktime(starttime) endtime = mktime(endtime) } func in_range(n, start, end) { return start <= n && n < end } match($0, /^([0-9]{4})-([0-9]{2})-([0-9]{2})\s/, m) && in_range(mktime(m[1] " " m[2] " " m[3] " 00 00 00"),
There was a problem hiding this comment.
@sferich888 I think I can work something out, but as a followup.
There was a problem hiding this comment.
In others scripts I see the full path of command, like:/usr/bin/oc
collection-scripts/gather_audit_logs
Outdated
| # $2 - local output path | ||
| # $3 - node name | ||
| # $4 - log file name | ||
| paths=(openshift-apiserver kube-apiserver) |
|
@sanchezl we need to make sure we look into https://bugzilla.redhat.com/show_bug.cgi?id=1861746 |
|
@sanchezl also note RFE-309 is something that will be closed by this. |
sanchezl
force-pushed
the
patch-1
branch
3 times, most recently
from
f1354ae
to
73ce5db
Compare
sanchezl
changed the title
|
Waiting for openshift/origin#25369. |
|
/retets |
|
/retest |
1 similar comment
|
/retest |
|
/test e2e-aws |
|
/test-e2e-aws |
sanchezl
changed the title
|
@sanchezl: This pull request references Bugzilla bug 1862426, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci-robot
added
bugzilla/severity-high
|
/retest |
|
/retest |
|
/approve |
| @@ -41,9 +41,6 @@ done | |||
| # Gather etcd information | |||
| /usr/bin/gather_etcd | |||
|
|
|||
| # Collect System Audit Logs | |||
| /usr/bin/gather_audit_logs | |||
There was a problem hiding this comment.
you can't do this until the e2e test works.
There was a problem hiding this comment.
that e2e you're talking about already explicitly calls this script see https://github.com/openshift/origin/blob/1a83021f4dbc91de606a71d3a27cd80664aae26c/test/extended/cli/mustgather.go#L160 so it shouldn't block this PR
|
wait for openshift/origin#25493 to merge |
|
/test all need to see green tests including audit (not skipped) before merge. |
openshift-ci-robot
added
the
do-not-merge/hold
deads2k
added
approved
|
/test all Now that openshift/origin#25493 has merged. |
|
/hold cancel |
openshift-ci-robot
removed
the
do-not-merge/hold
|
/retest Please review the full test history for this PR and help us cut down flakes. |
1 similar comment
|
/retest Please review the full test history for this PR and help us cut down flakes. |
- simplified logic - added progress logging - also capture oauth-apiserver logs
|
[APPROVALNOTIFIER] This PR is APPROVED Approval requirements bypassed by manually added approval. This pull-request has been approved by: mfojtik, sanchezl, soltysh The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@sanchezl: All pull requests linked via external trackers have merged: Bugzilla bug 1862426 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
SINCE_TIMEFRAMEenv, defaulted to1w