KinD providers: Mount the host audit logs dir to cluster nodes #716

ormergi · 2021-12-02T14:13:22Z

On Kubevirt test suite we dump various cluster object
stats, guest VM and cluster nodes logs, including auditd logs.
Currently we can't dump the audit log for KinD providers
since the cluster nodes are containers (no auditd).

In order to have audit log on KinD providers as well it
is necessary to mount the host /var/log/audit to the
cluster nodes.

Then on a test failure we will get the audit log for
the time the test were running.

Hopefully this PR will help resolving kubevirt/kubevirt#6771 and kubevirt/kubevirt#6776 as well

Signed-off-by: Or Mergi ormergi@redhat.com

On Kubevirt test suite we dump various cluster object stats, guest VM and cluster nodes logs, including auditd logs. Currently we can't dump the audit log for KinD providers since the cluster nodes are containers (no auditd). In order to have audit log on KinD providers as well it is necessary to mount the host /var/log/audit to the cluster nodes. Then on a test failure we will get the audit log for the time the test were running. Signed-off-by: Or Mergi <ormergi@redhat.com>

ormergi · 2021-12-02T14:13:31Z

/cc @qinqon

ormergi · 2021-12-05T07:52:10Z

/cc @enp0s3

usrbinkat · 2021-12-15T15:36:46Z

/cc @vladikr

vladikr · 2021-12-15T15:53:39Z

Looks good to me, thanks @ormergi
/approve
/lgtm

kubevirt-bot · 2021-12-15T15:53:46Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: vladikr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [vladikr]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

kubevirt-commenter-bot · 2021-12-15T22:41:48Z

/retest
This bot automatically retries jobs that failed/flaked on approved PRs.
Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

ormergi · 2021-12-16T09:22:16Z

Thank you 🙂

rmohr · 2021-12-16T09:30:31Z

cluster-up/cluster/kind/common.sh

+  cat <<EOF >> ${KUBEVIRTCI_CONFIG_PATH}/$KUBEVIRT_PROVIDER/kind.yaml
+  extraMounts:
+  - containerPath: /var/log/audit
+    hostPath: /var/log/audit


Can we verify that this is a read-only mount? Let's play safe.

My bad, I thought read only was the default
I fixed it here #724

[a307ad0 KinD providers: Mount /var/log/audit to cluster nodes](kubevirt/kubevirtci#716) [85dc9d9 CI-cluster swap support](kubevirt/kubevirtci#723) [aa8c20b k8s-1.22-ipv6, Create single stack ipv6 k8s-1.22 provider](kubevirt/kubevirtci#721) ```release-note NONE ``` Signed-off-by: kubevirt-bot <kubevirtbot@redhat.com>

[d2edfe6 KinD providers: Mount audit logs as read-only](kubevirt/kubevirtci#724) [a307ad0 KinD providers: Mount /var/log/audit to cluster nodes](kubevirt/kubevirtci#716) [85dc9d9 CI-cluster swap support](kubevirt/kubevirtci#723) [aa8c20b k8s-1.22-ipv6, Create single stack ipv6 k8s-1.22 provider](kubevirt/kubevirtci#721) ```release-note NONE ``` Signed-off-by: kubevirt-bot <kubevirtbot@redhat.com>

kubevirt-bot added the dco-signoff: yes Indicates the PR's author has DCO signed all their commits. label Dec 2, 2021

kubevirt-bot requested review from jean-edouard and phoracek December 2, 2021 14:13

kubevirt-bot requested a review from qinqon December 2, 2021 14:13

kubevirt-bot added the size/XS label Dec 2, 2021

kubevirt-bot requested a review from enp0s3 December 5, 2021 07:52

kubevirt-bot requested a review from vladikr December 15, 2021 15:36

kubevirt-bot assigned vladikr Dec 15, 2021

kubevirt-bot added the lgtm Indicates that a PR is ready to be merged. label Dec 15, 2021

kubevirt-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 15, 2021

kubevirt-bot merged commit a307ad0 into kubevirt:main Dec 16, 2021

rmohr reviewed Dec 16, 2021

View reviewed changes

ormergi mentioned this pull request Dec 16, 2021

KinD providers: Mount audit logs as read-only #724

Merged

kubevirt-bot mentioned this pull request Dec 16, 2021

Bump kubevirtci kubevirt/kubevirt#6961

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

KinD providers: Mount the host audit logs dir to cluster nodes #716

KinD providers: Mount the host audit logs dir to cluster nodes #716

ormergi commented Dec 2, 2021 •

edited

Loading

ormergi commented Dec 2, 2021

ormergi commented Dec 5, 2021

usrbinkat commented Dec 15, 2021

vladikr commented Dec 15, 2021

kubevirt-bot commented Dec 15, 2021

kubevirt-commenter-bot commented Dec 15, 2021

ormergi commented Dec 16, 2021

rmohr Dec 16, 2021

ormergi Dec 16, 2021

KinD providers: Mount the host audit logs dir to cluster nodes #716

KinD providers: Mount the host audit logs dir to cluster nodes #716

Conversation

ormergi commented Dec 2, 2021 • edited Loading

ormergi commented Dec 2, 2021

ormergi commented Dec 5, 2021

usrbinkat commented Dec 15, 2021

vladikr commented Dec 15, 2021

kubevirt-bot commented Dec 15, 2021

kubevirt-commenter-bot commented Dec 15, 2021

ormergi commented Dec 16, 2021

rmohr Dec 16, 2021

Choose a reason for hiding this comment

ormergi Dec 16, 2021

Choose a reason for hiding this comment

ormergi commented Dec 2, 2021 •

edited

Loading