-
Notifications
You must be signed in to change notification settings - Fork 119
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KinD providers: Mount the host audit logs dir to cluster nodes #716
Conversation
On Kubevirt test suite we dump various cluster object stats, guest VM and cluster nodes logs, including auditd logs. Currently we can't dump the audit log for KinD providers since the cluster nodes are containers (no auditd). In order to have audit log on KinD providers as well it is necessary to mount the host /var/log/audit to the cluster nodes. Then on a test failure we will get the audit log for the time the test were running. Signed-off-by: Or Mergi <ormergi@redhat.com>
/cc @qinqon |
/cc @enp0s3 |
/cc @vladikr |
Looks good to me, thanks @ormergi |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: vladikr The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest |
Thank you 🙂 |
cat <<EOF >> ${KUBEVIRTCI_CONFIG_PATH}/$KUBEVIRT_PROVIDER/kind.yaml | ||
extraMounts: | ||
- containerPath: /var/log/audit | ||
hostPath: /var/log/audit |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we verify that this is a read-only mount? Let's play safe.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My bad, I thought read only was the default
I fixed it here #724
[a307ad0 KinD providers: Mount /var/log/audit to cluster nodes](kubevirt/kubevirtci#716) [85dc9d9 CI-cluster swap support](kubevirt/kubevirtci#723) [aa8c20b k8s-1.22-ipv6, Create single stack ipv6 k8s-1.22 provider](kubevirt/kubevirtci#721) ```release-note NONE ``` Signed-off-by: kubevirt-bot <kubevirtbot@redhat.com>
[d2edfe6 KinD providers: Mount audit logs as read-only](kubevirt/kubevirtci#724) [a307ad0 KinD providers: Mount /var/log/audit to cluster nodes](kubevirt/kubevirtci#716) [85dc9d9 CI-cluster swap support](kubevirt/kubevirtci#723) [aa8c20b k8s-1.22-ipv6, Create single stack ipv6 k8s-1.22 provider](kubevirt/kubevirtci#721) ```release-note NONE ``` Signed-off-by: kubevirt-bot <kubevirtbot@redhat.com>
[d2edfe6 KinD providers: Mount audit logs as read-only](kubevirt/kubevirtci#724) [a307ad0 KinD providers: Mount /var/log/audit to cluster nodes](kubevirt/kubevirtci#716) [85dc9d9 CI-cluster swap support](kubevirt/kubevirtci#723) [aa8c20b k8s-1.22-ipv6, Create single stack ipv6 k8s-1.22 provider](kubevirt/kubevirtci#721) ```release-note NONE ``` Signed-off-by: kubevirt-bot <kubevirtbot@redhat.com>
[d2edfe6 KinD providers: Mount audit logs as read-only](kubevirt/kubevirtci#724) [a307ad0 KinD providers: Mount /var/log/audit to cluster nodes](kubevirt/kubevirtci#716) [85dc9d9 CI-cluster swap support](kubevirt/kubevirtci#723) [aa8c20b k8s-1.22-ipv6, Create single stack ipv6 k8s-1.22 provider](kubevirt/kubevirtci#721) ```release-note NONE ``` Signed-off-by: kubevirt-bot <kubevirtbot@redhat.com>
[d2edfe6 KinD providers: Mount audit logs as read-only](kubevirt/kubevirtci#724) [a307ad0 KinD providers: Mount /var/log/audit to cluster nodes](kubevirt/kubevirtci#716) [85dc9d9 CI-cluster swap support](kubevirt/kubevirtci#723) [aa8c20b k8s-1.22-ipv6, Create single stack ipv6 k8s-1.22 provider](kubevirt/kubevirtci#721) ```release-note NONE ``` Signed-off-by: kubevirt-bot <kubevirtbot@redhat.com>
[d2edfe6 KinD providers: Mount audit logs as read-only](kubevirt/kubevirtci#724) [a307ad0 KinD providers: Mount /var/log/audit to cluster nodes](kubevirt/kubevirtci#716) [85dc9d9 CI-cluster swap support](kubevirt/kubevirtci#723) [aa8c20b k8s-1.22-ipv6, Create single stack ipv6 k8s-1.22 provider](kubevirt/kubevirtci#721) ```release-note NONE ``` Signed-off-by: kubevirt-bot <kubevirtbot@redhat.com>
[d2edfe6 KinD providers: Mount audit logs as read-only](kubevirt/kubevirtci#724) [a307ad0 KinD providers: Mount /var/log/audit to cluster nodes](kubevirt/kubevirtci#716) [85dc9d9 CI-cluster swap support](kubevirt/kubevirtci#723) [aa8c20b k8s-1.22-ipv6, Create single stack ipv6 k8s-1.22 provider](kubevirt/kubevirtci#721) ```release-note NONE ``` Signed-off-by: kubevirt-bot <kubevirtbot@redhat.com>
On Kubevirt test suite we dump various cluster object
stats, guest VM and cluster nodes logs, including auditd logs.
Currently we can't dump the audit log for KinD providers
since the cluster nodes are containers (no auditd).
In order to have audit log on KinD providers as well it
is necessary to mount the host /var/log/audit to the
cluster nodes.
Then on a test failure we will get the audit log for
the time the test were running.
Hopefully this PR will help resolving kubevirt/kubevirt#6771 and kubevirt/kubevirt#6776 as well
Signed-off-by: Or Mergi ormergi@redhat.com