From 46a39872507ac91a72a389f4f0241b3256a290bb Mon Sep 17 00:00:00 2001 From: simicza Date: Wed, 7 Aug 2019 15:18:46 +0200 Subject: [PATCH] Audit log bugfix Set 0700 to the /var/log/elasticsearch directory Add new parameter to set the seze of the audit log files: audit_log_file_size Change-Id: I7e45c035736dde28739f6c6a4878e1928b0f45cc --- SPECS/infra-charts.spec | 2 +- ansible/roles/pre_config_all/tasks/main.yml | 1 + cm_config/caas.yaml | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/SPECS/infra-charts.spec b/SPECS/infra-charts.spec index 4fac4e4..aeebbb6 100644 --- a/SPECS/infra-charts.spec +++ b/SPECS/infra-charts.spec @@ -15,7 +15,7 @@ %define COMPONENT infra-charts %define RPM_NAME caas-%{COMPONENT} %define RPM_MAJOR_VERSION 1.0.0 -%define RPM_MINOR_VERSION 22 +%define RPM_MINOR_VERSION 23 Name: %{RPM_NAME} Version: %{RPM_MAJOR_VERSION} diff --git a/ansible/roles/pre_config_all/tasks/main.yml b/ansible/roles/pre_config_all/tasks/main.yml index ce07505..98a3e8d 100644 --- a/ansible/roles/pre_config_all/tasks/main.yml +++ b/ansible/roles/pre_config_all/tasks/main.yml @@ -138,6 +138,7 @@ owner: "{{ caas.uid.elasticsearch }}" group: "{{ caas.uid.elasticsearch }}" state: directory + mode: 0700 become_user: "root" when: (nodetype is defined) and (nodetype | search('caas_master')) diff --git a/cm_config/caas.yaml b/cm_config/caas.yaml index 521e37a..6f1d784 100644 --- a/cm_config/caas.yaml +++ b/cm_config/caas.yaml @@ -74,6 +74,7 @@ danmnet_default_network_id: flannel danmnet_default_network_type: flannel caas_chart_path: "{{ caas_base_directory }}/infra-charts" caas_policy_directory: "{{ caas_base_directory }}/policies" +audit_log_file_size: 100 kubernetes_service_url: kubernetes.default.svc prometheus_port: 9090 prometheus_url: prometheus.kube-system.svc.{{ dns_domain }} -- 2.16.6