From 0141a51caf9c391aa8492a5d5ef4ba34e60d570b Mon Sep 17 00:00:00 2001
From: simicza <szilveszter.simicza@nokia.com>
Date: Wed, 7 Aug 2019 16:57:53 +0200
Subject: [PATCH] Audit log bugfix

Set 0700 permissions to the /var/log/audit/kube_apiserver directory.
Fix the number of audit log file countig process.  It needed a new task, which asks the size of the audit log disk.

Change-Id: I3be5a5ee0300d817e7faee1ab82587746d3f57f7
Signed-off-by: simicza <szilveszter.simicza@nokia.com>
---
 ansible/roles/kube_master/defaults/main.yaml | 4 ++--
 ansible/roles/kube_master/tasks/main.yml     | 5 +++++
 caas-kubernetes.spec                         | 2 +-
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/ansible/roles/kube_master/defaults/main.yaml b/ansible/roles/kube_master/defaults/main.yaml
index 6aeadaa..9e22c4d 100644
--- a/ansible/roles/kube_master/defaults/main.yaml
+++ b/ansible/roles/kube_master/defaults/main.yaml
@@ -40,8 +40,8 @@ apiserver_params:
   - "--apiserver-count={{ groups['caas_master']|length|int }}"
   - "--audit-policy-file={{ caas.caas_policy_directory }}/audit-policy.yaml"
   - "--audit-log-format=json"
-  - "--audit-log-maxbackup=10"
-  - "--audit-log-maxsize=100"
+  - "--audit-log-maxsize={{ caas.audit_log_file_size }}"
+  - "--audit-log-maxbackup={{ ((audit_disc_size.stdout|int*caas.caas_max_audit_size)/caas.audit_log_file_size)|int }}"
   - "--audit-log-path=/var/log/audit/kube_apiserver/kube-apiserver-audit.log"
   - "--authorization-mode=Node,RBAC"
   - "--bind-address={{ apiserver }}"
diff --git a/ansible/roles/kube_master/tasks/main.yml b/ansible/roles/kube_master/tasks/main.yml
index 49f7499..ae231e9 100644
--- a/ansible/roles/kube_master/tasks/main.yml
+++ b/ansible/roles/kube_master/tasks/main.yml
@@ -64,6 +64,7 @@
     owner: "{{ caas.uid.kube }}"
     group: "{{ caas.uid.kube }}"
     state: directory
+    mode: 0700
   become_user: "root"
 
 - name: create directory for audit policy
@@ -91,6 +92,10 @@
     - "{{ caas.uid.kube }}"
     - "{{ users.admin_user_name }}"
   become_user: "root"
+ 
+- name: Ask the audit log disc size
+  shell: df -BM --output=size,target | grep audit | awk '{print $1}' | tr -d 'M'
+  register: audit_disc_size
 
 - name: template apiserver
   vars:
diff --git a/caas-kubernetes.spec b/caas-kubernetes.spec
index 53a9e00..3834bd9 100644
--- a/caas-kubernetes.spec
+++ b/caas-kubernetes.spec
@@ -15,7 +15,7 @@
 %define COMPONENT kubernetes
 %define RPM_NAME caas-%{COMPONENT}
 %define RPM_MAJOR_VERSION 1.15.2
-%define RPM_MINOR_VERSION 1
+%define RPM_MINOR_VERSION 2
 %define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION}
 %define KUBERNETESPAUSE_VERSION 3.1
 
-- 
2.16.6