Re: [Spacewalk-devel] Remove audit review cruft from spacewalk-setup

2010-03-30 Thread Jan Pazdziora 
On Mon, Mar 29, 2010 at 06:48:06PM +, Joshua Roys wrote:
  java/spacewalk-java.spec|2 +-
  spacewalk/setup/bin/spacewalk-setup |6 --
  2 files changed, 1 insertion(+), 7 deletions(-)
 
 New commits:
 commit b77ae909987391ab6ce1c37bad1e20b2da46edbd
 Author: Joshua Roys joshua.r...@gtri.gatech.edu
 Date:   Mon Mar 29 14:35:20 2010 -0400
 
 Remove audit review cruft from spacewalk-setup
 
 Rely on RPM %files and the O_CREAT behavior of FileWriter to create
 our systemlogs directory and audit-review.log file.
 
 diff --git a/java/spacewalk-java.spec b/java/spacewalk-java.spec
 index 7cc0a09..c74fdfc 100644
 --- a/java/spacewalk-java.spec
 +++ b/java/spacewalk-java.spec
 @@ -281,7 +281,7 @@ fi
  %config(noreplace) %{_sysconfdir}/tomcat6/Catalina/localhost/rhn.xml
  %endif
  %{realcobsnippetsdir}/spacewalk
 -%attr(755, apache, root) %{_var}/satellite/systemlogs
 +%attr(755, tomcat, root) %{_var}/satellite/systemlogs
  %ghost %attr(644, tomcat, root) %{_var}/satellite/systemlogs/audit-review.log
  
  %files -n spacewalk-taskomatic
 diff --git a/spacewalk/setup/bin/spacewalk-setup 
 b/spacewalk/setup/bin/spacewalk-setup
 index 957ee66..868c42f 100755
 --- a/spacewalk/setup/bin/spacewalk-setup
 +++ b/spacewalk/setup/bin/spacewalk-setup
 @@ -108,15 +108,9 @@ print Spacewalk::Setup::loc(* Performing initial 
 configuration.\n);
  my $config_opts = populate_initial_configs(\%opts, \%answers);
  mkdir_mount_points($config_opts-{'mount_point'},
   $config_opts-{'mount_point'} . '/redhat',
 - $config_opts-{'mount_point'} . '/systemlogs',
   $config_opts-{'kickstart_mount_point'});
  setup_sudoers(\%opts, \%answers);
  
 -my $aurev_fn = $config_opts-{'mount_point'} . 
 '/systemlogs/audit-review.log';
 -qx(touch $aurev_fn);
 -qx(chown tomcat $aurev_fn);
 -qx(chattr +a $aurev_fn);
 -

Joshua,

what is the general intent behind the systemlogs directory? Is it
indeed supposed in the '/var/satellite' directory, no matter where
the mount point of /var/satellite is?

In other words, are you intending to have the audit-review.log in
/var/satellite/systemlogs, even if the .rpms are say in
/data/satellite/redhat?

-- 
Jan Pazdziora
Principal Software Engineer, Satellite Engineering, Red Hat

___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel

Re: [Spacewalk-devel] Remove audit review cruft from spacewalk-setup

2010-03-30 Thread Joshua Roys 

On 03/30/2010 05:02 AM, Jan Pazdziora wrote:

-%attr(755, apache, root) %{_var}/satellite/systemlogs
+%attr(755, tomcat, root) %{_var}/satellite/systemlogs
  %ghost %attr(644, tomcat, root) %{_var}/satellite/systemlogs/audit-review.log

  %files -n spacewalk-taskomatic
diff --git a/spacewalk/setup/bin/spacewalk-setup 
b/spacewalk/setup/bin/spacewalk-setup
index 957ee66..868c42f 100755
--- a/spacewalk/setup/bin/spacewalk-setup
+++ b/spacewalk/setup/bin/spacewalk-setup
@@ -108,15 +108,9 @@ print Spacewalk::Setup::loc(* Performing initial 
configuration.\n);
  my $config_opts = populate_initial_configs(\%opts, \%answers);
  mkdir_mount_points($config_opts-{'mount_point'},
$config_opts-{'mount_point'} . '/redhat',
-   $config_opts-{'mount_point'} . '/systemlogs',
$config_opts-{'kickstart_mount_point'});
  setup_sudoers(\%opts, \%answers);



Joshua,

what is the general intent behind the systemlogs directory? Is it
indeed supposed in the '/var/satellite' directory, no matter where
the mount point of /var/satellite is?

In other words, are you intending to have the audit-review.log in
/var/satellite/systemlogs, even if the .rpms are say in
/data/satellite/redhat?



Jan,

The main purpose of the systemlogs directory is to contain various logs 
from systems (namely the audit.log files) and the audit-review.log 
record-keeping file.  I decided yesterday to have the default be 
/var/satellite/systemlogs irrespective of the 'mount_point' variable. 
The two reasons behind this are:
 - the AuditManager class uses a different variable, web.audit.logdir, 
to find the systemlogs directory.
 - when users would paste their spacewalk-setup output for help on 
spacewalk-list, I kept seeing chown errors; the directory /needs/ to be 
owned by tomcat now, and if spacewalk-setup made the directory but 
failed the chown, the audit code wouldn't be happy without manual 
intervention.


This way, it can be assumed that everything is setup as needed- although 
moving the systemlogs directory would require a bit of knowledge at this 
point.  Two things come out of this: first, I should probably write an 
spacewalk-audit-setup script, or somesuch, to facilitate moving the 
directory around and setting up various things.  Secondly, and more 
long-term, I think it would be nice to have the audit records optionally 
be in the database (I say optionally because of the 4G limit of XE - but 
hopefully the psql port will eventually take care of that).


What do you think?  Do you agree?  Or was it better how it was before?

Thanks!

Josh

___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel