Re: [Spacewalk-devel] Remove audit review cruft from spacewalk-setup
On Wed, Mar 31, 2010 at 04:24:01PM -0400, Joshua Roys wrote: OK- that sounds good. I'll write up a patch tomorrow or Friday to move it over. It will probably be something like /var/spacewalk/systemlogs. Do you have any recommendations on how to handle upgrades? Some options: - just make a release note about it, nothing else - have a %post script move the directory (gross!) - drop a line in rhn.conf pointing the audit code to /var/satellite/systemlogs from a %post - have the code look in both (also gross) My order of rpeference would be 1, 2, 3, 4. ;-) -- Jan Pazdziora Principal Software Engineer, Satellite Engineering, Red Hat ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] Remove audit review cruft from spacewalk-setup
On Tue, Mar 30, 2010 at 08:29:45AM -0400, Joshua Roys wrote: The main purpose of the systemlogs directory is to contain various logs from systems (namely the audit.log files) and the audit-review.log record-keeping file. I decided yesterday to have the default be /var/satellite/systemlogs irrespective of the 'mount_point' variable. The two reasons behind this are: - the AuditManager class uses a different variable, web.audit.logdir, to find the systemlogs directory. - when users would paste their spacewalk-setup output for help on spacewalk-list, I kept seeing chown errors; the directory /needs/ to be owned by tomcat now, and if spacewalk-setup made the directory but failed the chown, the audit code wouldn't be happy without manual intervention. This way, it can be assumed that everything is setup as needed- although moving the systemlogs directory would require a bit of knowledge at this point. Two things come out of this: first, I should probably write an spacewalk-audit-setup script, or somesuch, to facilitate moving the directory around and setting up various things. Secondly, and more long-term, I think it would be nice to have the audit records optionally be in the database (I say optionally because of the 4G limit of XE - but hopefully the psql port will eventually take care of that). What do you think? Do you agree? Or was it better how it was before? The problem is: traditionally, /var/satellite as the default values of the mount point was never maintained by the rpm database. There are use cases where people mount the /var/satellite over NFS or share among Satellites, etc. By now putting the rpm-managed /var/satellite/systemlogs directory there, I fear we might experience bad side-effects. I'm not opposed to having the directory for systemlogs rpm-managed, I'd just like it to be different directory than something withing the default mount point path. Maybe /var/spacewalk or /var/rhn or something similar? -- Jan Pazdziora Principal Software Engineer, Satellite Engineering, Red Hat ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] Remove audit review cruft from spacewalk-setup
On 03/31/2010 03:17 AM, Jan Pazdziora wrote: The problem is: traditionally, /var/satellite as the default values of the mount point was never maintained by the rpm database. There are use cases where people mount the /var/satellite over NFS or share among Satellites, etc. By now putting the rpm-managed /var/satellite/systemlogs directory there, I fear we might experience bad side-effects. I'm not opposed to having the directory for systemlogs rpm-managed, I'd just like it to be different directory than something withing the default mount point path. Maybe /var/spacewalk or /var/rhn or something similar? OK- that sounds good. I'll write up a patch tomorrow or Friday to move it over. It will probably be something like /var/spacewalk/systemlogs. Do you have any recommendations on how to handle upgrades? Some options: - just make a release note about it, nothing else - have a %post script move the directory (gross!) - drop a line in rhn.conf pointing the audit code to /var/satellite/systemlogs from a %post - have the code look in both (also gross) Thanks, Josh smime.p7s Description: S/MIME Cryptographic Signature ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] Remove audit review cruft from spacewalk-setup
On Mon, Mar 29, 2010 at 06:48:06PM +, Joshua Roys wrote: java/spacewalk-java.spec|2 +- spacewalk/setup/bin/spacewalk-setup |6 -- 2 files changed, 1 insertion(+), 7 deletions(-) New commits: commit b77ae909987391ab6ce1c37bad1e20b2da46edbd Author: Joshua Roys joshua.r...@gtri.gatech.edu Date: Mon Mar 29 14:35:20 2010 -0400 Remove audit review cruft from spacewalk-setup Rely on RPM %files and the O_CREAT behavior of FileWriter to create our systemlogs directory and audit-review.log file. diff --git a/java/spacewalk-java.spec b/java/spacewalk-java.spec index 7cc0a09..c74fdfc 100644 --- a/java/spacewalk-java.spec +++ b/java/spacewalk-java.spec @@ -281,7 +281,7 @@ fi %config(noreplace) %{_sysconfdir}/tomcat6/Catalina/localhost/rhn.xml %endif %{realcobsnippetsdir}/spacewalk -%attr(755, apache, root) %{_var}/satellite/systemlogs +%attr(755, tomcat, root) %{_var}/satellite/systemlogs %ghost %attr(644, tomcat, root) %{_var}/satellite/systemlogs/audit-review.log %files -n spacewalk-taskomatic diff --git a/spacewalk/setup/bin/spacewalk-setup b/spacewalk/setup/bin/spacewalk-setup index 957ee66..868c42f 100755 --- a/spacewalk/setup/bin/spacewalk-setup +++ b/spacewalk/setup/bin/spacewalk-setup @@ -108,15 +108,9 @@ print Spacewalk::Setup::loc(* Performing initial configuration.\n); my $config_opts = populate_initial_configs(\%opts, \%answers); mkdir_mount_points($config_opts-{'mount_point'}, $config_opts-{'mount_point'} . '/redhat', - $config_opts-{'mount_point'} . '/systemlogs', $config_opts-{'kickstart_mount_point'}); setup_sudoers(\%opts, \%answers); -my $aurev_fn = $config_opts-{'mount_point'} . '/systemlogs/audit-review.log'; -qx(touch $aurev_fn); -qx(chown tomcat $aurev_fn); -qx(chattr +a $aurev_fn); - Joshua, what is the general intent behind the systemlogs directory? Is it indeed supposed in the '/var/satellite' directory, no matter where the mount point of /var/satellite is? In other words, are you intending to have the audit-review.log in /var/satellite/systemlogs, even if the .rpms are say in /data/satellite/redhat? -- Jan Pazdziora Principal Software Engineer, Satellite Engineering, Red Hat ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] Remove audit review cruft from spacewalk-setup
On 03/30/2010 05:02 AM, Jan Pazdziora wrote: -%attr(755, apache, root) %{_var}/satellite/systemlogs +%attr(755, tomcat, root) %{_var}/satellite/systemlogs %ghost %attr(644, tomcat, root) %{_var}/satellite/systemlogs/audit-review.log %files -n spacewalk-taskomatic diff --git a/spacewalk/setup/bin/spacewalk-setup b/spacewalk/setup/bin/spacewalk-setup index 957ee66..868c42f 100755 --- a/spacewalk/setup/bin/spacewalk-setup +++ b/spacewalk/setup/bin/spacewalk-setup @@ -108,15 +108,9 @@ print Spacewalk::Setup::loc(* Performing initial configuration.\n); my $config_opts = populate_initial_configs(\%opts, \%answers); mkdir_mount_points($config_opts-{'mount_point'}, $config_opts-{'mount_point'} . '/redhat', - $config_opts-{'mount_point'} . '/systemlogs', $config_opts-{'kickstart_mount_point'}); setup_sudoers(\%opts, \%answers); Joshua, what is the general intent behind the systemlogs directory? Is it indeed supposed in the '/var/satellite' directory, no matter where the mount point of /var/satellite is? In other words, are you intending to have the audit-review.log in /var/satellite/systemlogs, even if the .rpms are say in /data/satellite/redhat? Jan, The main purpose of the systemlogs directory is to contain various logs from systems (namely the audit.log files) and the audit-review.log record-keeping file. I decided yesterday to have the default be /var/satellite/systemlogs irrespective of the 'mount_point' variable. The two reasons behind this are: - the AuditManager class uses a different variable, web.audit.logdir, to find the systemlogs directory. - when users would paste their spacewalk-setup output for help on spacewalk-list, I kept seeing chown errors; the directory /needs/ to be owned by tomcat now, and if spacewalk-setup made the directory but failed the chown, the audit code wouldn't be happy without manual intervention. This way, it can be assumed that everything is setup as needed- although moving the systemlogs directory would require a bit of knowledge at this point. Two things come out of this: first, I should probably write an spacewalk-audit-setup script, or somesuch, to facilitate moving the directory around and setting up various things. Secondly, and more long-term, I think it would be nice to have the audit records optionally be in the database (I say optionally because of the 4G limit of XE - but hopefully the psql port will eventually take care of that). What do you think? Do you agree? Or was it better how it was before? Thanks! Josh ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel