From 4eb455aa287155646f78a4621365b37f9df30793 Mon Sep 17 00:00:00 2001 From: Kashyap Chamarthy Date: Fri, 22 Feb 2019 20:11:35 +0100 Subject: [PATCH] Capture the content of 'audit.log' file On CentOS/ Fedora machines, this can be useful when QEMU silently fails to start up due to SELinux denials. For Debian-based machines, which use AppAromor, DevStack already captures the output of 'kern.log' (via `journalctl -t kernel` redirected into 'syslog.txt.gz'). Change-Id: I231b22664f0944b905e00568759785615a1d47c3 Acked-by: Clark Bolyan Signed-off-by: Kashyap Chamarthy --- .zuul.yaml | 1 + roles/capture-system-logs/tasks/main.yaml | 11 +++++++++++ 2 files changed, 12 insertions(+) diff --git a/.zuul.yaml b/.zuul.yaml index afe400e1a4..8ede2fce80 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -218,6 +218,7 @@ '{{ stage_dir }}/core': logs '{{ stage_dir }}/listen53.txt': logs '{{ stage_dir }}/deprecations.log': logs + '{{ stage_dir }}/audit.log': logs /var/log/ceph: logs /var/log/openvswitch: logs /var/log/glusterfs: logs diff --git a/roles/capture-system-logs/tasks/main.yaml b/roles/capture-system-logs/tasks/main.yaml index de4f8eda08..905806d529 100644 --- a/roles/capture-system-logs/tasks/main.yaml +++ b/roles/capture-system-logs/tasks/main.yaml @@ -19,6 +19,17 @@ rpm -qa | sort > {{ stage_dir }}/rpm-qa.txt fi + # NOTE(kchamart) The 'audit.log' can be useful in cases when QEMU + # failed to start due to denials from SELinux — useful for CentOS + # and Fedora machines. For Ubuntu (which runs AppArmor), DevStack + # already captures the contents of /var/log/kern.log (via + # `journalctl -t kernel` redirected into syslog.txt.gz), which + # contains AppArmor-related messages. + if [ -f /var/log/audit/audit.log ] ; then + sudo cp /var/log/audit/audit.log {{stage_dir }}/audit.log && + chmod +r {{ stage_dir }}/audit.log; + fi + # gzip and save any coredumps in /var/core if [ -d /var/core ]; then sudo gzip -r /var/core