Sahina Bose has uploaded a new change for review. Change subject: engine: Log when host in permissive mode with gluster ......................................................................
engine: Log when host in permissive mode with gluster Add event logs when the host is running in SELinux permissive mode with gluster service. Enhanced the log message to log current state as well. Change-Id: I81705d8bbafc1e5643aa41bb46ba42a0948da7c5 Bug-Url: https://bugzilla.redhat.com/858940 Signed-off-by: Sahina Bose <sab...@redhat.com> --- M backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties M backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/VdsManager.java 2 files changed, 10 insertions(+), 5 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/26/42126/1 diff --git a/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties b/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties index 74153b2..63408e5 100644 --- a/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties +++ b/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties @@ -245,7 +245,7 @@ VDS_RECOVER=Host ${VdsName} is rebooting. VDS_RECOVER_FAILED=Host ${VdsName} failed to recover. VDS_RECOVER_FAILED_VMS_UNKNOWN=Host ${VdsName} cannot be reached, VMs state on this host are marked as Unknown. -VDS_NO_SELINUX_ENFORCEMENT=Host ${VdsName} does not enforce SELinux. +VDS_NO_SELINUX_ENFORCEMENT=Host ${VdsName} does not enforce SELinux. Current status: ${Mode} VDS_PROVISION=Installing OS on Host ${VdsName} using Hostgroup ${HostGroupName}. VM_DOWN=VM ${VmName} is down. ${ExitMessage} USER_SUSPEND_VM_OK=VM ${VmName} on Host ${VdsName} is suspended. diff --git a/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/VdsManager.java b/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/VdsManager.java index d014e03..4dd81e1 100644 --- a/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/VdsManager.java +++ b/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/VdsManager.java @@ -589,11 +589,16 @@ AuditLogDirector.log(logable, AuditLogType.VDS_FAILED_TO_GET_HOST_HARDWARE_INFO); } } - - if (vds.getSELinuxEnforceMode() == null || vds.getSELinuxEnforceMode().equals(SELinuxMode.DISABLED)) { - AuditLogDirector.log(new AuditLogableBase(vds.getId()), AuditLogType.VDS_NO_SELINUX_ENFORCEMENT); + // For gluster nodes, SELinux needs to be in enforcing mode, + // hence warning in case of permissive as well. + if (vds.getSELinuxEnforceMode() == null || vds.getSELinuxEnforceMode().equals(SELinuxMode.DISABLED) + || (vds.getVdsGroupSupportsGlusterService() + && vds.getSELinuxEnforceMode().equals(SELinuxMode.PERMISSIVE))) { + AuditLogDirector.log(new AuditLogableBase(vds.getId()).addCustomValue("Mode", + vds.getSELinuxEnforceMode() == null ? "UNKNOWN" : vds.getSELinuxEnforceMode().name()), + AuditLogType.VDS_NO_SELINUX_ENFORCEMENT); if (vds.getSELinuxEnforceMode() != null) { - log.warnFormat("Host {0} is running with disabled SELinux.", vds.getName()); + log.warn("Host '{}' is running with SELinux in '{}' mode", vds.getName(), vds.getSELinuxEnforceMode()); } else { log.warnFormat("Host {0} does not report SELinux enforcement information.", vds.getName()); } -- To view, visit https://gerrit.ovirt.org/42126 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I81705d8bbafc1e5643aa41bb46ba42a0948da7c5 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.5-gluster Gerrit-Owner: Sahina Bose <sab...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
