Capture the content of 'audit.log' file

On CentOS/ Fedora machines, this can be useful when QEMU silently fails to start up due to SELinux denials. For Debian-based machines, which use AppAromor, DevStack already captures the output of 'kern.log' (via `journalctl -t kernel` redirected into 'syslog.txt.gz'). Change-Id: I231b22664f0944b905e00568759785615a1d47c3 Acked-by: Clark Bolyan <clark.boylan@gmail.com> Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
2019-02-22 20:11:35 +01:00 · 2019-02-22 20:11:35 +01:00 · 4eb455aa28
commit 4eb455aa28
parent 72f632222f
2 changed files with 12 additions and 0 deletions
--- a/.zuul.yaml
+++ b/.zuul.yaml
@ -218,6 +218,7 @@
        '{{ stage_dir }}/core': logs
        '{{ stage_dir }}/listen53.txt': logs
        '{{ stage_dir }}/deprecations.log': logs
+        '{{ stage_dir }}/audit.log': logs
        /var/log/ceph: logs
        /var/log/openvswitch: logs
        /var/log/glusterfs: logs
--- a/roles/capture-system-logs/tasks/main.yaml
+++ b/roles/capture-system-logs/tasks/main.yaml
@ -19,6 +19,17 @@
          rpm -qa | sort > {{ stage_dir }}/rpm-qa.txt
      fi

+      # NOTE(kchamart) The 'audit.log' can be useful in cases when QEMU
+      # failed to start due to denials from SELinux — useful for CentOS
+      # and Fedora machines.  For Ubuntu (which runs AppArmor), DevStack
+      # already captures the contents of /var/log/kern.log (via
+      # `journalctl -t kernel` redirected into syslog.txt.gz), which
+      # contains AppArmor-related messages.
+      if [ -f /var/log/audit/audit.log ] ; then
+          sudo cp /var/log/audit/audit.log {{stage_dir }}/audit.log &&
+          chmod +r {{ stage_dir }}/audit.log;
+      fi
+
      # gzip and save any coredumps in /var/core
      if [ -d /var/core ]; then
          sudo gzip -r /var/core