Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CPDEV-94486] Add sysctl and audit rules validation #540

Merged
merged 7 commits into from
Nov 10, 2023
Merged

[CPDEV-94486] Add sysctl and audit rules validation #540

merged 7 commits into from
Nov 10, 2023

Conversation

ilia1243
Copy link
Contributor

@ilia1243 ilia1243 commented Nov 2, 2023
edited
Loading

Description

  • Need to add validation of kernel parameters and audit rules.

Fixes #42

Solution

  • Added validation of already configured sysctl parameters and audit rules during the install procedure.
    If they are actual, the configuration is skipped.
  • After Test ci install #331 we no longer need reboot before configuring of sysctl.
    Reboot and verify_system now happen after configuring of sysctl.
    Added validation that sysctl parameters are still actual after reboot.
  • Added PaaS checks of sysctl parameters and audit rules.

Test Cases

TestCase 1

Double installation skips configuration of kernel parameters and audit rules.

Steps:

  1. Install the cluster, and then run install procedure to reinstall the cluster.

Results:

Before After
sysctl parameters and audit rules are always reconfigured sysctl parameters and audit rules are not reconfigured during re-installation

TestCase 2

PaaS check of kernel parameters and audit rules.

Steps:

  1. Install the cluster, and run check_paas

ER: new checks 231 and 232 are successfull

  1. Change sysctl parameters or audit rules in cluster.yaml
  2. Run check_paas

ER: 231 or 232 checks fail.

Checklist

  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • Integration CI passed
  • Unit tests. If Yes list of new/changed tests with brief description
  • There is no merge conflicts

Unit tests

test_audit.py - audit.configure() now returns list of rules. Corresponding test is updated.

@ilia1243 ilia1243 added the improvement New feature or request label Nov 2, 2023
@ilia1243 ilia1243 requested a review from shmo1218 November 2, 2023 12:48
@koryaga koryaga requested a review from igza0216 November 3, 2023 07:55
@ilia1243 ilia1243 force-pushed the feature/sysctl_audit_checks branch from 7269535 to 8241d0e Compare November 3, 2023 08:07
@koryaga koryaga changed the title CPDEV-94486 Add sysctl and audit rules validation [CPDEV-94486] Add sysctl and audit rules validation Nov 3, 2023
shmo1218
shmo1218 approved these changes Nov 3, 2023
View reviewed changes
Copy link
Contributor

@shmo1218 shmo1218 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The doc review is done.

ilia1243
ilia1243 commented Nov 3, 2023
View reviewed changes
@koryaga koryaga mentioned this pull request Nov 10, 2023
Closed
5 tasks
@ilia1243 ilia1243 force-pushed the feature/sysctl_audit_checks branch from ecbbb49 to 0362447 Compare November 10, 2023 12:45
@koryaga koryaga merged commit 8b4aed8 into main Nov 10, 2023
@koryaga koryaga deleted the feature/sysctl_audit_checks branch November 10, 2023 13:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shmo1218 shmo1218 shmo1218 approved these changes

@alexarefev alexarefev alexarefev approved these changes

@Imadzuma Imadzuma Awaiting requested review from Imadzuma

@igza0216 igza0216 Awaiting requested review from igza0216

Assignees

@koryaga koryaga

Labels
improvement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add sysctl and audit rules validation
4 participants
@ilia1243 @alexarefev @shmo1218 @koryaga