From 608096fb3ce3cf291550278c39be3b0562bd18eb Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Mon, 3 Dec 2018 18:43:38 +0100 Subject: [PATCH] Remove some of the excessive rabbitmq bundle logging By removing the pam-systemd optinal session line we get rid of the following line: pam_systemd(su:session): Failed to connect to system bus: No such file or directory It is useless inside a container anyway since the pam_systemd module registers user sessions. By adding a sufficient pam_succeed_if call fo when the user belongs to the rabbitmq group we get rid of the following spurious log: Oct 23 13:52:52 overcloud-controller-0 su: pam_unix(su:session): session opened for user rabbitmq by (uid=0) Oct 23 13:52:54 overcloud-controller-0 su: pam_unix(su:session): session closed for user rabbitmq We do not need this inside a container anyway. In the future (w/ pam_unix 1.2.0 and onwards we will be able to use the quiet option instead). NB: cherry-pick not %100 clean due to slightly changed diff context Depends-On: Ic0789da4645a4ee186d82ad7d943de78d4d5c443 Change-Id: Icd199ca4ce4848c971488d8ab69e668add86b150 Related-Bug: #1806451 (cherry picked from commit 44985bd42d21ce705387c01b188f27711791f51f) --- manifests/profile/pacemaker/rabbitmq_bundle.pp | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/manifests/profile/pacemaker/rabbitmq_bundle.pp b/manifests/profile/pacemaker/rabbitmq_bundle.pp index 17a464b1a..7c3eeefe6 100644 --- a/manifests/profile/pacemaker/rabbitmq_bundle.pp +++ b/manifests/profile/pacemaker/rabbitmq_bundle.pp @@ -118,6 +118,20 @@ class tripleo::profile::pacemaker::rabbitmq_bundle ( replace => true, require => Class['::rabbitmq'], } + file_line { 'rabbitmq-pamd-systemd': + ensure => absent, + path => '/etc/pam.d/system-auth', + match => '^-session\s+optional\s+pam_systemd.so', + match_for_absence => true, + } + # Note that once we move to RHEL8 where pam_unix.so supports the quiet option + # we can just add quiet to the pam_unix option for the session module and remove this one + file_line { 'rabbitmq-pamd-succeed': + ensure => present, + path => '/etc/pam.d/system-auth', + line => 'session sufficient pam_succeed_if.so quiet_success user ingroup rabbitmq', + after => '^session.*pam_limits.so' + } if $step >= 1 and $pacemaker_master and hiera('stack_action') == 'UPDATE' { tripleo::pacemaker::resource_restart_flag { 'rabbitmq-clone':