-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docs: known issue - audit file reload on SIGHUP #23608
Conversation
…file-sighup-issue
website/content/partials/known-issues/1_15-audit-file-sighup-does-not-trigger-reload.mdx
Outdated
Show resolved
Hide resolved
…oes-not-trigger-reload.mdx Co-authored-by: Nick Cabatoff <[email protected]>
website/content/partials/known-issues/1_15-audit-file-sighup-does-not-trigger-reload.mdx
Outdated
Show resolved
Hide resolved
website/content/partials/known-issues/1_15-audit-file-sighup-does-not-trigger-reload.mdx
Outdated
Show resolved
Hide resolved
website/content/partials/known-issues/1_15-audit-file-sighup-does-not-trigger-reload.mdx
Outdated
Show resolved
Hide resolved
website/content/partials/known-issues/1_15-audit-file-sighup-does-not-trigger-reload.mdx
Outdated
Show resolved
Hide resolved
website/content/partials/known-issues/1_15-audit-file-sighup-does-not-trigger-reload.mdx
Outdated
Show resolved
Hide resolved
If audit log rotation is a requirement for your Vault deployment, you can use the | ||
following environment variable set to `true` in order to disable the new underlying | ||
event framework Vault uses to process audit events. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If audit log rotation is a requirement for your Vault deployment, you can use the | |
following environment variable set to `true` in order to disable the new underlying | |
event framework Vault uses to process audit events. | |
If you use log rotation with `file` audit devices, set the | |
`VAULT_AUDIT_DISABLE_EVENTLOGGER` environment variable to `true` to disable the | |
new underlying event framework for | |
processing audit events: | |
```shell-session | |
$ export VAULT_AUDIT_DISABLE_EVENTLOGGER=true | |
``` |
website/content/partials/known-issues/1_15-audit-file-sighup-does-not-trigger-reload.mdx
Outdated
Show resolved
Hide resolved
…oes-not-trigger-reload.mdx Co-authored-by: Sarah Chavis <[email protected]>
website/content/partials/known-issues/1_15-audit-file-sighup-does-not-trigger-reload.mdx
Outdated
Show resolved
Hide resolved
…oes-not-trigger-reload.mdx Co-authored-by: Sarah Chavis <[email protected]>
…oes-not-trigger-reload.mdx Co-authored-by: Sarah Chavis <[email protected]>
…oes-not-trigger-reload.mdx Co-authored-by: Sarah Chavis <[email protected]>
…oes-not-trigger-reload.mdx Co-authored-by: Sarah Chavis <[email protected]>
website/content/partials/known-issues/1_15-audit-file-sighup-does-not-trigger-reload.mdx
Outdated
Show resolved
Hide resolved
website/content/partials/known-issues/1_15-audit-file-sighup-does-not-trigger-reload.mdx
Outdated
Show resolved
Hide resolved
website/content/partials/known-issues/1_15-audit-file-sighup-does-not-trigger-reload.mdx
Outdated
Show resolved
Hide resolved
…oes-not-trigger-reload.mdx Co-authored-by: Sarah Chavis <[email protected]>
…oes-not-trigger-reload.mdx Co-authored-by: Sarah Chavis <[email protected]>
|
||
#### Workaround | ||
|
||
If your Vault cluster uses any `file` audit devices, you can use the following |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"If your Vault cluster uses any file
audit devices" is really about whether you should be worried about the bug, so it probably doesn't belong in the Workaround section.
Documentation to describe a known issue which has been reported where Vault file audit devices do no honor reopening after Vault processes a
SIGHUP
command.PR: #23598
Issue: #23596
Release notes: https://vault-git-docs-peteski22audit-file-sighup-issue-hashicorp.vercel.app/vault/docs/release-notes/1.15.0
Upgrade guide: https://vault-git-docs-peteski22audit-file-sighup-issue-hashicorp.vercel.app/vault/docs/upgrading/upgrade-to-1.15.x#file-audit-devices-do-not-honor-sighup-signal-to-reload