Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Docs: known issue - audit file reload on SIGHUP #23608

Merged
merged 17 commits into from
Oct 11, 2023
Merged

Docs: known issue - audit file reload on SIGHUP #23608

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
3598e8e
known issue documentation for Vault 1.15 related to file audit device…
Oct 11, 2023
6859a16
Merge remote-tracking branch 'origin/main' into docs/peteski22/audit-…
Oct 11, 2023
7a098a4
fix caps in URL anchor
Oct 11, 2023
1c86bc9
Merge branch 'main' into docs/peteski22/audit-file-sighup-issue
Oct 11, 2023
ee168f3
Merge branch 'main' into docs/peteski22/audit-file-sighup-issue
Oct 11, 2023
c337e28
Update website/content/partials/known-issues/1_15-audit-file-sighup-d…
Oct 11, 2023
bfd78bf
PR feedback
Oct 11, 2023
ad90961
Warning not Important tag
Oct 11, 2023
e5b08fa
Update website/content/partials/known-issues/1_15-audit-file-sighup-d…
Oct 11, 2023
ed58be3
Update website/content/partials/known-issues/1_15-audit-file-sighup-d…
Oct 11, 2023
890dcda
Update website/content/partials/known-issues/1_15-audit-file-sighup-d…
Oct 11, 2023
302b9bf
Update website/content/partials/known-issues/1_15-audit-file-sighup-d…
Oct 11, 2023
5e7b7c6
Update website/content/partials/known-issues/1_15-audit-file-sighup-d…
Oct 11, 2023
bfecbba
Update website/content/partials/known-issues/1_15-audit-file-sighup-d…
Oct 11, 2023
936d75d
Update website/content/partials/known-issues/1_15-audit-file-sighup-d…
Oct 11, 2023
7545d4c
changes to known issue doc
Oct 11, 2023
4259c44
changes to known issue doc - 2
Oct 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions website/content/docs/release-notes/1.15.0.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ Version | Issue
------- | -----
1.15.0+ | [Vault no longer reports rollback metrics by mountpoint](/vault/docs/upgrading/upgrade-to-1.15.x#rollback-metrics)
1.15.0 | [Panic in AWS auth method during IAM-based login](/vault/docs/upgrading/upgrade-to-1.15.x#panic-in-aws-auth-method-during-iam-based-login)
1.15 | [Vault file audit devices do not honor SIGHUP signal to reload](/vault/docs/upgrading/upgrade-to-1.15.x#file-audit-devices-do-not-honor-sighup-signal-to-reload)

## Vault companion updates

Expand Down
2 changes: 2 additions & 0 deletions website/content/docs/upgrading/upgrade-to-1.15.x.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,3 +52,5 @@ option.
@include 'known-issues/transit-managed-keys-sign-fails.mdx'

@include 'known-issues/aws-auth-panics.mdx'

@include 'known-issues/1_15-audit-file-sighup-does-not-trigger-reload.mdx'
36 changes: 36 additions & 0 deletions ...ontent/partials/known-issues/1_15-audit-file-sighup-does-not-trigger-reload.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
### File audit devices do not honor SIGHUP signal to reload

#### Affected versions

- 1.15.0

#### Issue

Sending [`SIGHUP`](/vault/docs/audit/file#log-file-rotation) to Vault after rotating
an audit log file doesn't reopen the file path as expected.
peteski22 marked this conversation as resolved.
Show resolved Hide resolved

If the file was moved (renamed), then Vault will continue to write data to the location
of the moved file.

If the file was deleted, then Vault will continue to write data to the deleted file.
The file will be deleted by the OS once Vault is sealed or restarted, but
until then will continue to consume disk space due to audit entries being written.
peteski22 marked this conversation as resolved.
Show resolved Hide resolved
peteski22 marked this conversation as resolved.
Show resolved Hide resolved

<Warning title="Missing Audit Entries">
peteski22 marked this conversation as resolved.
Show resolved Hide resolved
If the file was deleted (rather than moved locally) then audit entries written
by Vault will be lost.
</Warning>
peteski22 marked this conversation as resolved.
Show resolved Hide resolved

The issue has been fixed for a patch release in Vault `1.15.1`.
peteski22 marked this conversation as resolved.
Show resolved Hide resolved

#### Workaround

If your Vault cluster uses any `file` audit devices, you can use the following
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"If your Vault cluster uses any file audit devices" is really about whether you should be worried about the bug, so it probably doesn't belong in the Workaround section.

environment variable set to `true` in order to disable the new underlying event
framework Vault uses to process audit events.

| Environment variable name | Value |
|-----------------------------------|--------|
| `VAULT_AUDIT_DISABLE_EVENTLOGGER` | `true` |
peteski22 marked this conversation as resolved.
Show resolved Hide resolved

Please note that this environment variable will be removed in a future release of Vault.
peteski22 marked this conversation as resolved.
Show resolved Hide resolved