Archive audit log

Signed-off-by: Zack Cerza <zack@redhat.com>

diff --git a/teuthology/task/selinux.py b/teuthology/task/selinux.py
index f6b13a31d74796cf25234b2dc53e104338009c66..581d398949ae78f3aeb7e15aae7297c40866739e 100644 (file)
--- a/teuthology/task/selinux.py
+++ b/teuthology/task/selinux.py
@@ -1,8 +1,10 @@
 import logging
+import os
 
 from cStringIO import StringIO
 
 from teuthology.exceptions import SELinuxError
+from teuthology.misc import get_archive_dir
 from teuthology.orchestra.cluster import Cluster
 
 from . import Task
@@ -102,6 +104,7 @@ class SELinux(Task):
 
     def teardown(self):
         self.restore_modes()
+        self.archive_log()
         self.get_new_denials()
 
     def restore_modes(self):
@@ -119,6 +122,20 @@ class SELinux(Task):
                     args=['sudo', '/usr/sbin/setenforce', mode],
                 )
 
+    def archive_log(self):
+        if not hasattr(self.ctx, 'archive') or not self.ctx.archive:
+            return
+        archive_dir = get_archive_dir(self.ctx)
+        audit_archive = os.path.join(archive_dir, 'audit')
+        mkdir_cmd = "mkdir {audit_archive}"
+        cp_cmd = "sudo cp /var/log/audit/audit.log {audit_archive}"
+        chown_cmd = "sudo chown $USER {audit_archive}/audit.log"
+        gzip_cmd = "gzip {audit_archive}/audit.log"
+        full_cmd = " && ".join((mkdir_cmd, cp_cmd, chown_cmd, gzip_cmd))
+        self.cluster.run(
+            args=full_cmd.format(audit_archive=audit_archive)
+        )
+
     def get_new_denials(self):
         """
         Determine if there are any new denials in the audit log