Feature #6118
closed
Auditing metadata changes
Description
One of the tools that will be incredibly helpful in corporate-land is the ability to view the entire history of data/state changes to a client and view rich metadata about the changes.
The obvious ones are:
- Puppet manifests applied to client
- Errata applied to client
- Packages installed/removed/updated
- Remote scripts scheduled (along with output)
- Puppet manifests altered in Pulp (if that's how it goes)
but lesser changes should also be audited:
- change to host/systemgroups
- changes to any host/system details
- changes to classes
Basically aiming to be able to fully identify the state of a client before & after every change that would affect it.
Data such as date/timestamp, userid, success/failure of the change.
Also previous state & new state (if applicable). It's useful to know that the hostgroup changed, but more useful to know what it changed from and to.
Output from remote scripts is provided via Satellite 5.x, but we cannot then sort a group based on the content of this output. The output also displays in the WebUI with multiple spaces concatenated (not checked the database, but the db entry and WebUI should show the same as a user would see at the console to be useful).
Duncan
Updated by Duncan Innes almost 10 years ago
Updated by Duncan Innes almost 10 years ago
Something which just struck me (but isn't completely about auditing) is that remote commands are hard to search through when viewing a list of 30 remote commands on a system - all of which look the same in the list.
Remote commands could/should have an optional title for Admins to be able to enter. This could/would be displayed as part of the audit line so that specific remote commands can be picked out more easily.
i.e.
Summary Time
Run an arbitrary script scheduled by innesd 06/ 9/14 11:41:55 AM BST
Run an arbitrary script scheduled by innesd 06/ 9/14 11:41:42 AM BST
Deploy config files to system scheduled by innesd 06/ 9/14 11:41:20 AM BST
Run an arbitrary script scheduled by innesd 06/ 4/14 10:21:35 AM BST
Run an arbitrary script scheduled by innesd 06/ 4/14 10:17:58 AM BST
Run an arbitrary script scheduled by innesd 06/ 4/14 9:22:43 AM BST
Run an arbitrary script scheduled by innesd 06/ 4/14 9:09:33 AM BST
Run an arbitrary script scheduled by innesd 06/ 4/14 9:09:26 AM BST
Run an arbitrary script scheduled by innesd 06/ 4/14 9:09:20 AM BST
Run an arbitrary script scheduled by innesd 06/ 4/14 9:09:13 AM BST
becomes:
Summary Owner Time
Run an arbitrary script (Space Check) innesd 06/ 9/14 11:41:55 AM BST
Run an arbitrary script (Memory Check) innesd 06/ 9/14 11:41:42 AM BST
Deploy config files to system innesd 06/ 9/14 11:41:20 AM BST
Run an arbitrary script (rpm -qa | grep ssl) innesd 06/ 4/14 10:21:35 AM BST
Run an arbitrary script (rpm -qa | grep ssl) innesd 06/ 4/14 10:17:58 AM BST
Run an arbitrary script (rpm -q openssl) innesd 06/ 4/14 9:22:43 AM BST
Run an arbitrary script (du -sk /var) innesd 06/ 4/14 9:09:33 AM BST
Run an arbitrary script (sosreport) innesd 06/ 4/14 9:09:26 AM BST
Run an arbitrary script (Clear /tmp) innesd 06/ 4/14 9:09:20 AM BST
Run an arbitrary script (Space Check) innesd 06/ 4/14 9:09:13 AM BST
Updated by Dominic Cleal almost 10 years ago
- Project changed from Foreman to Katello
- Category deleted (
Audit Log) - translation missing: en.field_release deleted (
10) - Triaged set to No
Updated by Eric Helms about 9 years ago
- Related to Feature #5267: Integrate Foreman auditing into Katello's actions added
Updated by Eric Helms about 9 years ago
- Related to Feature #4230: Content host action auditing needed added
Updated by Eric Helms over 8 years ago
- translation missing: en.field_release set to 114
Updated by John Mitsch over 4 years ago
- Status changed from New to Rejected
- Target version deleted (
Katello Backlog)
Thanks for reporting this issue. This issue was created over 4 years ago and hasn't seen an update in 1 year. We are closing this in an effort to keep a realistic backlog. Please open up a new issue that includes a link to this issue if you feel this still needs to be addressed. We can then triage the new issue and reassess.