Restart auditd service several times
Sometimes auditd fails to restart with an error:
auditd[30557]: Error sending enable request (Operation not permitted)
...
auditd[30557]: Unable to set initial audit startup state to 'enable', exiting
auditd[30557]: The audit daemon is exiting.
auditd[30557]: Error setting audit daemon pid (Permission denied)
We try to workaaround this with restarting the service several times.
Another change this patchset does is to remove 'watch_in' condition between
/etc/audits/audit.rules and auditd_service, because auditd systemd service
does reload rules when a service is starting.
Change-Id: I3ef5e2ddc13fb68d4f57e49ff8d60116365749db
Related-Prod: PROD-21191
Related-Prod: PROD-21791
diff --git a/auditd/rules.sls b/auditd/rules.sls
index 79202b4..189ec48 100644
--- a/auditd/rules.sls
+++ b/auditd/rules.sls
@@ -12,8 +12,6 @@
- mode: 0640
- require:
- pkg: auditd_packages
- - watch_in:
- - service: auditd_service
{%- if grains.get('virtual_subtype', None) not in ['Docker', 'LXC'] %}
reload_rules:
diff --git a/auditd/service.sls b/auditd/service.sls
index f568d4e..285fb32 100644
--- a/auditd/service.sls
+++ b/auditd/service.sls
@@ -12,6 +12,9 @@
- name: {{ service.name }}
- require:
- pkg: auditd_packages
+ - retry:
+ attempts: 3
+ interval: 10
/etc/audit/auditd.conf:
file.managed: