Fix start rsyslog code to run for read endpoints too

2026-01-14 17:02:56 +00:00 · 2025-03-05 15:13:37 +00:00
parent 7327e65af7
commit 8d7fde3b07
3 changed files with 19 additions and 16 deletions
--- a/compute_tools/src/compute.rs
+++ b/compute_tools/src/compute.rs
@@ -679,6 +679,23 @@ impl ComputeNode {
            });
        }

+        // Configure and start rsyslog if necessary
+        if let ComputeAudit::Hipaa = pspec.spec.audit_log_level {
+            let remote_endpoint = std::env::var("AUDIT_LOGGING_ENDPOINT").unwrap_or("".to_string());
+            if remote_endpoint.is_empty() {
+                anyhow::bail!("AUDIT_LOGGING_ENDPOINT is empty");
+            }
+
+            let log_directory_path = Path::new(&self.params.pgdata).join("log");
+            // TODO: make this more robust
+            // now rsyslog starts once and there is no monitoring or restart if it fails
+            configure_and_start_rsyslog(
+                log_directory_path.to_str().unwrap(),
+                "hipaa",
+                &remote_endpoint,
+            )?;
+        }
+
        // Launch remaining service threads
        let _monitor_handle = launch_monitor(self);
        let _configurator_handle = launch_configurator(self);
@@ -1640,21 +1657,6 @@ impl ComputeNode {
        }
        self.post_apply_config()?;

-        // Configure rsyslog for HIPAA audit logging
-        if let ComputeAudit::Hipaa = pspec.spec.audit_log_level {
-            let remote_endpoint = std::env::var("AUDIT_LOGGING_ENDPOINT").unwrap_or("".to_string());
-            if remote_endpoint.is_empty() {
-                anyhow::bail!("AUDIT_LOGGING_ENDPOINT is empty");
-            }
-
-            let log_directory_path = Path::new(&self.params.pgdata).join("log");
-            configure_and_start_rsyslog(
-                log_directory_path.to_str().unwrap(),
-                "hipaa",
-                &remote_endpoint,
-            )?;
-        }
-
        Ok(())
    }

--- a/compute_tools/src/config.rs
+++ b/compute_tools/src/config.rs
@@ -1,5 +1,4 @@
 use anyhow::Result;
-use base64::write;
 use std::fmt::Write as FmtWrite;
 use std::fs::{File, OpenOptions};
 use std::io;
--- a/compute_tools/src/spec_apply.rs
+++ b/compute_tools/src/spec_apply.rs
@@ -277,6 +277,8 @@ impl ComputeNode {
                phases.push(FinalizeDropLogicalSubscriptions);
            }

+            // Keep DisablePostgresDBPgAudit phase at the end,
+            // so that all config operations are audit logged.
            match spec.audit_log_level
            {
                ComputeAudit::Hipaa => {