Help Center> Cloud Container Engine> FAQ> Node> Node Running> What Should I Do If Excessive Docker Audit Logs Affect the Disk I/O?
What Should I Do If Excessive Docker Audit Logs Affect the Disk I/O?
Symptom
There are a large number of Docker audit logs on existing nodes in some clusters. Due to OS kernel defects, it is slightly possible that I/Os are suspended. You can optimize the audit log rules to avoid this problem.
Impact
Affected cluster versions:
- v1.15.11-r1
- v.1.17.9-r0
- You only need to fix this issue for existing nodes, not for newly created nodes.
- The auditd component needs to be restarted during the upgrade.
Check Method
- Log in to the worker node as user root.
- Run the following command to check whether the problem exists on the current node:
auditctl -l | grep "/var/lib/docker -p rwxa -k docker"
If information similar to the following is displayed, the problem exists and needs to be rectified. If no command output is displayed, the node is not affected.
Solution
- Log in to the worker node as user root.
- Run the following commands:
sed -i "/\/var\/lib\/docker -k docker/d" /etc/audit/rules.d/docker.rules
service auditd restart
Verification Method
Run the following command to check whether the fault is rectified:
auditctl -l | grep "/var/lib/docker -p rwxa -k docker"
If no command output is displayed, the problem has been resolved.
Parent topic: Node Running
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.