Add fixes to user logging in calicoctl utility container logs
Change-Id: If50de7431166764b7a6e75e836ffa6956637e4d7
This commit is contained in:
parent
37e7008675
commit
3a1b842802
@ -15,4 +15,5 @@ See the License for the specific language governing permissions and
|
|||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
sudo /tmp/override-oslo-rootwrap-logging.sh
|
||||||
exec sudo socat -d -v -s -t0 -T0 -u UNIX-RECV:/dev/log,reuseaddr stdout
|
exec sudo socat -d -v -s -t0 -T0 -u UNIX-RECV:/dev/log,reuseaddr stdout
|
||||||
|
@ -0,0 +1,26 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
{{/*
|
||||||
|
Copyright 2019 The Openstack-Helm Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
{{/*
|
||||||
|
These lines will disable extra handler, extra formatter, extra level to the
|
||||||
|
root logger by oslo-rootwrap module, imported in _openstack-utility-rootwrap.tpl.
|
||||||
|
These lines will get rid of duplicate logs, generated because of the formatter
|
||||||
|
attached by oslo-rootwrap.
|
||||||
|
*/}}
|
||||||
|
sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/lib/python2.7/site-packages/oslo_rootwrap/wrapper.py
|
||||||
|
sed -i "/handler.setFormatter/s/.*/#&/" /usr/lib/python2.7/site-packages/oslo_rootwrap/wrapper.py
|
||||||
|
sed -i "/os.path.basename/s/.*/#&/" /usr/lib/python2.7/site-packages/oslo_rootwrap/wrapper.py
|
||||||
|
sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/lib/python2.7/site-packages/oslo_rootwrap/wrapper.py
|
@ -14,7 +14,8 @@ See the License for the specific language governing permissions and
|
|||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
nobody ALL=SETENV: NOPASSWD: /usr/bin/socat -d -v -s -t0 -T0 -u \
|
nobody ALL=SETENV: NOPASSWD: /tmp/override-oslo-rootwrap-logging.sh, \
|
||||||
|
/usr/bin/socat -d -v -s -t0 -T0 -u \
|
||||||
UNIX-RECV\:/dev/log\,reuseaddr stdout, \
|
UNIX-RECV\:/dev/log\,reuseaddr stdout, \
|
||||||
/usr/local/bin/calicoctl-utility-rootwrap /etc/calicoctl/rootwrap.conf *, \
|
/usr/local/bin/calicoctl-utility-rootwrap /etc/calicoctl/rootwrap.conf *, \
|
||||||
/usr/local/bin/calicoctl version
|
/usr/local/bin/calicoctl version
|
||||||
|
@ -25,6 +25,9 @@ data:
|
|||||||
image-repo-sync.sh: |
|
image-repo-sync.sh: |
|
||||||
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
|
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
|
||||||
|
|
||||||
|
override-oslo-rootwrap-logging.sh: |
|
||||||
|
{{ tuple "bin/_override-oslo-rootwrap-logging.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
|
||||||
calicoctl-utility-rootwrap: |
|
calicoctl-utility-rootwrap: |
|
||||||
{{ tuple "bin/_calicoctl-utility-rootwrap.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
{{ tuple "bin/_calicoctl-utility-rootwrap.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||||
|
|
||||||
|
@ -141,6 +141,10 @@ spec:
|
|||||||
mountPath: /usr/local/bin/calicoctl-utility-rootwrap
|
mountPath: /usr/local/bin/calicoctl-utility-rootwrap
|
||||||
subPath: calicoctl-utility-rootwrap
|
subPath: calicoctl-utility-rootwrap
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
- name: calicoctl-utility-bin
|
||||||
|
mountPath: /tmp/override-oslo-rootwrap-logging.sh
|
||||||
|
subPath: override-oslo-rootwrap-logging.sh
|
||||||
|
readOnly: true
|
||||||
- name: calicoctl-utility-sudoers
|
- name: calicoctl-utility-sudoers
|
||||||
mountPath: /etc/sudoers.d/nobody
|
mountPath: /etc/sudoers.d/nobody
|
||||||
subPath: utilscli-sudo
|
subPath: utilscli-sudo
|
||||||
|
@ -29,7 +29,7 @@ facility = {{ .Values.conf.cephrootwrap.DEFAULT.syslog_log_facility | quote }}
|
|||||||
if "AUSER" in os.environ:
|
if "AUSER" in os.environ:
|
||||||
user_id = os.environ["AUSER"]
|
user_id = os.environ["AUSER"]
|
||||||
elif {{ .Values.conf.utility.always_log_user | quote }} == 'true':
|
elif {{ .Values.conf.utility.always_log_user | quote }} == 'true':
|
||||||
user_id = os.environ["AUSER"]
|
user_id = 'development site'
|
||||||
else:
|
else:
|
||||||
print("No username set in AUSER environment variable, for security reasons access restricted from connecting to container.")
|
print("No username set in AUSER environment variable, for security reasons access restricted from connecting to container.")
|
||||||
exit()
|
exit()
|
||||||
|
Loading…
Reference in New Issue
Block a user