diff --git a/openstack-utility/templates/bin/_start.sh.tpl b/openstack-utility/templates/bin/_start.sh.tpl index b3b279ed..0a1624ff 100644 --- a/openstack-utility/templates/bin/_start.sh.tpl +++ b/openstack-utility/templates/bin/_start.sh.tpl @@ -17,3 +17,16 @@ limitations under the License. set -ex sed -i 's/$PrivDropToUser syslog/$PrivDropToUser nobody/' /etc/rsyslog.conf /etc/init.d/rsyslog start +{{/* +These lines will disable extra handler, extra formatter, extra level to the +root logger by oslo-rootwrap module, imported in _openstack-utility-rootwrap.tpl. +These lines will get rid of duplicate logs, generated because of the formatter +attached by oslo-rootwrap. +*/}} +sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py +sed -i "/handler.setFormatter/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py +sed -i "/os.path.basename/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py +sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py + + + diff --git a/openstack-utility/templates/bin/utility/_openstack-utility-rootwrap.tpl b/openstack-utility/templates/bin/utility/_openstack-utility-rootwrap.tpl index c6237540..3796ed8d 100644 --- a/openstack-utility/templates/bin/utility/_openstack-utility-rootwrap.tpl +++ b/openstack-utility/templates/bin/utility/_openstack-utility-rootwrap.tpl @@ -15,8 +15,37 @@ See the License for the specific language governing permissions and limitations under the License. */}} # PBR Generated from u'console_scripts' +import logging +import os import sys + from oslo_rootwrap.cmd import main +exec_name = sys.argv[0] +host_name = os.environ.get("HOSTNAME") +log_level = {{ .Values.conf.openstackrootwrapconf.DEFAULT.syslog_log_level | quote }} +facility = {{ .Values.conf.openstackrootwrapconf.DEFAULT.syslog_log_facility | quote }} + +if "AUSER" in os.environ: + user_id = os.environ["AUSER"] +elif {{ .Values.conf.utility.always_log_user | quote }} == 'true': + user_id = 'development site' +else: + print("No username set in AUSER environment variable, for security reasons access restricted from connecting to container.") + exit() + +try: + handler = logging.handlers.SysLogHandler(address='/dev/log',facility=facility) +except IOError: + print("Unable to setup logging, for security reasons access restricted from connecting to container.") + exit() + +formatter = logging.Formatter('%(asctime)s ' + host_name + ' ' + '%(levelname)s' + os.path.basename(exec_name) + ': ' + 'ActualUser=' + user_id + ': %(message)s') +handler.setFormatter(formatter) +root = logging.getLogger() +root.setLevel(log_level) +root.addHandler(handler) + if __name__ == "__main__": sys.exit(main()) + diff --git a/openstack-utility/values.yaml b/openstack-utility/values.yaml index fcdee480..632ccea4 100644 --- a/openstack-utility/values.yaml +++ b/openstack-utility/values.yaml @@ -93,6 +93,10 @@ conf: keystone_auth: auth_url: http://keystone.openstack.svc.cluster.local/v3 auth_version: "3" + utility: + # Set to true for development sites, + # Set to false otherwise + always_log_user: true dependencies: dynamic: