Add Tracking User Identity in openstack utility container logs
Depends-On: https://review.opendev.org/#/c/674670/ Change-Id: I6f7cf5b1c9405fe4b3c989a724230856dedde24f
This commit is contained in:
parent
69d9e6db4c
commit
3d17e98c5f
@ -17,3 +17,16 @@ limitations under the License.
|
|||||||
set -ex
|
set -ex
|
||||||
sed -i 's/$PrivDropToUser syslog/$PrivDropToUser nobody/' /etc/rsyslog.conf
|
sed -i 's/$PrivDropToUser syslog/$PrivDropToUser nobody/' /etc/rsyslog.conf
|
||||||
/etc/init.d/rsyslog start
|
/etc/init.d/rsyslog start
|
||||||
|
{{/*
|
||||||
|
These lines will disable extra handler, extra formatter, extra level to the
|
||||||
|
root logger by oslo-rootwrap module, imported in _openstack-utility-rootwrap.tpl.
|
||||||
|
These lines will get rid of duplicate logs, generated because of the formatter
|
||||||
|
attached by oslo-rootwrap.
|
||||||
|
*/}}
|
||||||
|
sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
|
||||||
|
sed -i "/handler.setFormatter/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
|
||||||
|
sed -i "/os.path.basename/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
|
||||||
|
sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -15,8 +15,37 @@ See the License for the specific language governing permissions and
|
|||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
# PBR Generated from u'console_scripts'
|
# PBR Generated from u'console_scripts'
|
||||||
|
import logging
|
||||||
|
import os
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
from oslo_rootwrap.cmd import main
|
from oslo_rootwrap.cmd import main
|
||||||
|
|
||||||
|
exec_name = sys.argv[0]
|
||||||
|
host_name = os.environ.get("HOSTNAME")
|
||||||
|
log_level = {{ .Values.conf.openstackrootwrapconf.DEFAULT.syslog_log_level | quote }}
|
||||||
|
facility = {{ .Values.conf.openstackrootwrapconf.DEFAULT.syslog_log_facility | quote }}
|
||||||
|
|
||||||
|
if "AUSER" in os.environ:
|
||||||
|
user_id = os.environ["AUSER"]
|
||||||
|
elif {{ .Values.conf.utility.always_log_user | quote }} == 'true':
|
||||||
|
user_id = 'development site'
|
||||||
|
else:
|
||||||
|
print("No username set in AUSER environment variable, for security reasons access restricted from connecting to container.")
|
||||||
|
exit()
|
||||||
|
|
||||||
|
try:
|
||||||
|
handler = logging.handlers.SysLogHandler(address='/dev/log',facility=facility)
|
||||||
|
except IOError:
|
||||||
|
print("Unable to setup logging, for security reasons access restricted from connecting to container.")
|
||||||
|
exit()
|
||||||
|
|
||||||
|
formatter = logging.Formatter('%(asctime)s ' + host_name + ' ' + '%(levelname)s' + os.path.basename(exec_name) + ': ' + 'ActualUser=' + user_id + ': %(message)s')
|
||||||
|
handler.setFormatter(formatter)
|
||||||
|
root = logging.getLogger()
|
||||||
|
root.setLevel(log_level)
|
||||||
|
root.addHandler(handler)
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
sys.exit(main())
|
sys.exit(main())
|
||||||
|
|
||||||
|
@ -93,6 +93,10 @@ conf:
|
|||||||
keystone_auth:
|
keystone_auth:
|
||||||
auth_url: http://keystone.openstack.svc.cluster.local/v3
|
auth_url: http://keystone.openstack.svc.cluster.local/v3
|
||||||
auth_version: "3"
|
auth_version: "3"
|
||||||
|
utility:
|
||||||
|
# Set to true for development sites,
|
||||||
|
# Set to false otherwise
|
||||||
|
always_log_user: true
|
||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
dynamic:
|
dynamic:
|
||||||
|
Loading…
Reference in New Issue
Block a user