Add Tracking User Identity in openstack utility container logs

Depends-On: https://review.opendev.org/#/c/674670/

Change-Id: I6f7cf5b1c9405fe4b3c989a724230856dedde24f

openstack-utility/templates/bin/_start.sh.tpl

@@ -17,3 +17,16 @@ limitations under the License.
 set -ex
 sed -i 's/$PrivDropToUser syslog/$PrivDropToUser nobody/' /etc/rsyslog.conf
 /etc/init.d/rsyslog start
+{{/*
+These lines will disable extra handler, extra formatter, extra level to the
+root logger by oslo-rootwrap module, imported in _openstack-utility-rootwrap.tpl.
+These lines will get rid of duplicate logs, generated because of the formatter
+attached by oslo-rootwrap.
+*/}}
+sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
+sed -i "/handler.setFormatter/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
+sed -i "/os.path.basename/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
+sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
+
+
+

openstack-utility/templates/bin/utility/_openstack-utility-rootwrap.tpl

@@ -15,8 +15,37 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 # PBR Generated from u'console_scripts'
+import logging
+import os
 import sys
+
 from oslo_rootwrap.cmd import main
 
+exec_name = sys.argv[0]
+host_name = os.environ.get("HOSTNAME")
+log_level = {{ .Values.conf.openstackrootwrapconf.DEFAULT.syslog_log_level | quote }}
+facility = {{ .Values.conf.openstackrootwrapconf.DEFAULT.syslog_log_facility | quote }}
+
+if "AUSER" in os.environ:
+    user_id = os.environ["AUSER"]
+elif {{ .Values.conf.utility.always_log_user | quote }} == 'true':
+    user_id = 'development site'
+else:
+    print("No username set in AUSER environment variable, for security reasons access restricted from connecting to container.")
+    exit()
+
+try:
+    handler = logging.handlers.SysLogHandler(address='/dev/log',facility=facility)
+except IOError:
+    print("Unable to setup logging, for security reasons access restricted from connecting to container.")
+    exit()
+
+formatter = logging.Formatter('%(asctime)s ' + host_name + ' ' + '%(levelname)s' + os.path.basename(exec_name) + ': ' + 'ActualUser=' + user_id + ': %(message)s')
+handler.setFormatter(formatter)
+root = logging.getLogger()
+root.setLevel(log_level)
+root.addHandler(handler)
+
 if __name__ == "__main__":
     sys.exit(main())
+

openstack-utility/values.yaml

@@ -93,6 +93,10 @@ conf:
   keystone_auth:
     auth_url: http://keystone.openstack.svc.cluster.local/v3
     auth_version: "3"
+  utility:
+    # Set to true for development sites,
+    # Set to false otherwise
+    always_log_user: true
 
 dependencies:
   dynamic: