Add tracking user in ceph utility container logs

Co-Authored-By: Krishna Venkata <kvenkata986@gmail.com> Change-Id: Iaee03975c05e58b35f05ed2e2ffe47d46fa21d95
2019-02-14 19:25:22 -06:00 · 2019-02-14 19:25:22 -06:00 · f205f9d1b3
commit f205f9d1b3
parent c9b9c5aaeb
3 changed files with 45 additions and 2 deletions
--- a/ceph-utility/templates/bin/_managekey.sh.tpl
+++ b/ceph-utility/templates/bin/_managekey.sh.tpl
@ -1,6 +1,6 @@
 #!/bin/bash
 {{/*
-Copyright 2017 The Openstack-Helm Authors.
+Copyright 2019 The Openstack-Helm Authors.

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@ -23,3 +23,13 @@ done < "$input"
 chmod 600 /etc/ceph/ceph.client.admin.keyring
 sed -i 's/$PrivDropToUser syslog/$PrivDropToUser nobody/' /etc/rsyslog.conf
 /etc/init.d/rsyslog restart
+{{/*
+These lines will disable extra handler, extra formatter, extra level to the
+root logger by oslo-rootwrap module, imported in _openstack-utility-rootwrap.tpl.
+These lines will get rid of duplicate logs, generated because of the formatter
+attached by oslo-rootwrap.
+*/}}
+sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
+sed -i "/handler.setFormatter/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
+sed -i "/os.path.basename/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
+sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/lib/python2.7/dist-packages/oslo_rootwrap/wrapper.py
--- a/ceph-utility/templates/bin/utility/_ceph-utility-rootwrap.tpl
+++ b/ceph-utility/templates/bin/utility/_ceph-utility-rootwrap.tpl
@ -1,6 +1,6 @@
 #!/usr/bin/python
 {{/*
-Copyright 2017 The Openstack-Helm Authors.
+Copyright 2019 The Openstack-Helm Authors.

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@ -15,8 +15,37 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 # PBR Generated from u'console_scripts'
+import logging
+import os
 import sys
+
 from oslo_rootwrap.cmd import main

+exec_name = sys.argv[0]
+host_name = os.environ.get("HOSTNAME")
+log_level = {{ .Values.conf.cephrootwrap.DEFAULT.syslog_log_level | quote }}
+facility = {{ .Values.conf.cephrootwrap.DEFAULT.syslog_log_facility | quote }}
+
+if "AUSER" in os.environ:
+    user_id = os.environ["AUSER"]
+elif {{ .Values.conf.utility.always_log_user | quote }} == 'true':
+    user_id = os.environ["AUSER"]
+else:
+    print("No username set in AUSER environment variable, for security reasons access restricted from connecting to container.")
+    exit()
+
+try:
+    handler = logging.handlers.SysLogHandler(address='/dev/log',facility=facility)
+except IOError:
+    print("Unable to setup logging, for security reasons access restricted from connecting to container.")
+    exit()
+
+formatter = logging.Formatter('%(asctime)s ' + host_name + ' ' + '%(levelname)s' +
+    os.path.basename(exec_name) + ': ' + 'ActualUser=' + user_id + ': %(message)s')
+handler.setFormatter(formatter)
+root = logging.getLogger()
+root.setLevel(log_level)
+root.addHandler(handler)
+
 if __name__ == "__main__":
    sys.exit(main())
--- a/ceph-utility/values.yaml
+++ b/ceph-utility/values.yaml
@ -80,6 +80,10 @@ secrets:
 conf:
  features:
    utility: true
+  utility:
+    # Set to true for development sites,
+    # Set to false otherwise
+    always_log_user: true
  cephconf:
    etc: ceph-etc
  cephfilter: