Use passed client IP address in various audit logs
HAProxy: change to use option forwardfor to pass origin IP address to backend via X-Forwarded-For header Keystone: Apache does the audit logs for keystone. Change the LogFormat to display the passed address instead of the connection address which is that of the load balancer. Nova, Cinder, Glance: these services can make use of the address passed in X-Forwarded-For. With this setting the API logs for these services include the client IP address. Change-Id: Ia861ecc11a7c7d463d0366586926d1a842853f69 Closes-Bug: #1548935
This commit is contained in:
parent
3f8bc07270
commit
b770339534
@ -2,6 +2,7 @@
|
|||||||
debug = {{ cinder_logging_debug }}
|
debug = {{ cinder_logging_debug }}
|
||||||
|
|
||||||
log_dir = /var/log/kolla/cinder
|
log_dir = /var/log/kolla/cinder
|
||||||
|
use_forwarded_for = true
|
||||||
|
|
||||||
# Set use_stderr to False or the logs will also be sent to stderr
|
# Set use_stderr to False or the logs will also be sent to stderr
|
||||||
# and collected by Docker
|
# and collected by Docker
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
type = "SandboxDecoder"
|
type = "SandboxDecoder"
|
||||||
filename = "lua_decoders/os_keystone_apache_log.lua"
|
filename = "lua_decoders/os_keystone_apache_log.lua"
|
||||||
[keystone_apache_log_decoder.config]
|
[keystone_apache_log_decoder.config]
|
||||||
apache_log_pattern = '%h %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"'
|
apache_log_pattern = '%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"'
|
||||||
|
|
||||||
[keystone_apache_logstreamer_input]
|
[keystone_apache_logstreamer_input]
|
||||||
type = "LogstreamerInput"
|
type = "LogstreamerInput"
|
||||||
|
@ -3,6 +3,7 @@ debug = {{ glance_logging_debug }}
|
|||||||
|
|
||||||
# NOTE(elemoine) log_dir alone does not work for Glance
|
# NOTE(elemoine) log_dir alone does not work for Glance
|
||||||
log_file = /var/log/kolla/glance/api.log
|
log_file = /var/log/kolla/glance/api.log
|
||||||
|
use_forwarded_for = true
|
||||||
|
|
||||||
bind_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
|
bind_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
|
||||||
bind_port = {{ glance_api_port }}
|
bind_port = {{ glance_api_port }}
|
||||||
|
@ -9,6 +9,7 @@ defaults
|
|||||||
mode http
|
mode http
|
||||||
option redispatch
|
option redispatch
|
||||||
option httplog
|
option httplog
|
||||||
|
option forwardfor
|
||||||
retries 3
|
retries 3
|
||||||
timeout http-request 10s
|
timeout http-request 10s
|
||||||
timeout queue 1m
|
timeout queue 1m
|
||||||
|
@ -13,7 +13,7 @@ Listen {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['addr
|
|||||||
ErrorLogFormat "%{cu}t %M"
|
ErrorLogFormat "%{cu}t %M"
|
||||||
</IfVersion>
|
</IfVersion>
|
||||||
ErrorLog "/var/log/kolla/{{ apache_dir }}/keystone-apache-public-error.log"
|
ErrorLog "/var/log/kolla/{{ apache_dir }}/keystone-apache-public-error.log"
|
||||||
LogFormat "%h %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" logformat
|
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" logformat
|
||||||
CustomLog "/var/log/kolla/{{ apache_dir }}/keystone-apache-public-access.log" logformat
|
CustomLog "/var/log/kolla/{{ apache_dir }}/keystone-apache-public-access.log" logformat
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
||||||
@ -27,6 +27,6 @@ Listen {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['addr
|
|||||||
ErrorLogFormat "%{cu}t %M"
|
ErrorLogFormat "%{cu}t %M"
|
||||||
</IfVersion>
|
</IfVersion>
|
||||||
ErrorLog "/var/log/kolla/{{ apache_dir }}/keystone-apache-admin-error.log"
|
ErrorLog "/var/log/kolla/{{ apache_dir }}/keystone-apache-admin-error.log"
|
||||||
LogFormat "%h %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" logformat
|
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" logformat
|
||||||
CustomLog "/var/log/kolla/{{ apache_dir }}/keystone-apache-admin-access.log" logformat
|
CustomLog "/var/log/kolla/{{ apache_dir }}/keystone-apache-admin-access.log" logformat
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
debug = {{ nova_logging_debug }}
|
debug = {{ nova_logging_debug }}
|
||||||
|
|
||||||
log_dir = /var/log/kolla/nova
|
log_dir = /var/log/kolla/nova
|
||||||
|
use_forwarded_for = true
|
||||||
|
|
||||||
api_paste_config = /etc/nova/api-paste.ini
|
api_paste_config = /etc/nova/api-paste.ini
|
||||||
state_path = /var/lib/nova
|
state_path = /var/lib/nova
|
||||||
|
Loading…
Reference in New Issue
Block a user