yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1570463] Re: RFE: keystone-manage CLI to allow using syslog & specific log files

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Morgan Fainberg <morgan.fainberg@xxxxxxxxx>
Date: Thu, 14 Apr 2016 16:19:54 -0000
Reply-to: Bug 1570463 <1570463@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

The fernet keys should not be writable by the keystone user, typically
by root (same as a certificate), therefore the log should likewise be
separate to avoid breaking normal logging.

The use of syslog would easily solve this issue.

** Tags added: fernet logging low-hanging-fruit

** Changed in: keystone
       Status: New => Triaged

** Changed in: keystone
   Importance: Undecided => Medium

** Also affects: keystone/newton
   Importance: Medium
       Status: Triaged

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1570463

Title:
  RFE: keystone-manage CLI to allow using syslog & specific log files

Status in OpenStack Identity (keystone):
  Triaged
Status in OpenStack Identity (keystone) newton series:
  Triaged

Bug description:
  Currently, keystone-manage CLI tool will by default write in
  $log_dir/$log_file, which is most of the case /var/log/keystone.log.

  Some actions (like fernet keys generations) are dynamic, and having
  them in a separated logfile would be a nice feature for operators.
  Also supporting syslog would be very helpful for production
  deployments.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1570463/+subscriptions

References

[Bug 1570463] [NEW] RFE: keystone-manage CLI to allow using syslog & specific log files
From: Emilien Macchi, 2016-04-14