RFE: keystone-manage CLI to allow using syslog & specific log files
Bug #1570463 reported by
Emilien Macchi
on 2016-04-14
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | OpenStack Identity (keystone) |
Medium
|
Unassigned | ||
Bug Description
Currently, keystone-manage CLI tool will by default write in $log_dir/$log_file, which is most of the case /var/log/
Some actions (like fernet keys generations) are dynamic, and having them in a separated logfile would be a nice feature for operators. Also supporting syslog would be very helpful for production deployments.
| Morgan Fainberg (mdrnstm) wrote : | #1 |
| tags: | added: fernet logging low-hanging-fruit |
| Changed in keystone: | |
| status: | New → Triaged |
| importance: | Undecided → Medium |
| Steve Martinelli (stevemar) wrote : | #2 |
unassigning due to inactivity
Steve Martinelli (stevemar)
on 2016-09-16
| no longer affects: | keystone/newton |
Annapoornima Koppad (annakoppad)
on 2016-09-28
| Changed in keystone: | |
| assignee: | nobody → Annapoornima Koppad (annakoppad) |
| David Stanek (dstanek) wrote : | #3 |
Unassigned due to inactivity.
| Changed in keystone: | |
| assignee: | Annapoornima Koppad (annakoppad) → nobody |
Richard (csravelar)
on 2017-01-23
| Changed in keystone: | |
| assignee: | nobody → Anthony Washington (anthony-washington) |
Anthony Washington (anthony-washington)
on 2017-02-01
| Changed in keystone: | |
| assignee: | Anthony Washington (anthony-washington) → nobody |
Huayu Ouyang (hlo323)
on 2017-03-27
| Changed in keystone: | |
| assignee: | nobody → Huayu Ouyang (hlo323) |
| Lance Bragstad (lbragstad) wrote : | #4 |
Automatically unassigning due to inactivity.
| Changed in keystone: | |
| assignee: | Huayu Ouyang (hlo323) → nobody |
To post a comment you must log in.
The fernet keys should not be writable by the keystone user, typically by root (same as a certificate), therefore the log should likewise be separate to avoid breaking normal logging.
The use of syslog would easily solve this issue.