RFE: keystone-manage CLI to allow using syslog & specific log files
Bug #1570463 reported by
Emilien Macchi
on 2016-04-14
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Medium
|
Maram El-Salamouny |
Bug Description
Currently, keystone-manage CLI tool will by default write in $log_dir/$log_file, which is most of the case /var/log/
Some actions (like fernet keys generations) are dynamic, and having them in a separated logfile would be a nice feature for operators. Also supporting syslog would be very helpful for production deployments.
Morgan Fainberg (mdrnstm) wrote : | #1 |
tags: | added: fernet logging low-hanging-fruit |
Changed in keystone: | |
status: | New → Triaged |
importance: | Undecided → Medium |
Steve Martinelli (stevemar) wrote : | #2 |
unassigning due to inactivity
Steve Martinelli (stevemar)
on 2016-09-16
no longer affects: | keystone/newton |
Annapoornima Koppad (annakoppad)
on 2016-09-28
Changed in keystone: | |
assignee: | nobody → Annapoornima Koppad (annakoppad) |
David Stanek (dstanek) wrote : | #3 |
Unassigned due to inactivity.
Changed in keystone: | |
assignee: | Annapoornima Koppad (annakoppad) → nobody |
Richard (csravelar)
on 2017-01-23
Changed in keystone: | |
assignee: | nobody → Anthony Washington (anthony-washington) |
Anthony Washington (anthony-washington)
on 2017-02-01
Changed in keystone: | |
assignee: | Anthony Washington (anthony-washington) → nobody |
Huayu Ouyang (hlo323)
on 2017-03-27
Changed in keystone: | |
assignee: | nobody → Huayu Ouyang (hlo323) |
Lance Bragstad (lbragstad) wrote : | #4 |
Automatically unassigning due to inactivity.
Changed in keystone: | |
assignee: | Huayu Ouyang (hlo323) → nobody |
Maram El-Salamouny (maramelsalamouny)
on 2018-10-21
Changed in keystone: | |
assignee: | nobody → Maram El-Salamouny (maramelsalamouny) |
Colleen Murphy (krinkle) wrote : | #5 |
Is this not already handled? There is a --use-syslog option and a --log-file option for keystone-manage: https:/
Changed in keystone: | |
status: | Triaged → Incomplete |
tags: | removed: low-hanging-fruit |
To post a comment you must log in.
The fernet keys should not be writable by the keystone user, typically by root (same as a certificate), therefore the log should likewise be separate to avoid breaking normal logging.
The use of syslog would easily solve this issue.