keystonemiddleware

audit middleware indiscriminately using oslo_messaging based on package installation

Bug #1695038 reported by Guang Yee
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
keystonemiddleware
Fix Released
Medium
Stefan Nica

Bug Description

We can't use audit middleware with services like Swift, which have no dependency on Oslo and does not work well with oslo_log. Swift uses rsyslog. Currently, audit middleware indiscriminately chooses oslo_messaging if the package is installed. This is problematic if Swift proxy is on the same controller as any service which consumes oslo_messaging. Therefore, we need a configurable parameter to enable/disable the use of oslo_messaging.

Guang Yee (guang-yee)
Changed in keystonemiddleware:
assignee: nobody → Guang Yee (guang-yee)
Revision history for this message
Lance Bragstad (lbragstad) wrote :

I assume the default for this parameter will continue to operate as it does today? Other services not wishing to use oslo_messaging can toggle as needed then?

Changed in keystonemiddleware:
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystonemiddleware (master)

Fix proposed to branch: master
Review: https://review.openstack.org/545943

Changed in keystonemiddleware:
assignee: Guang Yee (guang-yee) → Stefan Nica (stefan.nica)
status: Triaged → In Progress
Revision history for this message
Stefan Nica (stefan.nica) wrote :

An alternative solution is to add a 'logger_name' oslo.messaging configuration option, to be consumed by its log notifier driver. When used with swift, the 'logger_name' option would be set to the name of the logger configured by the swift service, i.e. the logger that uses rsyslog.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystonemiddleware (master)

Reviewed: https://review.openstack.org/545943
Committed: https://git.openstack.org/cgit/openstack/keystonemiddleware/commit/?id=e83bd0bc3c7973e45b677c1c7007770e3f4873b4
Submitter: Zuul
Branch: master

commit e83bd0bc3c7973e45b677c1c7007770e3f4873b4
Author: Stefan Nica <email address hidden>
Date: Mon Feb 19 19:07:42 2018 +0100

    Add option to disable using oslo_message notifier

    Add a configuration option, 'use_oslo_messaging', to indicate whether
    to use oslo_messaging notifier. It is set to true for backwards
    compatibility.
    We can't use audit middleware with services like Swift, which have no
    dependency on Oslo and does not work well with oslo_log. Swift uses rsyslog.
    Currently, audit middleware indiscriminately chooses oslo_messaging if the
    package is installed. This is problematic if Swift proxy is on the same
    controller as any service which consumes oslo_messaging. With this new option,
    Swift can now safely consume audit middleware by electing to use local
    log notifier instead of oslo_messaging.

    Change-Id: I87bf857c20e4b78e97d40dcc51a1b4ff0014abb2
    Closes-Bug: #1695038

Changed in keystonemiddleware:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystonemiddleware (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/546263

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystonemiddleware (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/546264

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystonemiddleware 5.0.0

This issue was fixed in the openstack/keystonemiddleware 5.0.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystonemiddleware (stable/queens)

Reviewed: https://review.openstack.org/546263
Committed: https://git.openstack.org/cgit/openstack/keystonemiddleware/commit/?id=b8f34e9543841b1ec3c6607141d7e531070274a9
Submitter: Zuul
Branch: stable/queens

commit b8f34e9543841b1ec3c6607141d7e531070274a9
Author: Stefan Nica <email address hidden>
Date: Mon Feb 19 19:07:42 2018 +0100

    Add option to disable using oslo_message notifier

    Add a configuration option, 'use_oslo_messaging', to indicate whether
    to use oslo_messaging notifier. It is set to true for backwards
    compatibility.
    We can't use audit middleware with services like Swift, which have no
    dependency on Oslo and does not work well with oslo_log. Swift uses rsyslog.
    Currently, audit middleware indiscriminately chooses oslo_messaging if the
    package is installed. This is problematic if Swift proxy is on the same
    controller as any service which consumes oslo_messaging. With this new option,
    Swift can now safely consume audit middleware by electing to use local
    log notifier instead of oslo_messaging.

    Change-Id: I87bf857c20e4b78e97d40dcc51a1b4ff0014abb2
    Closes-Bug: #1695038
    (cherry picked from commit e83bd0bc3c7973e45b677c1c7007770e3f4873b4)

tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystonemiddleware (stable/pike)

Reviewed: https://review.openstack.org/546264
Committed: https://git.openstack.org/cgit/openstack/keystonemiddleware/commit/?id=7ef56ff2a9146e7e8135646160fef3249a81cd5d
Submitter: Zuul
Branch: stable/pike

commit 7ef56ff2a9146e7e8135646160fef3249a81cd5d
Author: Stefan Nica <email address hidden>
Date: Mon Feb 19 19:07:42 2018 +0100

    Add option to disable using oslo_message notifier

    Add a configuration option, 'use_oslo_messaging', to indicate whether
    to use oslo_messaging notifier. It is set to true for backwards
    compatibility.
    We can't use audit middleware with services like Swift, which have no
    dependency on Oslo and does not work well with oslo_log. Swift uses rsyslog.
    Currently, audit middleware indiscriminately chooses oslo_messaging if the
    package is installed. This is problematic if Swift proxy is on the same
    controller as any service which consumes oslo_messaging. With this new option,
    Swift can now safely consume audit middleware by electing to use local
    log notifier instead of oslo_messaging.

    Change-Id: I87bf857c20e4b78e97d40dcc51a1b4ff0014abb2
    Closes-Bug: #1695038
    (cherry picked from commit e83bd0bc3c7973e45b677c1c7007770e3f4873b4)

tags: added: in-stable-pike
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystonemiddleware 4.17.1

This issue was fixed in the openstack/keystonemiddleware 4.17.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystonemiddleware 4.22.0

This issue was fixed in the openstack/keystonemiddleware 4.22.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.