Open Stack

Kris G. Lindgren <klindgren at godaddy.com> wrote:

> Hello all,
>
> I noticed the otherday that in our Openstack install (Kilo) Neutron seems  
> to be the only project that was not logging the username/tenant  
> information on every wsgi request.  Nova/Glance/heat all log a username  
> and/or project on each request.  Our wsgi logs from neutron look like the  
> following:
>
> 2015-11-05 13:45:24.302 14549 INFO neutron.wsgi  
> [req-ab633261-da6d-4ac7-8a35-5d321a8b4a8f ] 10.224.48.132 - -  
> [05/Nov/2015 13:45:24]
> "GET /v2.0/networks.json?id=2d5fe344-4e98-4ccc-8c91-b8064d17c64c  
> HTTP/1.1" 200 655 0.027550
>
> I did a fair amount of digging and it seems that devstack is by default  
> overriding the context log format for neutron to add the username/tenant  
> information into the logs.  However, there is active work to remove this  
> override from devstack[1].  However, using the devstack way I was able to  
> true up our neutron wsgi logs to be inline with what other services are  
> providing.
>
> If you add:
> loggin_context_format_string = %(asctime)s.%(msecs)03d %(levelname)s  
> %(name)s [%(request_id)s %(user_name)s %(project_name)s]  
> %(instance)s%(message)s
>
> To the [DEFAULT] section of neutron.conf and restart neutron-server.  You  
> will now get log output like the following:
>
>  2015-11-05 18:07:31.033 INFO neutron.wsgi [req-ebf1d3c9-b556-48a7-b1fa-475dd9df0bf7 <redacted username> <redacted tenant>] 10.224.48.132 - - [05/Nov/2015 18:07:31]
> "GET /v2.0/networks.json?id=55e1b92a-a2a3-4d64-a2d8-4b0bee46f3bf  
> HTTP/1.1" 200 617 0.035515
>
> So go forth, check your logs, and before you need to use your logs to  
> debug who did what,when, and where.  Get the information that you need  
> added to the wsgi logs.  if you are not seeing wsgi logs for your  
> projects trying enabling verbose=true in the [DEFAULT] section as well.
>
> Adding [logs] tag since it would be nice to have all projects logging to  
> a standard wsgi format out of the gate.
>
> [1] - https://review.openstack.org/#/c/172510/2

Hi,

I started looking into the issue in Liberty cycle already. The reason why  
devstack messes with the config option for multiple projects is to replace  
user and project ids with their names. The fix we came up with oslo team is  
to add a new configuration option for oslo.log that would allow to request  
names without replacing the format string:  
https://review.openstack.org/#/c/218139/

Once it’s in, we will make devstack set it, but otherwise avoid messing  
with oslo.log config options. In that way, any updates for the format  
string in oslo.log will propagate to all services.

It seems that you suggest you use devstack for production though. I would  
like to note that it’s not designed for production but for developers only.  
You should generally use something more stable and more secure than  
devstack.

Ihar