[Openstack-operators] logging for Keystone on user/project delete/create operations
gord at live.ca
Thu Apr 16 18:25:10 UTC 2015
> Standing up Ceilometer (and patching things) just to be able to log
> this stuff to a file seems rather... heavy handed? We understand that
> these things are emitted via notifications, but as of right now trying
> to do anything with those notifications such as simply logging them
> requires too much additional infrastructure.
agreed. it's really dependent on what your use case is... just pointing out an option to the statement: "hoping that there's a way to consume the notification events and then write them to a log". if you're just looking to track operations of a single keystone service, then you probably don't want notifications. if you're looking to collate them against various other things then you'll need some service/tool to either listen to notifications or grab/process logs from multiple places.
>> From: morgan.fainberg at gmail.com<mailto:morgan.fainberg at gmail.com>
>> Date: Thu, 16 Apr 2015 07:50:43 -0700
>> To: dstanek at dstanek.com<mailto:dstanek at dstanek.com>
> openstack-operators at lists.openstack.org<mailto:openstack-operators at lists.openstack.org>
>> Subject: Re: [Openstack-operators] logging for Keystone on user/project
>> delete/create operations
>> On Apr 16, 2015, at 04:56, David Stanek
> <dstanek at dstanek.com<mailto:dstanek at dstanek.com><mailto:dstanek at dstanek.com<mailto:dstanek at dstanek.com>>>
>> On Thu, Apr 16, 2015 at 1:10 AM, Miguel Angel Ajo Pelayo
> <mangelajo at redhat.com<mailto:mangelajo at redhat.com><mailto:mangelajo at redhat.com<mailto:mangelajo at redhat.com>>>
>> I’m not involved in the keystone project, but I’d recommend you to
>> start by filling a blueprint
>> asking for it, and explaining what you just said here:
>> Adding a blueprint for discussion would be a good idea if you think you
>> want a change to the project.
>> I’d also try to contact Keystone PTL (I’m not sure who is the PTL).
>> Morgan Fainberg is out PTL.
>> Best regards,
>> Miguel Ángel
>> On 16/4/2015, at 3:23, Matt Fischer
> <matt at mattfischer.com<mailto:matt at mattfischer.com><mailto:matt at mattfischer.com<mailto:matt at mattfischer.com>>>
>> I'd like to have some better logging when certain CRUD operations
>> happen in Keystone, for example, when a project is deleted. I
>> specifically mean "any" when I say better since right now I'm not
>> seeing anything even when Verbose is enabled.
>> This is pretty frustrating for me because these are rather important
>> events, certainly more important than my load balancers hitting
>> Keystone which it's happily logging twice a second.
>> I know that Keystone supports some audit event notifications . Can I
>> simply have these reflect back into the main logs somehow?
>> It would be possible (and trivial) to add logging messages at the INFO
>> level, but I'm not sure that is what you really want. I don't know much
>> about the operational side at this point, but I'm hoping that there's a
>> way to consume the notification events and then write them to a log if
>> that's what you wish to do.
> Ceilometer listens to these notifications currently and it's possible
> to write them to a file rather than a database. a lot of this
> functionality was worked on in Kilo but there may be a way to support
> this in Juno and Icehouse (disclaimer: may require some patching and
> even more patching, respectively)
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org<mailto:OpenStack-operators at lists.openstack.org>
> _______________________________________________ OpenStack-operators
> mailing list OpenStack-operators at lists.openstack.org
More information about the OpenStack-operators