[Openstack-operators] logging for Keystone on user/project delete/create operations

gordon chung gord at live.ca
Thu Apr 16 14:58:14 UTC 2015 


_______________________________
> From: morgan.fainberg at gmail.com 
> Date: Thu, 16 Apr 2015 07:50:43 -0700 
> To: dstanek at dstanek.com 
> CC: openstack-operators at lists.openstack.org 
> Subject: Re: [Openstack-operators] logging for Keystone on user/project 
> delete/create operations 
> 
> 
> 
> On Apr 16, 2015, at 04:56, David Stanek 
> <dstanek at dstanek.com<mailto:dstanek at dstanek.com>> wrote: 
> 
> 
> 
> On Thu, Apr 16, 2015 at 1:10 AM, Miguel Angel Ajo Pelayo 
> <mangelajo at redhat.com<mailto:mangelajo at redhat.com>> wrote: 
> I’m not involved in the keystone project, but I’d recommend you to 
> start by filling a blueprint 
> asking for it, and explaining what you just said here: 
> 
> https://blueprints.launchpad.net/keystone 
> 
> Adding a blueprint for discussion would be a good idea if you think you 
> want a change to the project. 
> 
> 
> 
> I’d also try to contact Keystone PTL (I’m not sure who is the PTL). 
> 
> Morgan Fainberg is out PTL. 
> 
> 
> 
> Best regards, 
> Miguel Ángel 
> 
> On 16/4/2015, at 3:23, Matt Fischer 
> <matt at mattfischer.com<mailto:matt at mattfischer.com>> wrote: 
> 
> I'd like to have some better logging when certain CRUD operations 
> happen in Keystone, for example, when a project is deleted. I 
> specifically mean "any" when I say better since right now I'm not 
> seeing anything even when Verbose is enabled. 
> 
> This is pretty frustrating for me because these are rather important 
> events, certainly more important than my load balancers hitting 
> Keystone which it's happily logging twice a second. 
> 
> I know that Keystone supports some audit event notifications [1]. Can I 
> simply have these reflect back into the main logs somehow? 
> 
> It would be possible (and trivial) to add logging messages at the INFO 
> level, but I'm not sure that is what you really want. I don't know much 
> about the operational side at this point, but I'm hoping that there's a 
> way to consume the notification events and then write them to a log if 
> that's what you wish to do. 

Ceilometer listens to these notifications currently and it's possible to write them to a file rather than a database. a lot of this functionality was worked on in Kilo but there may be a way to support this in Juno and Icehouse (disclaimer: may require some patching and even more patching, respectively)

cheers,
gord

More information about the OpenStack-operators mailing list