[Openstack] [OpenStack] [nova] Is there any method to record the operation of a nova user

Matt Riedemann mriedem at linux.vnet.ibm.com
Sun Jun 29 13:52:10 UTC 2014



On 6/29/2014 8:41 AM, yangmin zhu wrote:
> Hi sylecn,
> Thank you for your information, I will then do more investigations
> about the notification system.
>
>
> Thank you!
> --
> zym
>
> On Fri, Jun 27, 2014 at 7:39 PM, sylecn <sylecn at gmail.com> wrote:
>>
>>
>>
>> On Fri, Jun 27, 2014 at 7:32 PM, sylecn <sylecn at gmail.com> wrote:
>>>
>>>
>>> On Fri, Jun 27, 2014 at 5:03 PM, yangmin zhu <zym0017d at gmail.com> wrote:
>>>>
>>>> Hi all,
>>>> I want to record a user's operation for later audit purpose. For
>>>> example, A user may start/reboot/shutdown a VM using nova command from
>>>> terminal or using the dashboard from browser.
>>>>
>>>> How can I record this action and it's result to a log file(or some
>>>> other database) for later check? And I also want to do this for user's
>>>> operations in cinder and nova-network, such as creating a volume or
>>>> assigning a floating ip to a VM.
>>>>
>>>> Is there any existing solution for this purpose? If not, where and how
>>>> should I start to do it myself by modifying the current nova's(or
>>>> cinder, nova-network) code?
>>>
>>>
>>> I think this can be done via a WSGI middleware. You can add WSGI
>>> middleware in
>>> paste deploy config file (api-paste.erb).  I see there is already a
>>> logrequest
>>> filter, you can check what it does and implement something similar.
>>>
>>> Another solution will be wrap openstack API with your API and only expose
>>> your
>>> API to user. This way you can do any logging you want. You can also log
>>> the
>>> result of the request.
>>>
>>> --
>>> Thanks,
>>> Yuanle
>>
>>
>>
>> I should also mention the notification system. I don't know which kind of
>> events are published to rabbitmq, but it may have enough information for
>> logging purpose.
>>
>> https://wiki.openstack.org/wiki/NotificationSystem
>>
>>
>> --
>> Thanks,
>> Yuanle
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>

Take a look at pycadf and the audit middleware:

http://docs.openstack.org/developer/pycadf/middleware.html

-- 

Thanks,

Matt Riedemann





More information about the Openstack mailing list