|
 |
1b831e |
From eb5112dd597336b566378b3a157e76fe3cbbbfee Mon Sep 17 00:00:00 2001
|
|
|
1b831e |
From: Thore Sommer <mail@thson.de>
|
|
|
1b831e |
Date: Mon, 16 Jan 2023 07:26:08 -0300
|
|
|
1b831e |
Subject: [PATCH 3/3] logging: remove option to log into separate file
|
|
|
1b831e |
|
|
|
1b831e |
The implementation had the issue that only the main loggers were added and that
|
|
|
1b831e |
the permissions were not set strict enough. Users should use the logging
|
|
|
1b831e |
provided by systemd instead.
|
|
|
1b831e |
|
|
|
1b831e |
Signed-off-by: Thore Sommer <mail@thson.de>
|
|
|
1b831e |
---
|
|
|
1b831e |
keylime.conf | 10 ----------
|
|
|
1b831e |
keylime/keylime_logging.py | 31 ------------------------------
|
|
|
1b831e |
scripts/templates/2.0/registrar.j2 | 9 ---------
|
|
|
1b831e |
scripts/templates/2.0/verifier.j2 | 9 ---------
|
|
|
1b831e |
4 files changed, 59 deletions(-)
|
|
|
1b831e |
|
|
|
1b831e |
diff --git a/keylime.conf b/keylime.conf
|
|
|
1b831e |
index d896f9f..043b6a8 100644
|
|
|
1b831e |
--- a/keylime.conf
|
|
|
1b831e |
+++ b/keylime.conf
|
|
|
1b831e |
@@ -342,11 +342,6 @@ tomtou_errors = False
|
|
|
1b831e |
# signature check before storing them in the database.
|
|
|
1b831e |
require_allow_list_signatures = False
|
|
|
1b831e |
|
|
|
1b831e |
-# Destination for log output, in addition to console. Values can be 'file',
|
|
|
1b831e |
-# with the file being named after the "service" - cloud_verifier - created under
|
|
|
1b831e |
-# /var/log/keylime), 'stream' or it can be left empty (which results in
|
|
|
1b831e |
-# logging to console only, recommended when running inside a container)
|
|
|
1b831e |
-log_destination = file
|
|
|
1b831e |
|
|
|
1b831e |
#=============================================================================
|
|
|
1b831e |
[tenant]
|
|
|
1b831e |
@@ -595,11 +590,6 @@ auto_migrate_db = True
|
|
|
1b831e |
# The file to use for SQLite persistence of provider hypervisor data.
|
|
|
1b831e |
prov_db_filename = provider_reg_data.sqlite
|
|
|
1b831e |
|
|
|
1b831e |
-# Destination for log output, in addition to console. Values can be 'file',
|
|
|
1b831e |
-# with the file being named after the "service" - registrar - created under
|
|
|
1b831e |
-# /var/log/keylime), 'stream' or it can be left empty (which results in
|
|
|
1b831e |
-# logging to console only, recommended when running inside a container)
|
|
|
1b831e |
-log_destination = file
|
|
|
1b831e |
|
|
|
1b831e |
#=============================================================================
|
|
|
1b831e |
[ca]
|
|
|
1b831e |
diff --git a/keylime/keylime_logging.py b/keylime/keylime_logging.py
|
|
|
1b831e |
index bc8a11d..f7c7a8f 100644
|
|
|
1b831e |
--- a/keylime/keylime_logging.py
|
|
|
1b831e |
+++ b/keylime/keylime_logging.py
|
|
|
1b831e |
@@ -1,17 +1,10 @@
|
|
|
1b831e |
import logging
|
|
|
1b831e |
-import os
|
|
|
1b831e |
from logging import Logger
|
|
|
1b831e |
from logging import config as logging_config
|
|
|
1b831e |
from typing import Any, Callable, Dict
|
|
|
1b831e |
|
|
|
1b831e |
from keylime import config
|
|
|
1b831e |
|
|
|
1b831e |
-LOG_TO_FILE = set()
|
|
|
1b831e |
-LOG_TO_STREAM = set()
|
|
|
1b831e |
-LOGDIR = os.getenv("KEYLIME_LOGDIR", "/var/log/keylime")
|
|
|
1b831e |
-# not clear that this works right. console logging may not work
|
|
|
1b831e |
-LOGSTREAM = os.path.join(LOGDIR, "keylime-stream.log")
|
|
|
1b831e |
-
|
|
|
1b831e |
logging_config.fileConfig(config.get_config("logging"))
|
|
|
1b831e |
|
|
|
1b831e |
|
|
|
1b831e |
@@ -50,31 +43,7 @@ def log_http_response(logger: Logger, loglevel: int, response_body: Dict[str, An
|
|
|
1b831e |
|
|
|
1b831e |
|
|
|
1b831e |
def init_logging(loggername: str) -> Logger:
|
|
|
1b831e |
-
|
|
|
1b831e |
- if loggername in ("verifier", "registrar"):
|
|
|
1b831e |
- logdest = config.get(loggername, "log_destination", fallback="")
|
|
|
1b831e |
- if logdest == "file":
|
|
|
1b831e |
- LOG_TO_FILE.add(loggername)
|
|
|
1b831e |
- if logdest == "stream":
|
|
|
1b831e |
- LOG_TO_STREAM.add(loggername)
|
|
|
1b831e |
-
|
|
|
1b831e |
logger = logging.getLogger(f"keylime.{loggername}")
|
|
|
1b831e |
logging.getLogger("requests").setLevel(logging.WARNING)
|
|
|
1b831e |
- mainlogger = logging.getLogger("keylime")
|
|
|
1b831e |
- basic_formatter = logging.Formatter("%(asctime)s %(name)s %(levelname)s %(message)s")
|
|
|
1b831e |
- if loggername in LOG_TO_FILE:
|
|
|
1b831e |
- logfilename = os.path.join(LOGDIR, f"{loggername}.log")
|
|
|
1b831e |
- if not os.path.exists(LOGDIR):
|
|
|
1b831e |
- os.makedirs(LOGDIR, 0o750)
|
|
|
1b831e |
- fh = logging.FileHandler(logfilename)
|
|
|
1b831e |
- fh.setLevel(logger.getEffectiveLevel())
|
|
|
1b831e |
- fh.setFormatter(basic_formatter)
|
|
|
1b831e |
- mainlogger.addHandler(fh)
|
|
|
1b831e |
-
|
|
|
1b831e |
- if loggername in LOG_TO_STREAM:
|
|
|
1b831e |
- fh = logging.FileHandler(filename=LOGSTREAM, mode="w")
|
|
|
1b831e |
- fh.setLevel(logger.getEffectiveLevel())
|
|
|
1b831e |
- fh.setFormatter(basic_formatter)
|
|
|
1b831e |
- mainlogger.addHandler(fh)
|
|
|
1b831e |
|
|
|
1b831e |
return logger
|
|
|
1b831e |
diff --git a/scripts/templates/2.0/registrar.j2 b/scripts/templates/2.0/registrar.j2
|
|
|
1b831e |
index 3d92303..8de7a50 100644
|
|
|
1b831e |
--- a/scripts/templates/2.0/registrar.j2
|
|
|
1b831e |
+++ b/scripts/templates/2.0/registrar.j2
|
|
|
1b831e |
@@ -71,12 +71,3 @@ auto_migrate_db = {{ registrar.auto_migrate_db }}
|
|
|
1b831e |
|
|
|
1b831e |
# The file to use for SQLite persistence of provider hypervisor data.
|
|
|
1b831e |
prov_db_filename: {{ registrar.prov_db_filename }}
|
|
|
1b831e |
-
|
|
|
1b831e |
-# Destination for log output, in addition to console. If left empty, the log
|
|
|
1b831e |
-# output will only be printed to console (recommended for containers to avoid
|
|
|
1b831e |
-# filling data storage). The accepted values are:
|
|
|
1b831e |
-# 'file': The log output will also be written to a file named after the
|
|
|
1b831e |
-# component in '/var/log/keylime/registrar.log'
|
|
|
1b831e |
-# 'stream': The log output will be written to a common file in
|
|
|
1b831e |
-# 'var/log/keylime/keylime-stream.log'
|
|
|
1b831e |
-log_destination = {{ registrar.log_destination }}
|
|
|
1b831e |
diff --git a/scripts/templates/2.0/verifier.j2 b/scripts/templates/2.0/verifier.j2
|
|
|
1b831e |
index d1584df..7a66cb1 100644
|
|
|
1b831e |
--- a/scripts/templates/2.0/verifier.j2
|
|
|
1b831e |
+++ b/scripts/templates/2.0/verifier.j2
|
|
|
1b831e |
@@ -196,12 +196,3 @@ zmq_port = {{ verifier.zmq_port }}
|
|
|
1b831e |
|
|
|
1b831e |
# Webhook url for revocation notifications.
|
|
|
1b831e |
webhook_url = {{ verifier.webhook_url }}
|
|
|
1b831e |
-
|
|
|
1b831e |
-# Destination for log output, in addition to console. If left empty, the log
|
|
|
1b831e |
-# output will only be printed to console (recommended for containers to avoid
|
|
|
1b831e |
-# filling data storage). The accepted values are:
|
|
|
1b831e |
-# 'file': The log output will also be written to a file named after the
|
|
|
1b831e |
-# component in '/var/log/keylime/verifier.log'
|
|
|
1b831e |
-# 'stream': The log output will be written to a common file in
|
|
|
1b831e |
-# 'var/log/keylime/keylime-stream.log'
|
|
|
1b831e |
-log_destination = {{ verifier.log_destination }}
|
|
|
1b831e |
--
|
|
|
1b831e |
2.38.1
|
|
|
1b831e |
|