Reduce log level of Fernet key count message

This reduces the log level of the fairly repetitive message regarding the number of Fernet keys on disk, and also adds a suggestion into the message itself about how the message can be resolved (hint: start rotating your keys!). Change-Id: Id35f781c7b34463c324a867c6a781572f4144311 Closes-Bug: 1615111
2016-08-24 14:58:49 +00:00 · 2016-08-24 14:58:49 +00:00 · 6bde3f3ac2
parent be7307b20b
commit 6bde3f3ac2
1 changed files with 7 additions and 8 deletions
--- a/keystone/common/fernet_utils.py
+++ b/keystone/common/fernet_utils.py
@ -255,14 +255,13 @@ class FernetUtils(object):
                        keys[key_id] = key_file.read()

        if len(keys) != self.max_active_keys:
-            # If there haven't been enough key rotations to reach
-            # max_active_keys, or if the configured value of max_active_keys
-            # has changed since the last rotation, then reporting the
-            # discrepancy might be useful. Once the number of keys matches
-            # max_active_keys, this log entry is too repetitive to be useful.
-            LOG.info(_LI(
-                'Loaded %(count)d encryption keys (max_active_keys=%(max)d) '
-                'from: %(dir)s'), {
+            # Once the number of keys matches max_active_keys, this log entry
+            # is too repetitive to be useful.
+            LOG.debug(
+                'Loaded %(count)d Fernet keys from %(dir)s, but '
+                '`[fernet_tokens] max_active_keys = %(max)d`; perhaps there '
+                'have not been enough key rotations to reach '
+                '`max_active_keys` yet?', {
                    'count': len(keys),
                    'max': self.max_active_keys,
                    'dir': self.key_repository})