Stop Logging Amphora Cert

Stop logging amphora cert for tasks:

octavia-failover-amphora-flow- \
octavia-create-amp-for-lb-subflow-octavia-generate-serverpem

And:
octavia-create-amp-for-lb-subflow-octavia-update-cert-expiration

This patch adds more exclusions to taskflow DynamicLoggingListener,
which logs task results when running in debug mode.

Failing Over a loadbalancer (SINGLE):
Before: http://paste.openstack.org/show/C0ghBQCXBv6YXqR4YRUY/
After:  http://paste.openstack.org/show/S4bezDTre4KU4oeQDrsF/

Failing Over a loadbalancer (ACTIVE_STANDBY):
Before: http://paste.openstack.org/show/u9aQGvE64evYuYbcWvF4/
After:  http://paste.openstack.org/show/BlJEqGYpHaZYu3LBww3g/

While writing this patch, I also tested for:
1. loadbalancer create with SINGLE topology.
2. loadbalancer create with ACTIVE_STANDBY topology.
3. loadbalancer amphora failover with SINGLE topology.
4. loadbalancer amphora failover with ACTIVE_STANDBY topology.

I didn't notice any cert prints for those cases.

I was not able to trigger the above-mentioned
octavia-update-cert-expiration, but we have a clear indication for
it in a log screenshot that I attached to the StoryBoard.

Story: 2004606
Task: 28503

Change-Id: I136081045787c1bbe3ee846d5845a34201c57864
This commit is contained in:
Nir Magnezi 2018-12-13 11:34:40 +02:00
parent 100efebde0
commit 7e8ece9474
2 changed files with 13 additions and 1 deletions

View File

@ -80,7 +80,12 @@ class ControllerWorker(base_taskflow.BaseTaskFlowEngine):
constants.ROLE_MASTER + '-' + constants.ROLE_MASTER + '-' +
constants.CREATE_AMP_FOR_LB_SUBFLOW + '-' + constants.CREATE_AMP_FOR_LB_SUBFLOW + '-' +
constants.GENERATE_SERVER_PEM, constants.GENERATE_SERVER_PEM,
constants.GENERATE_SERVER_PEM_TASK) constants.GENERATE_SERVER_PEM_TASK,
constants.FAILOVER_AMPHORA_FLOW + '-' +
constants.CREATE_AMP_FOR_LB_SUBFLOW + '-' +
constants.GENERATE_SERVER_PEM,
constants.CREATE_AMP_FOR_LB_SUBFLOW + '-' +
constants.UPDATE_CERT_EXPIRATION)
super(ControllerWorker, self).__init__() super(ControllerWorker, self).__init__()

View File

@ -0,0 +1,7 @@
---
security:
- |
Fixed a debug level logging of Amphora certificates for flows
such as 'octavia-create-amp-for-lb-subflow-octavia-generate-serverpem'
(triggered with loadbalancer failover) and
'octavia-create-amp-for-lb-subflow-octavia-update-cert-expiration'.