starlingx
/
ha
Code Issues Proposed changes

Update barbican OCF scripts to enhance logging 

This commit updates the barbican OCF scripts to address
logging issues:
- barbican-api is updated to set permissions on the logfile
  to restrict access
- barbican-keystone-listener and barbican-worker are updated
  to log via syslog

Depends-On: I31b29bb8ffff28cd329b383704b88cf73199bcec
Change-Id: I814d35ca3e55fbfb9e0a462f3f05ff2db6a9cca5
Partial-Bug: 1836632
Signed-off-by: Don Penney <don.penney@windriver.com>
This commit is contained in:
Don Penney 2019-07-17 11:49:42 -04:00 committed by Scott Little
parent 9de51a38bc
commit e544061f67
4 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
stx-ocf-scripts/centos/build_srpm.data
View File

@ -1,2 +1,2 @@
SRC_DIR="$PKG_BASE/src"
TIS_PATCH_VER=2
TIS_PATCH_VER=3

2
stx-ocf-scripts/src/ocf/barbican-api
View File

@ -249,6 +249,8 @@ barbican_api_start() {
chown barbican:barbican /run/barbican
/bin/python /usr/bin/gunicorn --pid $OCF_RESKEY_pid --config /etc/barbican/gunicorn-config.py \
--paste /etc/barbican/barbican-api-paste.ini >> /var/log/barbican/barbican-api.log 2>&1 &
# Restrict access to logfile
chmod 640 /var/log/barbican/barbican-api.log
# Spin waiting for the server to come up.
while true; do

3
stx-ocf-scripts/src/ocf/barbican-keystone-listener
View File

@ -194,8 +194,7 @@ barbican_keystone_listener_start() {
# run the actual barbican-keystone-listener daemon. Don't use ocf_run as we're sending the
# tool's output straight to /dev/null anyway and using ocf_run would break stdout-redirection here.
su ${OCF_RESKEY_user} -s /bin/sh -c "${OCF_RESKEY_binary} --logfile \
/var/log/barbican/barbican-keystone-listener.log"' >> /dev/null 2>&1 & echo $!' > $OCF_RESKEY_pid
su ${OCF_RESKEY_user} -s /bin/sh -c "${OCF_RESKEY_binary}"' >> /dev/null 2>&1 & echo $!' > $OCF_RESKEY_pid
# Spin waiting for the server to come up.
while true; do

3
stx-ocf-scripts/src/ocf/barbican-worker
View File

@ -181,8 +181,7 @@ barbican_worker_start() {
# run the actual barbican-worker daemon. Don't use ocf_run as we're sending the tool's output
# straight to /dev/null anyway and using ocf_run would break stdout-redirection here.
su ${OCF_RESKEY_user} -s /bin/sh -c "${OCF_RESKEY_binary} \
--logfile /var/log/barbican/barbican-worker.log"' >> /dev/null 2>&1 & echo $!' > $OCF_RESKEY_pid
su ${OCF_RESKEY_user} -s /bin/sh -c "${OCF_RESKEY_binary}"' >> /dev/null 2>&1 & echo $!' > $OCF_RESKEY_pid
# Spin waiting for the server to come up.
while true; do