[GitHub] [cloudstack] saffronjam opened a new issue, #7830: Weird warnings and info polluting the management server's logs

[via GitHub]

saffronjam opened a new issue, #7830:
URL: https://github.com/apache/cloudstack/issues/7830

   ##### ISSUE TYPE
    * Improvement Request
   
   ##### COMPONENT NAME
   ~~~
   Logging system
   ~~~
   
   ##### CLOUDSTACK VERSION
   ~~~
   4.18
   ~~~
   
   ##### CONFIGURATION
   N/A
   
   ##### OS / ENVIRONMENT
   N/A
   
   
   ##### SUMMARY
   Looking in the management server's logs it appears the listVirtualMachines 
API call generates a warning+info entry about the project parameter being null.
   
   This is coming from Kubernetes clusters, as the user is **emil-kubeadmin**, 
the auto-created user when creating a cluster in CloudStack.
   
   ```
   Aug 06 02:46:11 se-flem-001 java[4174]: WARN  
[o.a.c.a.ProjectRoleBasedApiAccessChecker] (qtp1278852808-7561:ctx-ead88a99 
ctx-b8ca619d) (logid:eaa335b5) Project is null, 
ProjectRoleBasedApiAccessChecker only applies to projects, returning API 
[listVirtualMachines] for user [User 
{"username":"emil-kubeadmin","uuid":"c559eccf-8dcc-4f11-8595-8abd42388cc9"}.] 
as allowed.
   Aug 06 02:46:11 se-flem-001 java[4174]: INFO  
[o.a.c.a.DynamicRoleBasedAPIAccessChecker] (qtp1278852808-7566:ctx-97cc0a64 
ctx-95d9b835) (logid:262fb357) Account [Account 
[{"accountName":"emil","id":5,"uuid":"2730114f-a25b-4041-a68b-d724e4e20cd4"}]] 
is Root Admin or Domain Admin, all APIs are allowed.
   Aug 06 02:46:11 se-flem-001 java[4174]: WARN  
[o.a.c.a.ProjectRoleBasedApiAccessChecker] (qtp1278852808-7566:ctx-97cc0a64 
ctx-95d9b835) (logid:262fb357) Project is null, 
ProjectRoleBasedApiAccessChecker only applies to projects, returning API 
[listVirtualMachines] for user [User 
{"username":"emil-kubeadmin","uuid":"6d383287-f385-4a63-8c45-90fdbe4dc6c6"}.] 
as allowed.
   Aug 06 02:46:11 se-flem-001 java[4174]: INFO  
[o.a.c.a.DynamicRoleBasedAPIAccessChecker] (qtp1278852808-7590:ctx-0ddf9ae8 
ctx-6f45c0ee) (logid:74f0ac52) Account [Account 
[{"accountName":"emil","id":5,"uuid":"2730114f-a25b-4041-a68b-d724e4e20cd4"}]] 
is Root Admin or Domain Admin, all APIs are allowed.
   Aug 06 02:46:11 se-flem-001 java[4174]: WARN  
[o.a.c.a.ProjectRoleBasedApiAccessChecker] (qtp1278852808-7590:ctx-0ddf9ae8 
ctx-6f45c0ee) (logid:74f0ac52) Project is null, 
ProjectRoleBasedApiAccessChecker only applies to projects, returning API 
[listVirtualMachines] for user [User 
{"username":"emil-kubeadmin","uuid":"803440a7-18ab-4c30-a1c2-199b225110f0"}.] 
as allowed.
   Aug 06 02:46:11 se-flem-001 java[4174]: INFO  
[o.a.c.a.DynamicRoleBasedAPIAccessChecker] (qtp1278852808-7689:ctx-c0d606b1 
ctx-812ebe8e) (logid:e733f0fd) Account [Account 
[{"accountName":"emil","id":5,"uuid":"2730114f-a25b-4041-a68b-d724e4e20cd4"}]] 
is Root Admin or Domain Admin, all APIs are allowed.
   Aug 06 02:46:11 se-flem-001 java[4174]: WARN  
[o.a.c.a.ProjectRoleBasedApiAccessChecker] (qtp1278852808-7689:ctx-c0d606b1 
ctx-812ebe8e) (logid:e733f0fd) Project is null, 
ProjectRoleBasedApiAccessChecker only applies to projects, returning API 
[listVirtualMachines] for user [User 
{"username":"emil-kubeadmin","uuid":"a3aec7d9-a6a0-46f6-b73d-2c8fbd5d88f5"}.] 
as allowed.
   Aug 06 02:46:11 se-flem-001 java[4174]: INFO  
[o.a.c.a.DynamicRoleBasedAPIAccessChecker] (qtp1278852808-7694:ctx-454dea10 
ctx-9bb15dc4) (logid:607fafbe) Account [Account 
[{"accountName":"emil","id":5,"uuid":"2730114f-a25b-4041-a68b-d724e4e20cd4"}]] 
is Root Admin or Domain Admin, all APIs are allowed.
   Aug 06 02:46:11 se-flem-001 java[4174]: WARN  
[o.a.c.a.ProjectRoleBasedApiAccessChecker] (qtp1278852808-7694:ctx-454dea10 
ctx-9bb15dc4) (logid:607fafbe) Project is null, 
ProjectRoleBasedApiAccessChecker only applies to projects, returning API 
[listVirtualMachines] for user [User 
{"username":"emil-kubeadmin","uuid":"cc887c3c-313b-4616-8b2d-97169efa5753"}.] 
as allowed.
   Aug 06 02:46:11 se-flem-001 java[4174]: INFO  
[o.a.c.a.DynamicRoleBasedAPIAccessChecker] (qtp1278852808-7682:ctx-9032cb85 
ctx-dabc21b9) (logid:41be6de6) Account [Account 
[{"accountName":"emil","id":5,"uuid":"2730114f-a25b-4041-a68b-d724e4e20cd4"}]] 
is Root Admin or Domain Admin, all APIs are allowed.
   Aug 06 02:46:11 se-flem-001 java[4174]: WARN  
[o.a.c.a.ProjectRoleBasedApiAccessChecker] (qtp1278852808-7682:ctx-9032cb85 
ctx-dabc21b9) (logid:41be6de6) Project is null, 
ProjectRoleBasedApiAccessChecker only applies to projects, returning API 
[listVirtualMachines] for user [User 
{"username":"emil-kubeadmin","uuid":"7a7514b8-d7ab-4365-8c16-56b05a5df2b6"}.] 
as allowed.
   Aug 06 02:46:11 se-flem-001 java[4174]: INFO  
[o.a.c.a.DynamicRoleBasedAPIAccessChecker] (qtp1278852808-7709:ctx-0427499f 
ctx-3a0dfb86) (logid:fd469c63) Account [Account 
[{"accountName":"emil","id":5,"uuid":"2730114f-a25b-4041-a68b-d724e4e20cd4"}]] 
is Root Admin or Domain Admin, all APIs are allowed.
   ```
   
   Judging by the timestamps here, you can see they come pretty frequently.
   
   So it appears that, when the Kubernetes operator is trying to fetch VM 
information in CloudStack it is either missing a parameter in the API-call that 
generate the warning + info entry in  the management server's logs, or the 
management server API incorrectly treat the API-call. 
    
   Since it is a warning it should probably not be just filtered away, but 
handled in the code somewhere. 
   
   ##### STEPS TO REPRODUCE
   ~~~
   1. Create a Kubernetes cluster
   2. Check the management server logs
   ~~~
   ##### EXPECTED RESULTS
   ~~~
   Clean logs
   ~~~
   
   ##### ACTUAL RESULTS
   ~~~
   Polluted logs
   ~~~
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org