The fernet keys should not be writable by the keystone user, typically
by root (same as a certificate), therefore the log should likewise be
separate to avoid breaking normal logging.
The use of syslog would easily solve this issue.
** Tags added: fernet logging low-hanging-fruit
** Changed in: keystone
Status: New => Triaged
** Changed in: keystone
Importance: Undecided => Medium
** Also affects: keystone/newton
Importance: Medium
Status: Triaged
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1570463
Title:
RFE: keystone-manage CLI to allow using syslog & specific log files
Status in OpenStack Identity (keystone):
Triaged
Status in OpenStack Identity (keystone) newton series:
Triaged
Bug description:
Currently, keystone-manage CLI tool will by default write in
$log_dir/$log_file, which is most of the case /var/log/keystone.log.
Some actions (like fernet keys generations) are dynamic, and having
them in a separated logfile would be a nice feature for operators.
Also supporting syslog would be very helpful for production
deployments.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1570463/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
