proxy: Remove accesslog option

L7 flow logging has been supported via Hubble for a while. The file logging is no longer required. Signed-off-by: Thomas Graf <thomas@cilium.io>
cilium · Feb 29, 2020 · bf1527e · bf1527e
1 parent ad223e8
commit bf1527e
Show file tree

Hide file tree

Showing 8 changed files with 5 additions and 71 deletions.
diff --git a/Documentation/cmdref/cilium-agent.md b/Documentation/cmdref/cilium-agent.md
@@ -15,7 +15,6 @@ cilium-agent [flags]
 ### Options
 
 ```
-      --access-log string                                     Path to access log of supported L7 requests observed
       --agent-labels strings                                  Additional labels to identify this agent
       --allow-icmp-frag-needed                                Allow ICMP Fragmentation Needed type packets for purposes like TCP Path MTU. (default true)
       --allow-localhost string                                Policy when to allow local stack to reach local endpoints { auto | always | policy } (default "auto")

diff --git a/Documentation/install/upgrade.rst b/Documentation/install/upgrade.rst
@@ -327,6 +327,9 @@ Deprecated options
   assets not being compiled into the cilium-agent binary anymore. The option is
   deprecated and will be removed in Cilium 1.9.
 
+* ``accesslog``: L7 access logs have been available since Cilium 1.6. The
+  ``accesslog`` option to log to a file has been removed.
+
 Deprecated cilium-operator options
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

diff --git a/daemon/daemon.go b/daemon/daemon.go
@@ -423,7 +423,7 @@ func NewDaemon(ctx context.Context, dp datapath.Datapath) (*Daemon, *endpointRes
 	// FIXME: Make the port range configurable.
 	if option.Config.EnableL7Proxy {
 		d.l7Proxy = proxy.StartProxySupport(10000, 20000, option.Config.RunDir,
-			option.Config.AccessLog, &d, option.Config.AgentLabels, d.datapath, d.endpointManager)
+			&d, option.Config.AgentLabels, d.datapath, d.endpointManager)
 	} else {
 		log.Info("L7 proxies are disabled")
 	}

diff --git a/daemon/daemon_main.go b/daemon/daemon_main.go
@@ -194,9 +194,6 @@ func init() {
 	})
 
 	// Env bindings
-	flags.String(option.AccessLog, "", "Path to access log of supported L7 requests observed")
-	option.BindEnv(option.AccessLog)
-
 	flags.StringSlice(option.AgentLabels, []string{}, "Additional labels to identify this agent")
 	option.BindEnv(option.AgentLabels)
 

diff --git a/daemon/daemon_test.go b/daemon/daemon_test.go
@@ -75,7 +75,6 @@ func setupTestDirectories() {
 	option.Config.Device = "undefined"
 	option.Config.RunDir = tempRunDir
 	option.Config.StateDir = tempRunDir
-	option.Config.AccessLog = filepath.Join(tempRunDir, "cilium-access.log")
 }
 
 func TestMain(m *testing.M) {

diff --git a/pkg/option/config.go b/pkg/option/config.go
@@ -48,9 +48,6 @@ var (
 )
 
 const (
-	// AccessLog is the path to access log of supported L7 requests observed
-	AccessLog = "access-log"
-
 	// AgentLabels are additional labels to identify this agent
 	AgentLabels = "agent-labels"
 
@@ -962,9 +959,6 @@ type DaemonConfig struct {
 	// Monitor contains the configuration for the node monitor.
 	Monitor *models.MonitorStatus
 
-	// AccessLog is the path to the access log of supported L7 requests observed.
-	AccessLog string
-
 	// AgentLabels contains additional labels to identify this agent in monitor events.
 	AgentLabels []string
 
@@ -1804,7 +1798,6 @@ func (c *DaemonConfig) parseExcludedLocalAddresses(s []string) error {
 func (c *DaemonConfig) Populate() {
 	var err error
 
-	c.AccessLog = viper.GetString(AccessLog)
 	c.AgentLabels = viper.GetStringSlice(AgentLabels)
 	c.AllowICMPFragNeeded = viper.GetBool(AllowICMPFragNeeded)
 	c.AllowLocalhost = viper.GetString(AllowLocalhost)

diff --git a/pkg/proxy/logger/logger.go b/pkg/proxy/logger/logger.go
@@ -15,7 +15,6 @@
 package logger
 
 import (
-	"encoding/json"
 	"net"
 	"strconv"
 	"time"
@@ -29,16 +28,13 @@ import (
 	"github.com/cilium/cilium/pkg/proxy/accesslog"
 
 	"github.com/sirupsen/logrus"
-	"gopkg.in/natefinch/lumberjack.v2"
 )
 
 var (
 	log = logging.DefaultLogger.WithField(logfields.LogSubsys, "proxy-logger")
 
 	logMutex lock.Mutex
-	logger   *lumberjack.Logger
 	notifier LogRecordNotifier
-	logPath  string
 	metadata []string
 )
 
@@ -320,21 +316,10 @@ func (lr *LogRecord) getLogFields() *logrus.Entry {
 	return fields
 }
 
-func (lr *LogRecord) getRawLogMessage() []byte {
-	b, err := json.Marshal(*lr)
-	if err != nil {
-		return []byte(err.Error())
-	}
-
-	return append(b, byte('\n'))
-}
-
 // Log logs a record to the logfile and flushes the buffer
 func (lr *LogRecord) Log() {
 	flowdebug.Log(lr.getLogFields(), "Logging flow record")
 
-	// Lock while writing access log so we serialize writes as we may have
-	// to reopen the logfile and parallel writes could fail because of that
 	logMutex.Lock()
 	defer logMutex.Unlock()
 
@@ -343,33 +328,6 @@ func (lr *LogRecord) Log() {
 	if notifier != nil {
 		notifier.NewProxyLogRecord(lr)
 	}
-
-	if logger == nil {
-		flowdebug.Log(log.WithField(FieldFilePath, logPath),
-			"Skipping writing to access log (logger nil)")
-		return
-	}
-
-	if _, err := logger.Write(lr.getRawLogMessage()); err != nil {
-		log.WithError(err).WithField(FieldFilePath, logPath).
-			Errorf("Error writing to access file")
-	}
-}
-
-// Called with lock held
-func openLogfileLocked(lf string) error {
-	logPath = lf
-	log.WithField(FieldFilePath, logPath).Info("Opened access log")
-
-	logger = &lumberjack.Logger{
-		Filename:   lf,
-		MaxSize:    100, // megabytes
-		MaxBackups: 3,
-		MaxAge:     28,   //days
-		Compress:   true, // disabled by default
-	}
-
-	return nil
 }
 
 // LogRecordNotifier is the interface to implement LogRecord notifications
@@ -378,14 +336,6 @@ type LogRecordNotifier interface {
 	NewProxyLogRecord(l *LogRecord) error
 }
 
-// OpenLogfile opens a file for logging
-func OpenLogfile(lf string) error {
-	logMutex.Lock()
-	defer logMutex.Unlock()
-
-	return openLogfileLocked(lf)
-}
-
 // SetNotifier sets the notifier to call for all L7 records
 func SetNotifier(n LogRecordNotifier) {
 	logMutex.Lock()

diff --git a/pkg/proxy/proxy.go b/pkg/proxy/proxy.go
@@ -112,18 +112,11 @@ type Proxy struct {
 // StartProxySupport starts the servers to support L7 proxies: xDS GRPC server
 // and access log server.
 func StartProxySupport(minPort uint16, maxPort uint16, stateDir string,
-	accessLogFile string, accessLogNotifier logger.LogRecordNotifier, accessLogMetadata []string,
+	accessLogNotifier logger.LogRecordNotifier, accessLogMetadata []string,
 	datapathUpdater DatapathUpdater, mgr EndpointLookup) *Proxy {
 	endpointManager = mgr
 	xdsServer := envoy.StartXDSServer(stateDir)
 
-	if accessLogFile != "" {
-		if err := logger.OpenLogfile(accessLogFile); err != nil {
-			log.WithError(err).WithField(logfields.Path, accessLogFile).
-				Warn("Cannot open L7 access log")
-		}
-	}
-
 	if accessLogNotifier != nil {
 		logger.SetNotifier(accessLogNotifier)
 	}