bucket logging endpoint changes #7426
Conversation
|
@Neon-White @tangledbytes This patch contains creation of log records at the endpoint handler request. |
src/endpoint/s3/s3_rest.js
Outdated
| @@ -533,6 +551,7 @@ function consume_usage_report() { | |||
| } | |||
|
|
|||
|
|
|||
|
|
|||
There was a problem hiding this comment.
Seems like this newline can be removed
| @@ -120,6 +120,9 @@ RUN chmod 775 /noobaa_init_files && \ | |||
| chgrp -R 0 /noobaa_init_files/ && \ | |||
| chmod -R g=u /noobaa_init_files/ | |||
|
|
|||
| RUN chmod 777 /etc/rsyslog.conf | |||
There was a problem hiding this comment.
let's remove rsyslog related changes for now
|
@aspandey @dannyzaken Can we include in this PR an option for src/cmd/nsfs to enable bucket logging? |
To clarify - I can set up the syslog interface manually - but I do need a flag to enable sending out the logs for nsfs command line. |
| return format_logging_response(reply.logging); | ||
| } | ||
|
|
||
| function format_logging_response(log_set) { |
There was a problem hiding this comment.
this function doesn't seem correct to me.
- we shouldn't throw an error if there is no bucket logging enabled.
- it does not format the response. see the required response here.
Also, we should probably also implement s3_put_bucket_logging. I think both can be done in a different PR together with tests
There was a problem hiding this comment.
Right. I will make changes.
There was a problem hiding this comment.
Got it. I have removed this change. Will send different PR as suggested by you.
| @@ -120,6 +120,7 @@ RUN chmod 775 /noobaa_init_files && \ | |||
| chgrp -R 0 /noobaa_init_files/ && \ | |||
| chmod -R g=u /noobaa_init_files/ | |||
|
|
|||
|
|
|||
src/endpoint/s3/s3_rest.js
Outdated
| let bucket_info = null; | ||
| if (req.params && req.params.bucket) { | ||
| try { | ||
| bucket_info = await req.object_sdk.internal_rpc_client.bucket.read_bucket_sdk_info({ name: req.params.bucket }); |
There was a problem hiding this comment.
this will perform an RPC call to core on every S3 request. object_sdk should have this data in its cache and we should not perform an RPC call to get it
There was a problem hiding this comment.
Got it...will make appropriate changes .
src/endpoint/s3/s3_rest.js
Outdated
| try { | ||
| bucket_info = await req.object_sdk.internal_rpc_client.bucket.read_bucket_sdk_info({ name: req.params.bucket }); | ||
| if (bucket_info) { | ||
| dbg.info("bucket_info =", bucket_info); |
There was a problem hiding this comment.
there is no dbg.info. use dbg.log0 to dbg.log5 for different log levels.
src/endpoint/s3/s3_rest.js
Outdated
| dbg.info("bucket_info =", bucket_info); | ||
| } | ||
| } catch (err) { | ||
| dbg.log1("Could not get bucket info from cache", err); |
There was a problem hiding this comment.
in general, for most errors (unless expected ones) you should use dbg.error and rethrow
src/endpoint/s3/s3_rest.js
Outdated
| let bucket_info = null; | ||
| if (req.params && req.params.bucket) { | ||
| bucket_info = await req.object_sdk.read_bucket_sdk_config_info(req.params.bucket); | ||
| dbg.log0("read_bucket_sdk_config_info = ", bucket_info); |
There was a problem hiding this comment.
This should not be dbg.log0 as it happens on every request and can overload the log. you can change it to log2 or 3
src/endpoint/s3/s3_rest.js
Outdated
| } | ||
| // Check if logging is enabled or not and send the S3 logs accordingly. | ||
| if (s3_logging.is_bucket_logging_enabled(bucket_info, req.params.bucket)) { | ||
| dbg.log0("Bucket logging is enabled on Bucket : ", req.params.bucket); |
src/endpoint/s3/s3_rest.js
Outdated
| collect_bucket_usage(op, req, res); | ||
|
|
||
| let bucket_info = null; |
There was a problem hiding this comment.
no need to init it to null. it is initialized as undefined
src/endpoint/s3/s3_rest.js
Outdated
| dbg.log0("read_bucket_sdk_config_info = ", bucket_info); | ||
| } | ||
| // Check if logging is enabled or not and send the S3 logs accordingly. | ||
| if (s3_logging.is_bucket_logging_enabled(bucket_info, req.params.bucket)) { |
There was a problem hiding this comment.
If I'm not mistaken, this code should be under the if in line 153.
Also, passing req.params.bucket is redundant, since bucket_info should already contain the name.
src/endpoint/s3/s3_bucket_logging.js
Outdated
|
|
||
| function endpoint_bucket_op_logs(op_name, req, res, source_bucket) { | ||
|
|
||
| dbg.info("Sending op logs for op name = ", op_name); |
There was a problem hiding this comment.
there is no dbg.info. you can change to dbg.log2 or dbg.log3
src/endpoint/s3/s3_bucket_logging.js
Outdated
| } | ||
| values = values.slice(0, -2); | ||
| //Just to log it to endpoint logs. Need to remove it later. | ||
| dbg.log0("!!!Object operation log!!! :", values); |
There was a problem hiding this comment.
Even though we plan to replace it with a syslog call eventually, let's change it to dbg.log1 to avoid excessive logging.
src/endpoint/s3/s3_bucket_logging.js
Outdated
| request_id: req.request_id | ||
| }; | ||
|
|
||
| const s3_log = new Aws_log_entry(); |
There was a problem hiding this comment.
See my comment in response to Ben. I think we should format it in the (syslog) server side before writing the log object. I think that for now you can just return log as the log record and send it as JSON
src/endpoint/s3/s3_bucket_logging.js
Outdated
| let values = ""; | ||
| for (const key of Object.keys(s3_log)) { | ||
| const value = s3_log[key]; | ||
| values += `${value} `; | ||
| } |
There was a problem hiding this comment.
I think we should send it as a json (use JSON.stringify()). it is more generic and can be easily parsed later
src/endpoint/s3/s3_bucket_logging.js
Outdated
| const enable = check_logging_config_perm(source_bucket.bucket_info.logging); | ||
| return enable; |
There was a problem hiding this comment.
This check is unnecessary now. we can add it later if we see a reason to.
| const enable = check_logging_config_perm(source_bucket.bucket_info.logging); | |
| return enable; | |
| return true; |
|
@aspandey also pay attention to the DCO and deepscan tests |
aspandey
force-pushed
the
logging
branch
2 times, most recently
from
612b566
to
81a61dc
Compare
src/endpoint/s3/s3_rest.js
Outdated
| collect_bucket_usage(op, req, res); | ||
|
|
||
| let bucket_info; |
There was a problem hiding this comment.
bucket_info is not used outside the following if scope.
it's better to remove this line and add const inside the scope
| }] | ||
| } | ||
| }); | ||
| } | ||
|
|
||
| async function get_bucket_logging(req) { | ||
| dbg.log0('get_bucket_logging:', req.rpc_params); | ||
|
|
||
| dbg.log0('delete_bucket_logging:', req.rpc_params); |
src/endpoint/s3/s3_bucket_logging.js
Outdated
| function is_bucket_logging_enabled(source_bucket) { | ||
|
|
||
| if (!source_bucket || !source_bucket.bucket_info.logging) { | ||
|
|
src/endpoint/s3/s3_rest.js
Outdated
| dbg.log2("read_bucket_sdk_config_info = ", bucket_info); | ||
|
|
||
| if (s3_logging.is_bucket_logging_enabled(bucket_info)) { | ||
| dbg.log2("Bucket logging is enabled on Bucket : ", req.params.bucket); |
src/endpoint/s3/s3_bucket_logging.js
Outdated
| // 2 - Format it and send it to log bucket/syslog. | ||
|
|
||
| const s3_log = get_bucket_log_record(op_name, source_bucket, req, res); | ||
| dbg.log1("!!!BUCKET Operation Logs!!! ", s3_log); |
There was a problem hiding this comment.
A bit dramatic...
| dbg.log1("!!!BUCKET Operation Logs!!! ", s3_log); | |
| dbg.log1("bucket op log = ", s3_log); |
Also, consider prefixing all logs realted to bucket op logs with a common prefix.
It would make it easier to grep for them.
Eg-
dbg.log("bucket op log: sending op logs for op name = ")
There was a problem hiding this comment.
I agree with you on prefix part. For now, I am keeping it as it is as we also need to decide on log format.
|
|
||
| const client_ip = http_utils.parse_client_ip(req); | ||
|
|
||
| const log = { |
There was a problem hiding this comment.
I think some fields are missing?
-time
-requester (if we have such a concept)
-error code
-bytes_send (if available?)
-object size
etc. see https://docs.aws.amazon.com/AmazonS3/latest/userguide/LogFormat.html
There was a problem hiding this comment.
Same here. We may not log the exact S3 format. So will decide later.
aspandey
force-pushed
the
logging
branch
3 times, most recently
from
a8d6644
to
f6f1a6e
Compare
alphaprinz
dismissed
dannyzaken’s stale review
This version is meeting the current "definition of done". Further changes as warranted.
Signed-off-by: Ashish Pandey <aspandey@redhat.com>
Explain the changes
2.Basic idea is to log bucket operation so that replication engine can use it to replicate
that operation like put object.
As soon as operation request return a reply, we get the status and other information for that operation and
create a message with S3 log format and send it to noobaa log bucket configured by the user.
Mainly this task is done in handle_request function of s3_rest.js