Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings
/jujuPublic

fix: log all API requests not just RPC ones#21102

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open
jameinel wants to merge1 commit intojuju:3.6
base:3.6
Choose a base branch
Loading
fromjameinel:3.6-log-all-connections

Conversation

@jameinel
Copy link
Member

This updates the root HTTP Mux that we use, so that every connection ends up being logged. Our current system only creates a ConnectionID for RPC connections that are upgraded from raw HTTP connections. That means we weren't logging anything for connections to '/log' or '/offerdispatch', etc.

To make these connections traceable, I just use the underlying socket file descriptor. Which does have the nice property that it matches your lsof output.

Checklist

  • Code style: imports ordered, good names, simple structure, etc
  • Comments saying why design decisions were made
  • Go unit tests, with comments saying what you're testing
  • Integration tests, with comments saying what you're testing
  • doc.go added or updated in changed packages

QA steps

  1. Bootstrap a 3.6 controller and deploy a charm.
$ juju bootstrap lxd src36$ juju add-modeltest$ juju deploy juju-qa-test
  1. Update logs to DEBUG level and see the log messages around non-RPC connections.
$ juju model-config -m controller logging-config="<root>=INFO;juju.apiserver.http=DEBUG;juju.security=WARNING"$ juju debug-log -m controller...machine-0: 17:09:36 DEBUG juju.apiserver.http api -> fd:77 15.973303ms ServeHTTP GET /model/6bf6a242-0b75-419f-888a-c6bb6ec436b4/api?%3Amodeluuid=6bf6a242-0b75-419f-888a-c6bb6ec436b4&...machine-0: 17:09:36 DEBUG juju.apiserver.http api<- fd:81 ServeHTTP GET /model/6bf6a242-0b75-419f-888a-c6bb6ec436b4/logsink?version=1...machine-0: 17:22:34 DEBUG juju.apiserver.http api<- fd:105 ServeHTTP GET /model/f5e2d66a-4fc5-48aa-88e6-cb34430f9336/logsink?version=1
  1. If you deploy for a cross-model relation, you can see the macaroon offers getting dishcharged.
$ juju deploy juju-qa-dummy-source$ juju offer dummy-source:sink$ juju create-model sink$ juju deploy juju-qa-dummy-sink$ juju relate test.dummy-source dummy-sink

Then in debug-log you should see:

machine-0: 17:22:34 DEBUG juju.apiserver.http api <- fd:105 ServeHTTP GET /model/f5e2d66a-4fc5-48aa-88e6-cb34430f9336/logsink?version=1

Documentation changes

We could document the juju.apiserver.http log matcher, but it will also show up when you just DEBUG log the regular juju.apiserver key.

Links

None

This updates the root HTTP Mux that we use, so that every connection ends upbeing logged. Our current system only creates a ConnectionID for RPC connectionsthat are upgraded from raw HTTP connections. That means we weren't logginganything for connections to '/log' or '/offerdispatch', etc.To make these connections traceable, I just use the underlying socket filedescriptor. Which does have the nice property that it matches your lsof output.
Copy link
Member

@hmlaniganhmlanigan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Works as expected.

// Hide the fact that the model does not exist.
returnnil,errors.Unauthorizedf("invalid entity name or password")
}
// TODO(wallyworld) - we can't yet observe anonymous logins as entity must be non-nil
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

question: is this todo still valid?

p:pat.New(),
added:make(map[string][]patternHandler),
// TODO(jam): 2025-11-03 We could make the logger a muxOption instead
logger:loggo.GetLoggerWithLabels("juju.apiserver.http","api"),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

todo: make "api" a const incore/logger/labels.go.

Requires a doc update as well,manage-logs.md

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@hmlaniganhmlaniganhmlanigan approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees

@jameineljameinel

Labels

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jameinel@hmlanigan@jujubot
[8]ページ先頭
©2009-2025 Movatter.jp