-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
rhos-18.0.0
-
None
-
3
-
False
-
-
False
-
?
-
?
-
?
-
?
-
None
-
Low
Hello,
I'm trying to enable horizon operation logs for security purposes/recommandations but I'm getting the following error :
[Thu Aug 08 16:10:12.424375 2024] [authz_core:debug] [pid 74:tid 128] mod_authz_core.c(843): [client 50.50.11.2:54680] AH01628: authorization result: granted (no directives) │ │ [Thu Aug 08 16:10:12.424504 2024] [authz_core:debug] [pid 74:tid 128] mod_authz_core.c(815): [client 50.50.11.2:54680] AH01626: authorization result of Require all granted: granted │ │ [Thu Aug 08 16:10:12.424508 2024] [authz_core:debug] [pid 74:tid 128] mod_authz_core.c(815): [client 50.50.11.2:54680] AH01626: authorization result of <RequireAny>: granted │ │ [Thu Aug 08 16:10:12.424813 2024] [wsgi:info] [pid 59:tid 87] [remote 50.50.11.2:54680] mod_wsgi (pid=59, process='apache', application=''): Loading Python script file '/usr/share/openstack-dashboard/openstack_dashboard/wsgi.py'. │ │ [Thu Aug 08 16:10:13.073501 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] mod_wsgi (pid=59): Failed to exec Python script file '/usr/share/openstack-dashboard/openstack_dashboard/wsgi.py'. │ │ [Thu Aug 08 16:10:13.073530 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] mod_wsgi (pid=59): Exception occurred processing WSGI script '/usr/share/openstack-dashboard/openstack_dashboard/wsgi.py'. │ │ [Thu Aug 08 16:10:13.074351 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] Traceback (most recent call last): │ │ [Thu Aug 08 16:10:13.074375 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] File "/usr/lib64/python3.9/logging/config.py", line 564, in configure │ │ [Thu Aug 08 16:10:13.074378 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] handler = self.configure_handler(handlers[name]) │ │ [Thu Aug 08 16:10:13.074382 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] File "/usr/lib64/python3.9/logging/config.py", line 745, in configure_handler │ │ [Thu Aug 08 16:10:13.074386 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] result = factory(**kwargs) │ │ [Thu Aug 08 16:10:13.074388 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] File "/usr/lib64/python3.9/logging/__init__.py", line 1146, in __init__ │ │ [Thu Aug 08 16:10:13.074391 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] StreamHandler.__init__(self, self._open()) │ │ [Thu Aug 08 16:10:13.074394 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] File "/usr/lib64/python3.9/logging/__init__.py", line 1175, in _open │ │ [Thu Aug 08 16:10:13.074396 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] return open(self.baseFilename, self.mode, encoding=self.encoding, │ │ [Thu Aug 08 16:10:13.074414 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] PermissionError: [Errno 13] Permission denied: '/var/log/horizon/operation.log' │ │ [Thu Aug 08 16:10:13.074420 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] │ │ [Thu Aug 08 16:10:13.074423 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] The above exception was the direct cause of the following exception: │ │ [Thu Aug 08 16:10:13.074426 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] │ │ [Thu Aug 08 16:10:13.074429 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] Traceback (most recent call last): │ │ [Thu Aug 08 16:10:13.074442 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] File "/usr/share/openstack-dashboard/openstack_dashboard/wsgi.py", line 29, in <module> │ │ [Thu Aug 08 16:10:13.074444 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] application = get_wsgi_application() │ │ [Thu Aug 08 16:10:13.074447 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] File "/usr/lib/python3.9/site-packages/django/core/wsgi.py", line 12, in get_wsgi_application │ │ [Thu Aug 08 16:10:13.074450 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] django.setup(set_prefix=False) │ │ [Thu Aug 08 16:10:13.074452 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] File "/usr/lib/python3.9/site-packages/django/__init__.py", line 19, in setup │ │ [Thu Aug 08 16:10:13.074455 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] configure_logging(settings.LOGGING_CONFIG, settings.LOGGING) │ │ [Thu Aug 08 16:10:13.074458 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] File "/usr/lib/python3.9/site-packages/django/utils/log.py", line 75, in configure_logging │ │ [Thu Aug 08 16:10:13.074461 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] logging_config_func(logging_settings) │ │ [Thu Aug 08 16:10:13.074463 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] File "/usr/lib64/python3.9/logging/config.py", line 809, in dictConfig │ │ [Thu Aug 08 16:10:13.074466 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] dictConfigClass(config).configure() │ │ [Thu Aug 08 16:10:13.074470 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] File "/usr/lib64/python3.9/logging/config.py", line 571, in configure │ │ [Thu Aug 08 16:10:13.074473 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] raise ValueError('Unable to configure handler ' │ │ [Thu Aug 08 16:10:13.074479 2024] [wsgi:error] [pid 59:tid 87] [remote 50.50.11.2:54680] ValueError: Unable to configure handler 'operation'
Here is the custom configuration :
# ANSSI
OPERATION_LOG_ENABLE = True
OPERATION_LOG_OTIONS = {
'mask_fields' : ['password', 'secret'],
'target_methods' : ['POST', 'GET', 'PUT', 'DELETE'],
'format' : ("[%(domain_name)s] [%(domain_id)s] [%(project_name)s]"
" [%(project_id)s] [%(user_name)s] [%(user_id)s] [%(request_scheme)s]"
" [%(referer_url)s] [%(request_url)s] [%(message)s] [%(method)s]"
" [%(http_status)s] [%(param)s]"),
}
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'formatters': {
'console': {
'format': '%(levelname)s %(name)s %(message)s'
},
'verbose': {
'format': '%(asctime)s %(process)d %(levelname)s %(name)s '
'%(message)s'
},
'operation': {
# The format of "%(message)s" is defined by
# OPERATION_LOG_OPTIONS['format']
'format': '%(message)s'
},
},
'handlers': {
'null': {
'level': 'DEBUG',
'class': 'logging.NullHandler',
},
'console': {
# Set the level to "DEBUG" for verbose output logging.
'level': 'DEBUG' if DEBUG else 'INFO',
'class': 'logging.StreamHandler',
'formatter': 'console',
},
'operation': {
'level': 'INFO',
'class': 'logging.FileHandler',
'filename': '/var/log/horizon/operation.log',
'formatter': 'verbose',
},
},
'loggers': {
'horizon': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'horizon.operation_log': {
'handlers': ['operation'],
'level': 'INFO',
'propagate': False,
},
'openstack_dashboard': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'novaclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'cinderclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'keystoneauth': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'keystoneclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'glanceclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'neutronclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'swiftclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'oslo_policy': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'openstack_auth': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'django': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
# VariableDoesNotExist error in the debug level from django.template
# is VERY noisy and it is output even for valid cases,
# so set the default log level of django.template to INFO.
'django.template': {
'handlers': ['console'],
'level': 'INFO',
'propagate': False,
},
# Logging from django.db.backends is VERY verbose, send to null
# by default.
'django.db.backends': {
'handlers': ['null'],
'propagate': False,
},
'requests': {
'handlers': ['null'],
'propagate': False,
},
'urllib3': {
'handlers': ['null'],
'propagate': False,
},
'chardet.charsetprober': {
'handlers': ['null'],
'propagate': False,
},
'iso8601': {
'handlers': ['null'],
'propagate': False,
},
'scss': {
'handlers': ['null'],
'propagate': False,
},
},
}
Permissions on /var/log/horizon/
[root@horizon-7f486b85c6-hdsvp /]# stat /var/log/horizon/ File: /var/log/horizon/ Size: 27 Blocks: 0 IO Block: 4096 directory Device: 20002bh/2097195d Inode: 874098628 Links: 1 Access: (0750/drwxr-x---) Uid: ( 48/ apache) Gid: ( 48/ apache) Access: 2024-08-08 16:10:02.905216672 +0000 Modify: 2024-08-08 16:10:03.692227799 +0000 Change: 2024-08-08 16:10:03.692227799 +0000 Birth: 2024-08-08 16:10:02.905216672 +0000
