Update barbican OCF scripts to enhance logging
This commit updates the barbican OCF scripts to address logging issues: - barbican-api is updated to set permissions on the logfile to restrict access - barbican-keystone-listener and barbican-worker are updated to log via syslog Depends-On: I31b29bb8ffff28cd329b383704b88cf73199bcec Change-Id: I814d35ca3e55fbfb9e0a462f3f05ff2db6a9cca5 Partial-Bug: 1836632 Signed-off-by: Don Penney <don.penney@windriver.com>
This commit is contained in:
parent
9de51a38bc
commit
e544061f67
|
@ -1,2 +1,2 @@
|
|||
SRC_DIR="$PKG_BASE/src"
|
||||
TIS_PATCH_VER=2
|
||||
TIS_PATCH_VER=3
|
||||
|
|
|
@ -249,6 +249,8 @@ barbican_api_start() {
|
|||
chown barbican:barbican /run/barbican
|
||||
/bin/python /usr/bin/gunicorn --pid $OCF_RESKEY_pid --config /etc/barbican/gunicorn-config.py \
|
||||
--paste /etc/barbican/barbican-api-paste.ini >> /var/log/barbican/barbican-api.log 2>&1 &
|
||||
# Restrict access to logfile
|
||||
chmod 640 /var/log/barbican/barbican-api.log
|
||||
|
||||
# Spin waiting for the server to come up.
|
||||
while true; do
|
||||
|
|
|
@ -194,8 +194,7 @@ barbican_keystone_listener_start() {
|
|||
|
||||
# run the actual barbican-keystone-listener daemon. Don't use ocf_run as we're sending the
|
||||
# tool's output straight to /dev/null anyway and using ocf_run would break stdout-redirection here.
|
||||
su ${OCF_RESKEY_user} -s /bin/sh -c "${OCF_RESKEY_binary} --logfile \
|
||||
/var/log/barbican/barbican-keystone-listener.log"' >> /dev/null 2>&1 & echo $!' > $OCF_RESKEY_pid
|
||||
su ${OCF_RESKEY_user} -s /bin/sh -c "${OCF_RESKEY_binary}"' >> /dev/null 2>&1 & echo $!' > $OCF_RESKEY_pid
|
||||
|
||||
# Spin waiting for the server to come up.
|
||||
while true; do
|
||||
|
|
|
@ -181,8 +181,7 @@ barbican_worker_start() {
|
|||
|
||||
# run the actual barbican-worker daemon. Don't use ocf_run as we're sending the tool's output
|
||||
# straight to /dev/null anyway and using ocf_run would break stdout-redirection here.
|
||||
su ${OCF_RESKEY_user} -s /bin/sh -c "${OCF_RESKEY_binary} \
|
||||
--logfile /var/log/barbican/barbican-worker.log"' >> /dev/null 2>&1 & echo $!' > $OCF_RESKEY_pid
|
||||
su ${OCF_RESKEY_user} -s /bin/sh -c "${OCF_RESKEY_binary}"' >> /dev/null 2>&1 & echo $!' > $OCF_RESKEY_pid
|
||||
|
||||
# Spin waiting for the server to come up.
|
||||
while true; do
|
||||
|
|
Loading…
Reference in New Issue