From 9ce6809ad18c1d888867fe4db145efcbe9a4f925 Mon Sep 17 00:00:00 2001 From: Marc-Elias Travitzky Date: Wed, 28 Feb 2024 11:27:07 +0100 Subject: [PATCH 01/11] Enable SCC access logging by default This will enable the SCC access logger in testing deployments --- modules/server/main.tf | 1 + modules/server/variables.tf | 5 +++++ modules/server_containerized/main.tf | 1 + modules/server_containerized/variables.tf | 5 +++++ salt/server/taskomatic.sls | 14 +++++++++++++- salt/server/tomcat.sls | 18 +++++++++++++++++- salt/server_containerized/init.sls | 4 ++++ salt/server_containerized/taskomatic.sls | 11 +++++++++++ salt/server_containerized/tomcat.sls | 11 +++++++++++ 9 files changed, 68 insertions(+), 2 deletions(-) create mode 100644 salt/server_containerized/taskomatic.sls create mode 100644 salt/server_containerized/tomcat.sls diff --git a/modules/server/main.tf b/modules/server/main.tf index ea0a58ec0..3990b8766 100644 --- a/modules/server/main.tf +++ b/modules/server/main.tf @@ -66,6 +66,7 @@ module "server" { java_salt_debugging = var.java_salt_debugging skip_changelog_import = var.skip_changelog_import create_first_user = var.create_first_user + scc_access_logging = var.scc_access_logging mgr_sync_autologin = var.mgr_sync_autologin create_sample_channel = var.create_sample_channel create_sample_activation_key = var.create_sample_activation_key diff --git a/modules/server/variables.tf b/modules/server/variables.tf index b368edcde..67cb3ea50 100644 --- a/modules/server/variables.tf +++ b/modules/server/variables.tf @@ -207,6 +207,11 @@ variable "traceback_email" { default = null } +variable "scc_access_logging" { + description = "enable logging for SCC access through taskomatic and tomcat" + default = true +} + variable "swap_file_size" { description = "Swap file size in MiB, or 0 for none" default = 0 diff --git a/modules/server_containerized/main.tf b/modules/server_containerized/main.tf index a5b4b360c..13cf30f22 100644 --- a/modules/server_containerized/main.tf +++ b/modules/server_containerized/main.tf @@ -57,6 +57,7 @@ module "server_containerized" { database_disk_size = var.database_disk_size skip_changelog_import = var.skip_changelog_import create_first_user = var.create_first_user + scc_access_logging = var.scc_access_logging mgr_sync_autologin = var.mgr_sync_autologin create_sample_channel = var.create_sample_channel create_sample_activation_key = var.create_sample_activation_key diff --git a/modules/server_containerized/variables.tf b/modules/server_containerized/variables.tf index d36106da1..dbacf2496 100644 --- a/modules/server_containerized/variables.tf +++ b/modules/server_containerized/variables.tf @@ -192,6 +192,11 @@ variable "traceback_email" { default = null } +variable "scc_access_logging" { + description = "enable logging for SCC access through taskomatic and tomcat" + default = true +} + variable "smt" { description = "URL to an SMT server to get packages from" default = null diff --git a/salt/server/taskomatic.sls b/salt/server/taskomatic.sls index 6d3e3c32b..5b10f9b27 100644 --- a/salt/server/taskomatic.sls +++ b/salt/server/taskomatic.sls @@ -1,5 +1,6 @@ -{% if grains.get('java_debugging') or grains.get('java_hibernate_debugging') %} include: + - server +{% if grains.get('java_debugging') or grains.get('java_hibernate_debugging') %} - server.rhn {% endif %} @@ -33,6 +34,17 @@ taskomatic_hibernate_debug_log: - sls: server.rhn {% endif %} +{% if grains.get('scc_access_logging') %} +taskomatic_scc_access_logging: + file.line: + - name: /usr/share/rhn/classes/log4j2.xml + - content: ' ' + - after: "" + - mode: ensure + - require: + - sls: server +{% endif %} + taskomatic: service.running: - watch: diff --git a/salt/server/tomcat.sls b/salt/server/tomcat.sls index f16d9e5ae..a518a790a 100644 --- a/salt/server/tomcat.sls +++ b/salt/server/tomcat.sls @@ -1,5 +1,6 @@ -{% if grains.get('java_debugging') or grains.get('java_salt_debugging') %} include: + - server +{% if grains.get('java_debugging') or grains.get('java_salt_debugging') %} - server.rhn {% endif %} @@ -32,6 +33,21 @@ salt_server_action_service_debug_log: - sls: server.rhn {% endif %} +{% if grains.get('scc_access_logging') %} + {% set tomcat-log4j2-xml-path = "/usr/share/susemanager/www/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml"} + {% if __salt__["file.exists"]("/srv/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml") %} + set tomcat-log4j2-xml-path = "/srv/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml" + {% endif %} +tomcat_scc_access_logging: + file.line: + - name: {{tomcat-log4j2-xml-path}} + - content: ' ' + - after: "" + - mode: ensure + - require: + - sls: server +{% endif %} + {% if grains.get('login_timeout') %} extend_tomcat_login_timeout: file.replace: diff --git a/salt/server_containerized/init.sls b/salt/server_containerized/init.sls index 95f8f1da2..8d2f7dada 100644 --- a/salt/server_containerized/init.sls +++ b/salt/server_containerized/init.sls @@ -7,3 +7,7 @@ include: - server_containerized.initial_content - server_containerized.testsuite - server_containerized.large_deployment + {% if grains.get('scc_access_logging') %} + - server_containerized.taskomatic + - server_containerized.tomcat + {% endif %} diff --git a/salt/server_containerized/taskomatic.sls b/salt/server_containerized/taskomatic.sls new file mode 100644 index 000000000..8d776c4aa --- /dev/null +++ b/salt/server_containerized/taskomatic.sls @@ -0,0 +1,11 @@ +include: + - server_containerized + +taskomatic_scc_access_logging: + file.line: + - name: /usr/share/rhn/classes/log4j2.xml + - content: ' ' + - after: "" + - mode: ensure + - require: + - sls: server_containerized diff --git a/salt/server_containerized/tomcat.sls b/salt/server_containerized/tomcat.sls new file mode 100644 index 000000000..7ae02e1ab --- /dev/null +++ b/salt/server_containerized/tomcat.sls @@ -0,0 +1,11 @@ +include: + - server_containerized + +tomcat_scc_access_logging: + file.line: + - name: /usr/share/susemanager/www/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml + - content: ' ' + - after: "" + - mode: ensure + - require: + - sls: server_containerized From e854cb32fe649d8f6e336a3dc7769ea152b65c0e Mon Sep 17 00:00:00 2001 From: Marc-Elias Travitzky Date: Wed, 28 Feb 2024 11:46:20 +0100 Subject: [PATCH 02/11] Fixed a typo --- salt/server/tomcat.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/server/tomcat.sls b/salt/server/tomcat.sls index a518a790a..9f5a711b6 100644 --- a/salt/server/tomcat.sls +++ b/salt/server/tomcat.sls @@ -34,7 +34,7 @@ salt_server_action_service_debug_log: {% endif %} {% if grains.get('scc_access_logging') %} - {% set tomcat-log4j2-xml-path = "/usr/share/susemanager/www/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml"} + {% set tomcat-log4j2-xml-path = "/usr/share/susemanager/www/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml" %} {% if __salt__["file.exists"]("/srv/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml") %} set tomcat-log4j2-xml-path = "/srv/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml" {% endif %} From 2fd0d7dcf1aa0a65d79b22540c0ae9840b1c0793 Mon Sep 17 00:00:00 2001 From: Marc-Elias Travitzky Date: Wed, 28 Feb 2024 11:56:39 +0100 Subject: [PATCH 03/11] fixed jinja syntax --- salt/server/tomcat.sls | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/server/tomcat.sls b/salt/server/tomcat.sls index 9f5a711b6..cd93afa6b 100644 --- a/salt/server/tomcat.sls +++ b/salt/server/tomcat.sls @@ -34,13 +34,13 @@ salt_server_action_service_debug_log: {% endif %} {% if grains.get('scc_access_logging') %} - {% set tomcat-log4j2-xml-path = "/usr/share/susemanager/www/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml" %} + {% set tomcat_log4j2_xml_path = "/usr/share/susemanager/www/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml" %} {% if __salt__["file.exists"]("/srv/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml") %} - set tomcat-log4j2-xml-path = "/srv/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml" + set tomcat_log4j2_xml_path = "/srv/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml" {% endif %} tomcat_scc_access_logging: file.line: - - name: {{tomcat-log4j2-xml-path}} + - name: {{tomcat_log4j2_xml_path}} - content: ' ' - after: "" - mode: ensure From 8fdff64b35efcd352c8c190805abe8a07516a39e Mon Sep 17 00:00:00 2001 From: Marc-Elias Travitzky Date: Wed, 28 Feb 2024 14:17:54 +0100 Subject: [PATCH 04/11] Remove changes regarding server_containerized These changes can't be finalized at the moment. --- modules/server_containerized/main.tf | 1 - modules/server_containerized/variables.tf | 5 ----- salt/server_containerized/init.sls | 4 ---- salt/server_containerized/taskomatic.sls | 11 ----------- salt/server_containerized/tomcat.sls | 11 ----------- 5 files changed, 32 deletions(-) delete mode 100644 salt/server_containerized/taskomatic.sls delete mode 100644 salt/server_containerized/tomcat.sls diff --git a/modules/server_containerized/main.tf b/modules/server_containerized/main.tf index 13cf30f22..a5b4b360c 100644 --- a/modules/server_containerized/main.tf +++ b/modules/server_containerized/main.tf @@ -57,7 +57,6 @@ module "server_containerized" { database_disk_size = var.database_disk_size skip_changelog_import = var.skip_changelog_import create_first_user = var.create_first_user - scc_access_logging = var.scc_access_logging mgr_sync_autologin = var.mgr_sync_autologin create_sample_channel = var.create_sample_channel create_sample_activation_key = var.create_sample_activation_key diff --git a/modules/server_containerized/variables.tf b/modules/server_containerized/variables.tf index dbacf2496..d36106da1 100644 --- a/modules/server_containerized/variables.tf +++ b/modules/server_containerized/variables.tf @@ -192,11 +192,6 @@ variable "traceback_email" { default = null } -variable "scc_access_logging" { - description = "enable logging for SCC access through taskomatic and tomcat" - default = true -} - variable "smt" { description = "URL to an SMT server to get packages from" default = null diff --git a/salt/server_containerized/init.sls b/salt/server_containerized/init.sls index 8d2f7dada..95f8f1da2 100644 --- a/salt/server_containerized/init.sls +++ b/salt/server_containerized/init.sls @@ -7,7 +7,3 @@ include: - server_containerized.initial_content - server_containerized.testsuite - server_containerized.large_deployment - {% if grains.get('scc_access_logging') %} - - server_containerized.taskomatic - - server_containerized.tomcat - {% endif %} diff --git a/salt/server_containerized/taskomatic.sls b/salt/server_containerized/taskomatic.sls deleted file mode 100644 index 8d776c4aa..000000000 --- a/salt/server_containerized/taskomatic.sls +++ /dev/null @@ -1,11 +0,0 @@ -include: - - server_containerized - -taskomatic_scc_access_logging: - file.line: - - name: /usr/share/rhn/classes/log4j2.xml - - content: ' ' - - after: "" - - mode: ensure - - require: - - sls: server_containerized diff --git a/salt/server_containerized/tomcat.sls b/salt/server_containerized/tomcat.sls deleted file mode 100644 index 7ae02e1ab..000000000 --- a/salt/server_containerized/tomcat.sls +++ /dev/null @@ -1,11 +0,0 @@ -include: - - server_containerized - -tomcat_scc_access_logging: - file.line: - - name: /usr/share/susemanager/www/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml - - content: ' ' - - after: "" - - mode: ensure - - require: - - sls: server_containerized From e2f967688be8a9e0af47b1d6c2bcdeb93bf42177 Mon Sep 17 00:00:00 2001 From: Marc-Elias Travitzky Date: Wed, 28 Feb 2024 14:31:01 +0100 Subject: [PATCH 05/11] Don't enable SCC logging by default Co-authored-by: Oscar Barrios --- modules/server/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/server/variables.tf b/modules/server/variables.tf index 67cb3ea50..57e149afa 100644 --- a/modules/server/variables.tf +++ b/modules/server/variables.tf @@ -209,7 +209,7 @@ variable "traceback_email" { variable "scc_access_logging" { description = "enable logging for SCC access through taskomatic and tomcat" - default = true + default = false } variable "swap_file_size" { From 543e2bc79bf4d5ae3e34e4c9984b56e576de9b7d Mon Sep 17 00:00:00 2001 From: Marc-Elias Travitzky Date: Wed, 28 Feb 2024 14:45:52 +0100 Subject: [PATCH 06/11] Fix jinja code The code before had some mistakes and bad design. --- salt/server/tomcat.sls | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/salt/server/tomcat.sls b/salt/server/tomcat.sls index cd93afa6b..e5510063f 100644 --- a/salt/server/tomcat.sls +++ b/salt/server/tomcat.sls @@ -34,10 +34,11 @@ salt_server_action_service_debug_log: {% endif %} {% if grains.get('scc_access_logging') %} +{% if __salt__["file.exists"]("/srv/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml") %} + {% set tomcat_log4j2_xml_path = "/srv/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml" %} +{% else %} {% set tomcat_log4j2_xml_path = "/usr/share/susemanager/www/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml" %} - {% if __salt__["file.exists"]("/srv/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml") %} - set tomcat_log4j2_xml_path = "/srv/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml" - {% endif %} +{% endif %} tomcat_scc_access_logging: file.line: - name: {{tomcat_log4j2_xml_path}} From 8fca6ebb00de1fbe2a785499e30d3ca8fe284946 Mon Sep 17 00:00:00 2001 From: Marc-Elias Travitzky Date: Wed, 28 Feb 2024 15:02:06 +0100 Subject: [PATCH 07/11] Don't include server in taskomatic.sls This isn't necessary, as it's already included in rhn.sls --- salt/server/taskomatic.sls | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/salt/server/taskomatic.sls b/salt/server/taskomatic.sls index 5b10f9b27..705d296a4 100644 --- a/salt/server/taskomatic.sls +++ b/salt/server/taskomatic.sls @@ -1,6 +1,5 @@ +{% if grains.get('java_debugging') or grains.get('java_hibernate_debugging') or grains.get('scc_access_logging') %} include: - - server -{% if grains.get('java_debugging') or grains.get('java_hibernate_debugging') %} - server.rhn {% endif %} From aa4c8a68538adc34f0ad90e513b8b453fe1f3228 Mon Sep 17 00:00:00 2001 From: Marc-Elias Travitzky Date: Wed, 28 Feb 2024 15:42:03 +0100 Subject: [PATCH 08/11] Fixed typo in description Changed to a capital E --- modules/server/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/server/variables.tf b/modules/server/variables.tf index 57e149afa..cb7439128 100644 --- a/modules/server/variables.tf +++ b/modules/server/variables.tf @@ -208,7 +208,7 @@ variable "traceback_email" { } variable "scc_access_logging" { - description = "enable logging for SCC access through taskomatic and tomcat" + description = "Enable logging for SCC access through taskomatic and tomcat" default = false } From 5e57a9d4bcefd291b54ff58f0134ad715027a92d Mon Sep 17 00:00:00 2001 From: Marc-Elias Travitzky Date: Wed, 28 Feb 2024 15:46:27 +0100 Subject: [PATCH 09/11] Apply some suggestions Applied some improvements to taskomatic.sls and tomcat.sls --- salt/server/taskomatic.sls | 2 +- salt/server/tomcat.sls | 9 ++++----- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/salt/server/taskomatic.sls b/salt/server/taskomatic.sls index 705d296a4..3e87fa6f0 100644 --- a/salt/server/taskomatic.sls +++ b/salt/server/taskomatic.sls @@ -41,7 +41,7 @@ taskomatic_scc_access_logging: - after: "" - mode: ensure - require: - - sls: server + - sls: server.rhn {% endif %} taskomatic: diff --git a/salt/server/tomcat.sls b/salt/server/tomcat.sls index e5510063f..2350fe4dd 100644 --- a/salt/server/tomcat.sls +++ b/salt/server/tomcat.sls @@ -1,6 +1,5 @@ +{% if grains.get('java_debugging') or grains.get('java_salt_debugging') or grains.get('scc_access_logging') %} include: - - server -{% if grains.get('java_debugging') or grains.get('java_salt_debugging') %} - server.rhn {% endif %} @@ -35,9 +34,9 @@ salt_server_action_service_debug_log: {% if grains.get('scc_access_logging') %} {% if __salt__["file.exists"]("/srv/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml") %} - {% set tomcat_log4j2_xml_path = "/srv/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml" %} +{% set tomcat_log4j2_xml_path = "/srv/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml" %} {% else %} - {% set tomcat_log4j2_xml_path = "/usr/share/susemanager/www/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml" %} +{% set tomcat_log4j2_xml_path = "/usr/share/susemanager/www/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml" %} {% endif %} tomcat_scc_access_logging: file.line: @@ -46,7 +45,7 @@ tomcat_scc_access_logging: - after: "" - mode: ensure - require: - - sls: server + - sls: server.rhn {% endif %} {% if grains.get('login_timeout') %} From c4cd1cda40dfd6830295fc2e91bc51ac1c58bb08 Mon Sep 17 00:00:00 2001 From: Marc-Elias Travitzky Date: Fri, 1 Mar 2024 16:16:03 +0100 Subject: [PATCH 10/11] Make scc_access_logging actually work Now scc access logging can be enabled and will edit the right files --- modules/cucumber_testsuite/main.tf | 3 +++ modules/server/variables.tf | 1 + salt/server/taskomatic.sls | 5 +++-- salt/server/tomcat.sls | 7 ++++--- 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/modules/cucumber_testsuite/main.tf b/modules/cucumber_testsuite/main.tf index 7da70d314..b1dbc7185 100644 --- a/modules/cucumber_testsuite/main.tf +++ b/modules/cucumber_testsuite/main.tf @@ -58,6 +58,8 @@ locals { host_key => lookup(var.host_settings[host_key], "create_first_user", false) if var.host_settings[host_key] != null } repository_disk_use_cloud_setup = { for host_key in local.hosts : host_key => lookup(var.host_settings[host_key], "repository_disk_use_cloud_setup", null) if var.host_settings[host_key] != null } + scc_access_logging = { for host_key in local.hosts : + host_key => lookup(var.host_settings[host_key], "scc_access_logging", false) if var.host_settings[host_key] != null } } module "server" { @@ -92,6 +94,7 @@ module "server" { additional_repos_only = lookup(local.additional_repos_only, "server", false) additional_packages = lookup(local.additional_packages, "server", []) login_timeout = var.login_timeout + scc_access_logging = lookup(local.scc_access_logging, "server", false) saltapi_tcpdump = var.saltapi_tcpdump provider_settings = lookup(local.provider_settings_by_host, "server", {}) diff --git a/modules/server/variables.tf b/modules/server/variables.tf index cb7439128..337ce7a0b 100644 --- a/modules/server/variables.tf +++ b/modules/server/variables.tf @@ -209,6 +209,7 @@ variable "traceback_email" { variable "scc_access_logging" { description = "Enable logging for SCC access through taskomatic and tomcat" + type = bool default = false } diff --git a/salt/server/taskomatic.sls b/salt/server/taskomatic.sls index 3e87fa6f0..79b7cd9c2 100644 --- a/salt/server/taskomatic.sls +++ b/salt/server/taskomatic.sls @@ -37,9 +37,10 @@ taskomatic_hibernate_debug_log: taskomatic_scc_access_logging: file.line: - name: /usr/share/rhn/classes/log4j2.xml - - content: ' ' - - after: "" + - content: '' + - before: "" - mode: ensure + - indent: True - require: - sls: server.rhn {% endif %} diff --git a/salt/server/tomcat.sls b/salt/server/tomcat.sls index 2350fe4dd..33504a463 100644 --- a/salt/server/tomcat.sls +++ b/salt/server/tomcat.sls @@ -33,7 +33,7 @@ salt_server_action_service_debug_log: {% endif %} {% if grains.get('scc_access_logging') %} -{% if __salt__["file.exists"]("/srv/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml") %} +{% if '4.3' in grains['product_version'] %} {% set tomcat_log4j2_xml_path = "/srv/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml" %} {% else %} {% set tomcat_log4j2_xml_path = "/usr/share/susemanager/www/tomcat/webapps/rhn/WEB-INF/classes/log4j2.xml" %} @@ -41,9 +41,10 @@ salt_server_action_service_debug_log: tomcat_scc_access_logging: file.line: - name: {{tomcat_log4j2_xml_path}} - - content: ' ' - - after: "" + - content: '' + - before: "" - mode: ensure + - indent: True - require: - sls: server.rhn {% endif %} From 33afe2d86b3ec067b1d1e2a7133b74cb6b56a7cf Mon Sep 17 00:00:00 2001 From: Marc-Elias Travitzky Date: Mon, 4 Mar 2024 11:34:49 +0100 Subject: [PATCH 11/11] Fix Jinja syntax Added spaces Co-authored-by: Oscar Barrios --- salt/server/tomcat.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/server/tomcat.sls b/salt/server/tomcat.sls index 33504a463..18dc4f388 100644 --- a/salt/server/tomcat.sls +++ b/salt/server/tomcat.sls @@ -40,7 +40,7 @@ salt_server_action_service_debug_log: {% endif %} tomcat_scc_access_logging: file.line: - - name: {{tomcat_log4j2_xml_path}} + - name: {{ tomcat_log4j2_xml_path }} - content: '' - before: "" - mode: ensure