rgw: s3 bucket logging/server access logging#14841
rgw: s3 bucket logging/server access logging#14841mikulely wants to merge 92 commits intoceph:masterfrom
Conversation
|
@mikulely does this correctly handle load-balanced multiple RGW instances (eg haproxy in front of RGW)? I haven't read the entire series to see if it would, but wanted to ask anyway. |
|
@mikulely from RGW bug scrub: do you have unit test support, or can provide? |
7f01511 to
264defb
Compare
|
@robbat2 what does @mattbenjamin there's no unit test at function level, but we do write a bunch of python scripts for functionality test. |
|
@mikulely The upload to user bucket, does it correctly take into account that multiple RGWs may be concurrently writing different entries in the ops log? Eg, during a multipart upload, individual parts may be concurrently uploaded to different RGWs. |
264defb to
885fe82
Compare
|
@robbat2 1. There‘s lock mechanism to guard only one rgw instance can handle certain bucket's opslog(copy from object lifecycle management impl )2. Every time rgw upload opslog to a unique rgw-object,the rgw-object name is generated by https://github.com/ceph/ceph/pull/14841/files#diff-ff97b7e16bb0ec2eef20f8068c88726cR158 |
612e4ba to
35bb385
Compare
|
rebased with master |
|
Repushed and add LDG ACL support |
ad0f05e to
4786ff2
Compare
Signed-off-by: Enming Zhang <enming.zhang@umcloud.com>
Signed-off-by: Enming Zhang <enming.zhang@umcloud.com>
eg:
$ radosgw-admin log show
{
"bucket_id": "4a039cfd-ab25-408a-9b04-51b6983b4ed0.4134.1",
"bucket_owner": "tester",
"bucket": "swiftcontainer1",
"log_entries": [
{
"bucket": "swiftcontainer1",
"time": "2017-09-07 12:20:34.903364Z",
"time_local": "2017-09-07 20:20:34.903364",
"remote_addr": "127.0.0.1",
"user": "tester",
"operation": "PUT",
"uri": "/swift/v1/swiftcontainer1",
"http_status": "201",
"error_code": "Created",
"bytes_sent": 0,
"bytes_received": 0,
"object_size": 0,
"total_time": 157935,
"user_agent": "python-swiftclient-3.4.0",
"referrer": "",
"prot_flags": "SWIFT_REST"
}
],
"log_sum": {
"bytes_sent": 0,
"bytes_received": 0,
"total_time": 157935,
"total_entries": 1
}
}
Signed-off-by: Enming Zhang <enming.zhang@umcloud.com>
track resource type via following endpoints: + s3 + s3website + swift auth + admin Signed-off-by: Jiaying Ren <jiaying.ren@umcloud.com>
Signed-off-by: Jiaying Ren <jiaying.ren@umcloud.com>
Mgerge branch 'wip-support-operation' into wip-jiaying-bl
rgw opslog:
+ did't recognise op issued via different endpoints,eg can‘t recognise
get request from s3/s3website endpoint.
+ missing parsed http_method,(this one is not the same as the one that
stored in the http request, which is a string)
+ didn't record resource_type,which need to be recorded during http routing
this patch add three new fields:
+ prot_flag
+ http_method
+ resource
[root@ceph-node1]~/jiaying/ceph/build# ../src/mrun j2 radosgw-admin log show --object=2017-09-15-20-2a6a2c76-d968-4c0f-800d-49c412fd61b5.4106.1-test
{
"bucket": "test",
"time": "2017-09-15 12:26:49.704525Z",
"time_local": "2017-09-15 20:26:49.704525",
"remote_addr": "127.0.0.1",
"user": "testid",
"operation": "PUT",
"uri": "/test/777777777",
"http_status": "200",
"error_code": "",
"bytes_sent": 0,
"bytes_received": 5242880,
"object_size": 5242880,
"total_time": 476762,
"user_agent": "",
"referrer": "",
"prot_flags": "REST",
"resource": "OBJECT",
"http_method": "PUT"
}
[1] http://docs.aws.amazon.com/AmazonS3/latest/dev/LogFormat.html
Signed-off-by: Jiaying Ren <jiaying.ren@umcloud.com>
Signed-off-by: Jiaying Ren <jiaying.ren@umcloud.com>
Signed-off-by: Jiaying Ren <jiaying.ren@umcloud.com>
compile errno log:
/home/mikulely/ceph/src/rgw/rgw_bl.cc: In function ‘std::string render_target_key(CephContext*, std::string)’:
/home/mikulely/ceph/src/rgw/rgw_bl.cc:156:31: error: void value not ignored as it ought to be
sizeof(unique_string_buf));
^
/home/mikulely/ceph/src/rgw/rgw_bl.cc: In member function ‘int RGWBL::process()’:
/home/mikulely/ceph/src/rgw/rgw_bl.cc:825:59: error: ‘get_random_bytes’ was not declared in this scope
int ret = get_random_bytes((char *)&start, sizeof(start));
Signed-off-by: Jiaying Ren <jiaying.ren@umcloud.com>
Signed-off-by: Jiaying Ren <jiaying.ren@umcloud.com>
Signed-off-by: Jiaying Ren <jiaying.ren@umcloud.com>
d96ea42 to
fc6a4a9
Compare
|
@yehudasa rebased against master:
Plz help to review. |
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
|
unstale me my man |
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
| ::decode(x_headers, p); | ||
| } | ||
| if (struct_v >= 10) { | ||
| ::decode(prot_flags, p); |
|
This pull request has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs for another 30 days. |
|
This pull request has been automatically closed because there has been no activity for 90 days. Please feel free to reopen this pull request (or open a new one) if the proposed change is still appropriate. Thank you for your contribution! |
This is initial impl of s3 bucket logging/server access logging (
http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html )
We've discussed this on ML before (
https://www.spinics.net/lists/ceph-devel/msg35681.html )
Usage doc can be found at mikulely@dd52135
I've also writen a shell script as runbook to demonstrate BL usage can be found at
https://gist.github.com/mikulely/cb6b245c60fda4c1546aaa761c2e5615
We've rebased this functionality form Jewel to Master, and added test
cases to s3-tests in the following pr ceph/s3-tests#161
Current impl lack of Log Delivery Group ACL support(http://docs.aws.amazon.com/AmazonS3/latest/dev/enable-logging-programming.html),
to someone who may concern.
potential issue/ future work+ race condition when opslog add to and bl deliver from same opslog rdos-obj+ cleanup those opslog rados-obj which opslog is enable but bl is disableThose issue need future work to refactor current ops log impl.Maybe we can rename opslog rados-obj when delivering, cause radosobject are located by name, rename means extra data copy.
We propose that we can organize opslogs into rados namespace,namespace can be named by date(like 2017-04-47),and bl_deliver only
process namespace with older date.This process fit our deliver
scheduler(provide bucket logging for yesterday) and also avoiding race
condition. cleanup unused opslog also is very easy,just remove remaining
opslog objs in the namespace after delivery.
CC: @mattbenjamin @yehudasa @robbat2 (Plz take a test if you're still interested.)
Edited:
2017-06-23: strike through outdated description