diff --git a/lib/charms/mongodb/v1/helpers.py b/lib/charms/mongodb/v1/helpers.py index 16ce2e538..02c680570 100644 --- a/lib/charms/mongodb/v1/helpers.py +++ b/lib/charms/mongodb/v1/helpers.py @@ -46,19 +46,37 @@ DATA_DIR = "/var/lib/mongodb" LOG_DIR = "/var/log/mongodb" -LOG_TO_SYSLOG = True CONF_DIR = "/etc/mongod" MONGODB_LOG_FILENAME = "mongodb.log" logger = logging.getLogger(__name__) def _get_logging_options(snap_install: bool) -> str: - # TODO sending logs to syslog until we have a separate mount point for logs - if LOG_TO_SYSLOG: - return "" - # in k8s the default logging options that are used for the vm charm are ignored and logs are - # the output of the container. To enable logging to a file it must be set explicitly - return f"--logpath={LOG_DIR}/{MONGODB_LOG_FILENAME}" if snap_install else "" + """Returns config option for log path. + + :param snap_install: indicate that charmed-mongodb was installed from snap (VM charms) + :return: a path to log file to be used + """ + log_path = f"{LOG_DIR}/{MONGODB_LOG_FILENAME}" + if snap_install: + log_path = f"{MONGODB_COMMON_DIR}{log_path}" + return f"--logpath={log_path}" + + +def _get_audit_log_settings(snap_install: bool) -> List[str]: + """Return config options for audit log. + + :param snap_install: indicate that charmed-mongodb was installed from snap (VM charms) + :return: a list of audit log settings for charmed MongoDB + """ + audit_log_path = f"{LOG_DIR}/{Config.AuditLog.FILE_NAME}" + if snap_install: + audit_log_path = f"{MONGODB_COMMON_DIR}{audit_log_path}" + return [ + f"--auditDestination={Config.AuditLog.DESTINATION}", + f"--auditFormat={Config.AuditLog.FORMAT}", + f"--auditPath={audit_log_path}", + ] # noinspection GrazieInspection @@ -172,6 +190,7 @@ def get_mongod_args( full_data_dir = f"{MONGODB_COMMON_DIR}{DATA_DIR}" if snap_install else DATA_DIR full_conf_dir = f"{MONGODB_SNAP_DATA_DIR}{CONF_DIR}" if snap_install else CONF_DIR logging_options = _get_logging_options(snap_install) + audit_log_settings = _get_audit_log_settings(snap_install) cmd = [ # bind to localhost and external interfaces "--bind_ip_all", @@ -182,10 +201,10 @@ def get_mongod_args( # for simplicity we run the mongod daemon on shards, configsvrs, and replicas on the same # port f"--port={Config.MONGODB_PORT}", - "--auditDestination=syslog", # TODO sending logs to syslog until we have a separate mount point for logs - f"--auditFormat={Config.AuditLog.FORMAT}", + "--setParameter processUmask=037", # required for log files perminission (g+r) logging_options, ] + cmd.extend(audit_log_settings) if auth: cmd.extend(["--auth"]) diff --git a/src/config.py b/src/config.py index 1d56d2a01..bb577be6d 100644 --- a/src/config.py +++ b/src/config.py @@ -44,6 +44,7 @@ class AuditLog: """Audit log related configuration.""" FORMAT = "JSON" + DESTINATION = "file" FILE_NAME = "audit.log" class Backup: diff --git a/tests/integration/ha_tests/helpers.py b/tests/integration/ha_tests/helpers.py index becbe9d99..aee18287b 100644 --- a/tests/integration/ha_tests/helpers.py +++ b/tests/integration/ha_tests/helpers.py @@ -37,7 +37,7 @@ MONGODB_LOG_PATH = f"{MONGO_COMMON_DIR}/var/log/mongodb/mongodb.log" MONGOD_SERVICE_DEFAULT_PATH = "/etc/systemd/system/snap.charmed-mongodb.mongod.service" TMP_SERVICE_PATH = "tests/integration/ha_tests/tmp.service" -LOGGING_OPTIONS = f"--logpath={MONGO_COMMON_DIR}/var/log/mongodb/mongodb.log --logappend" +LOGGING_OPTIONS = "--logappend" EXPORTER_PROC = "/usr/bin/mongodb_exporter" GREP_PROC = "grep" diff --git a/tests/integration/sharding_tests/test_sharding_tls.py b/tests/integration/sharding_tests/test_sharding_tls.py index 1fb37e834..a5152f5bb 100644 --- a/tests/integration/sharding_tests/test_sharding_tls.py +++ b/tests/integration/sharding_tests/test_sharding_tls.py @@ -107,7 +107,6 @@ async def test_tls_then_build_cluster(ops_test: OpsTest) -> None: @pytest.mark.group(1) @pytest.mark.abort_on_fail async def test_tls_inconsistent_rels(ops_test: OpsTest) -> None: - await ops_test.model.deploy( CERTS_APP_NAME, application_name=DIFFERENT_CERTS_APP_NAME, channel="stable" ) diff --git a/tests/unit/test_mongodb_helpers.py b/tests/unit/test_mongodb_helpers.py index f9c78a515..d87de90a2 100644 --- a/tests/unit/test_mongodb_helpers.py +++ b/tests/unit/test_mongodb_helpers.py @@ -14,8 +14,12 @@ def test_get_mongod_args(self): "--replSet=my_repl_set", "--dbpath=/var/snap/charmed-mongodb/common/var/lib/mongodb", "--port=27017", - "--auditDestination=syslog", + "--setParameter", + "processUmask=037", + "--logpath=/var/snap/charmed-mongodb/common/var/log/mongodb/mongodb.log", + "--auditDestination=file", "--auditFormat=JSON", + "--auditPath=/var/snap/charmed-mongodb/common/var/log/mongodb/audit.log", "--auth", "--clusterAuthMode=keyFile", "--keyFile=/var/snap/charmed-mongodb/current/etc/mongod/keyFile", @@ -38,8 +42,12 @@ def test_get_mongod_args(self): "--replSet=my_repl_set", "--dbpath=/var/snap/charmed-mongodb/common/var/lib/mongodb", "--port=27017", - "--auditDestination=syslog", + "--setParameter", + "processUmask=037", + "--logpath=/var/snap/charmed-mongodb/common/var/log/mongodb/mongodb.log", + "--auditDestination=file", "--auditFormat=JSON", + "--auditPath=/var/snap/charmed-mongodb/common/var/log/mongodb/audit.log", ] self.assertEqual( @@ -54,8 +62,12 @@ def test_get_mongod_args(self): "--replSet=my_repl_set", "--dbpath=/var/lib/mongodb", "--port=27017", - "--auditDestination=syslog", + "--setParameter", + "processUmask=037", + "--logpath=/var/log/mongodb/mongodb.log", + "--auditDestination=file", "--auditFormat=JSON", + "--auditPath=/var/log/mongodb/audit.log", ] self.assertEqual( diff --git a/tox.ini b/tox.ini index f8b075cd4..70fa22343 100644 --- a/tox.ini +++ b/tox.ini @@ -16,6 +16,7 @@ all_path = {[vars]src_path} {[vars]tests_path} {[vars]mongodb_lib_path} set_env = PYTHONPATH = {[vars]src_path}:{tox_root}/lib PY_COLORS=1 + PYTHONDONTWRITEBYTECODE=1 pass_env = PYTHONPATH CHARM_BUILD_DIR