Better debug logging for host user creation #46789
Conversation
rosstimothy
added
the
no-changelog
Yeah definitely! I should've asked, I noticed there were a few loggers in play and wondered if there was a reason for that haha. I'll get all of these updated 👍 |
eriktate
force-pushed
the
eriktate/improved-host-user-logging
branch
4 times, most recently
from
ea53d75
to
23b356c
Compare
eriktate
force-pushed
the
eriktate/improved-host-user-logging
branch
from
23b356c
to
5f085da
Compare
eriktate
force-pushed
the
eriktate/improved-host-user-logging
branch
3 times, most recently
from
1ebe439
to
5204fca
Compare
eriktate
force-pushed
the
eriktate/improved-host-user-logging
branch
2 times, most recently
from
c29cc2a
to
950f236
Compare
lib/srv/sess.go
Outdated
| @@ -289,15 +294,19 @@ func (s *SessionRegistry) WriteSudoersFile(identityContext IdentityContext) (io. | |||
| // If the returned closer is not nil, it must be called at the end of the session to | |||
| // clean up the local user. | |||
| func (s *SessionRegistry) UpsertHostUser(identityContext IdentityContext) (bool, io.Closer, error) { | |||
| ctx := context.TODO() | |||
There was a problem hiding this comment.
We have s.Srv.Context(), can we use it instead?
lib/srv/sess_test.go
Outdated
| @@ -259,6 +260,7 @@ func TestSession_newRecorder(t *testing.T) { | |||
| id: "test", | |||
| log: logger, | |||
| registry: &SessionRegistry{ | |||
| logger: slog.Default(), | |||
There was a problem hiding this comment.
We have github.com/gravitational/teleport/lib/utils.NewSlogLoggerForTests() which is usually used for this type of initializations.
It does a little more that just calling slog.Default()
lib/srv/usermgmt.go
Outdated
| @@ -68,10 +70,10 @@ func NewHostSudoers(uuid string) HostSudoers { | |||
| backend, err := newHostSudoersBackend(uuid) | |||
| switch { | |||
| case trace.IsNotImplemented(err): | |||
| log.Debugf("Skipping host sudoers management: %v", err) | |||
| slog.DebugContext(context.Background(), "Skipping host sudoers management", "err", err) | |||
There was a problem hiding this comment.
| slog.DebugContext(context.Background(), "Skipping host sudoers management", "err", err) | |
| slog.DebugContext(context.Background(), "Skipping host sudoers management", "error", err) |
lib/srv/usermgmt.go
Outdated
| return nil | ||
| case err != nil: //nolint:staticcheck // linter fails on non-linux system as only linux implementation returns useful values. | ||
| log.Warnf("Error making new HostSudoersBackend: %s", err) | ||
| slog.DebugContext(context.Background(), "Error making new HostSudoersBackend", "err", err) |
There was a problem hiding this comment.
| slog.DebugContext(context.Background(), "Error making new HostSudoersBackend", "err", err) | |
| slog.DebugContext(context.Background(), "Error making new HostSudoersBackend", "error", err) |
lib/srv/usermgmt.go
Outdated
| @@ -232,6 +236,15 @@ func (u *HostSudoersManagement) RemoveSudoers(name string) error { | |||
| var unmanagedUserErr = errors.New("user not managed by teleport") | |||
|
|
|||
| func (u *HostUserManagement) updateUser(name string, ui services.HostUsersInfo) (io.Closer, error) { | |||
| ctx := context.TODO() | |||
There was a problem hiding this comment.
Can we use u.ctx ?
| final = append(final, group) | ||
| } | ||
|
|
||
| log.DebugContext(ctx, "Setting user groups", "before", current, "after", final) |
There was a problem hiding this comment.
💅 If we sort them, it would make human comparison easier
lib/srv/usermgmt.go
Outdated
| "uid", ui.UID, | ||
| ) | ||
|
|
||
| log.DebugContext(context.Background(), "Attempting to create host user", "gid", ui.GID) |
There was a problem hiding this comment.
Can we use s.ctx instead of context.Backgroun()?
lib/srv/usermgmt.go
Outdated
| if _, err := os.Stat(userOpts.Home); os.IsNotExist(err) { | ||
| log.InfoContext(context.Background(), "Creating home directory", "home", userOpts.Home, "gid", userOpts.GID) | ||
| if err := u.backend.CreateHomeDirectory(userOpts.Home, user.Uid, user.Gid); err != nil { |
There was a problem hiding this comment.
We have a race here. The Home might be created between the os.Stat and the CreateHomeDirectory.
Should we just try to create it anyway and then handle the error gracefully?
There was a problem hiding this comment.
That's essentially what CreateHomeDirectory does, but it swallows the error context instead of returning it to the caller. I suppose we could surface the error when the directory already exists and handle it here instead 🤔
There was a problem hiding this comment.
I dropped the os.Stat in favor of making CreateHomeDirectory return the os.ErrExists so that callers can handle the cases as they see fit 👍
lib/srv/usermgmt.go
Outdated
| @@ -533,14 +590,15 @@ func isUnknownGroupError(err error, groupName string) bool { | |||
|
|
|||
| // DeleteAllUsers deletes all host users in the teleport service group. | |||
| func (u *HostUserManagement) DeleteAllUsers() error { | |||
| u.log.DebugContext(context.Background(), "Attempting to delete all temporary host users") | |||
There was a problem hiding this comment.
Maybe move this to info?
eriktate
force-pushed
the
eriktate/improved-host-user-logging
branch
2 times, most recently
from
9d7cac3
to
cb8b316
Compare
eriktate
force-pushed
the
eriktate/improved-host-user-logging
branch
from
cb8b316
to
0259e86
Compare
public-teleport-github-review-bot
bot
removed the request for review
from timothyb89
…d updating existing logs to structured logging
eriktate
force-pushed
the
eriktate/improved-host-user-logging
branch
from
0259e86
to
ac1c622
Compare
Host user creation doesn't produce many useful logs, even in debug mode. This PR adds some new logs and updates some existing ones to help make more sense of what's happening at runtime.