chore: add example for audit logging to file in docker #1496
Conversation
| image: flipt/flipt:latest | ||
| command: ["./flipt", "--force-migrate"] | ||
| ports: | ||
| - "8080:8080" |
There was a problem hiding this comment.
what if we mounted a local file for the audit log as a volume, then the user could also tail that file in another terminal to see it being written to? we could include that in the instructions?
like:
volumes:
- "/tmp/flipt/audit.log:/var/opt/flipt/audit.log"There was a problem hiding this comment.
@markphelps I like the idea. I think that would work best 👍
There was a problem hiding this comment.
My bad, this should prob be /var/log/flipt/audit.log instead of /var/opt. I copied and pasted from a previous example 😞 sorry
| ## Running the Example | ||
|
|
||
| 1. Run `docker-compose up` from this directory | ||
| 1. Open the Flipt UI (default: [http://localhost:8080](http://localhost:8080)) |
There was a problem hiding this comment.
We could add:
1. Create some sample data: Flags/Segments/etc.
1. In a new terminal, run `tail -f /tmp/flipt/audit.log` to see events written to the log
See my comment below about mounting the file to a volume in the container
There was a problem hiding this comment.
could we make it audit.log or similar so it ends in the .log ext?
There was a problem hiding this comment.
@markphelps Done. made that change.
yquansah
force-pushed
the
yq-add-example
branch
from
6d50f12 to
9a4f4bc
Compare
| ## Running the Example | ||
|
|
||
| 1. Run `docker-compose up` from this directory | ||
| 1. Open the Flipt UI (default: [http://localhost:8080](http://localhost:8080)) |
There was a problem hiding this comment.
could we make it audit.log or similar so it ends in the .log ext?
| image: flipt/flipt:latest | ||
| command: ["./flipt", "--force-migrate"] | ||
| ports: | ||
| - "8080:8080" |
There was a problem hiding this comment.
My bad, this should prob be /var/log/flipt/audit.log instead of /var/opt. I copied and pasted from a previous example 😞 sorry
examples/audit/docker-compose.yml
Outdated
| environment: | ||
| - FLIPT_LOG_LEVEL=debug | ||
| - FLIPT_AUDIT_SINKS_LOG_ENABLED=true | ||
| - FLIPT_AUDIT_SINKS_LOG_FILE=/var/opt/flipt/audit.log |
There was a problem hiding this comment.
| - FLIPT_AUDIT_SINKS_LOG_FILE=/var/opt/flipt/audit.log | |
| - FLIPT_AUDIT_SINKS_LOG_FILE=/var/log/flipt/audit.log |
sorry again
There was a problem hiding this comment.
Tip: adding another path will need a chown in these locations:
There was a problem hiding this comment.
@markphelps @GeorgeMac Yeah I used the location /var/log/audit.log to avoid modifying the Dockerfile. If I should actually create that flipt directory under /var/log, then I am down to do that too.
yquansah
force-pushed
the
yq-add-example
branch
from
76e6431 to
e072069
Compare
examples/audit/README.md
Outdated
|
|
||
| ```bash | ||
| FLIPT_AUDIT_SINKS_LOG_ENABLED=true | ||
| FLIPT_AUDIT_SINKS_LOG_FILE=/var/opt/flipt/audit.log |
There was a problem hiding this comment.
| FLIPT_AUDIT_SINKS_LOG_FILE=/var/opt/flipt/audit.log | |
| FLIPT_AUDIT_SINKS_LOG_FILE=/var/log/flipt/audit.log |
examples/audit/README.md
Outdated
| mkdir -p /tmp/flipt && touch /tmp/flipt/audit.log | ||
| ``` | ||
|
|
||
| and `tail` the logs as you are making API request to the Flipt server when the container is running. |
There was a problem hiding this comment.
| and `tail` the logs as you are making API request to the Flipt server when the container is running. | |
| and `tail` the logs as you are making API requests to the Flipt server when the container is running. |
| FLIPT_AUDIT_SINKS_LOG_FILE=/var/opt/flipt/audit.log | ||
| ``` | ||
|
|
||
| The auditable events currently are CRUD (except for read) operations on `flags`, `variants`, `segments`, `constraints`, `rules`, `distributions`, and `namespaces`. If you do any of these operations through the API, it should emit an audit event log to the specified location. |
There was a problem hiding this comment.
| The auditable events currently are CRUD (except for read) operations on `flags`, `variants`, `segments`, `constraints`, `rules`, `distributions`, and `namespaces`. If you do any of these operations through the API, it should emit an audit event log to the specified location. | |
| The auditable events currently are CRUD (except for read) operations on `flags`, `variants`, `segments`, `constraints`, `rules`, `distributions`, and `namespaces`. If you perform any of these operations through the API, it should emit an audit event log to the specified location. |
examples/audit/README.md
Outdated
|
|
||
| The auditable events currently are CRUD (except for read) operations on `flags`, `variants`, `segments`, `constraints`, `rules`, `distributions`, and `namespaces`. If you do any of these operations through the API, it should emit an audit event log to the specified location. | ||
|
|
||
| Since docker containers are ephemeral and data within the container is lost when the container exits. In this example we mount a local file on the host to the audit event log location in the container as a volume. You would have to create the file [first](https://github.com/moby/moby/issues/21612#issuecomment-202984678) before starting the container: |
There was a problem hiding this comment.
| Since docker containers are ephemeral and data within the container is lost when the container exits. In this example we mount a local file on the host to the audit event log location in the container as a volume. You would have to create the file [first](https://github.com/moby/moby/issues/21612#issuecomment-202984678) before starting the container: | |
| Since docker containers are ephemeral and data within the container is lost when the container exits, we mount a local file on the host to the audit event log location in the container as a volume. You would have to create the file [first](https://github.com/moby/moby/issues/21612#issuecomment-202984678) before starting the container: |
Add example for running a Flipt in a docker container with audit logging enabled.
Completes FLI-306