[Engine-devel] Tweaking backup/restore of engine

Yair Zaslavsky yzaslavs at redhat.com
Tue Mar 4 06:53:59 UTC 2014



----- Original Message -----
> From: "Sven Kieske" <S.Kieske at mittwald.de>
> To: engine-devel at ovirt.org
> Sent: Monday, March 3, 2014 6:25:39 PM
> Subject: [Engine-devel] Tweaking backup/restore of engine
> 
> Hi,
> 
> currently all events are stored in the table audit_log
> which all gets saved when you use the engine-backup
> shell script.
> 
> 
> the event log is full of these login lines (engine 3.3.2):
> 
> 25652	fdfc627c-d875-11e0-90f0-83df133b58cc	admin at internal
> 00000000-0000-0000-0000-000000000000	\N	\N	\N	\N	\N	2014-01-20
> 06:39:17.222+01	USER_VDC_LOGIN	30	0	User admin at internal
> logged in.	f	\N		\N		00000000-0000-0000-0000-000000000000		\N	\N	\N
> \N	00000000-0000-0000-0000-000000000000	\N	oVirt	-1	30		f	\N
> 
> this makes the log and db grow very large when you use the REST-API
> to query ovirt for various data.
> 
> Is this necessary for a working restore?
> It would be cool if we could tweak the engine-backup
> tool to just dump necessary tables so you don't have
> to restore events from the past no one is interested
> in.
> 
> How does ovirt react, if I do not restore the content of the audit_log
> table?
> 
> If this works (restore without audit_log) I would prefer to have
> this code upstream in ovirt git so I don't have to maintain
> my own backupscript.
> 
> Would it be possible to extend the existing backupscript
> with a switch to not backup logs?
> Currently it's just "all" or "just db".
> 
> I also recall that there shouldn't occur multiple login events any
> more since ovirt 3.3. but it still seems to be the case.

Hi Sven,
This is not entirely accurate -
The solution introduced at commit hash  cb56de8808cec33b7599828ead890f52e32bcaea solves the problem for a specific case in which we have a multiple login in a very short interval of time -
mainly due to attempt to login from webadmin, while UI plugin tries to login as well.
We have an "anti flood" mechanism for events, allowing us to define an interval, in which an event will not be logged twice. In the case of the login event this is set to 5 seconds, which is enough to solve the above described scenario.


> 
> I also do not understand how you would manage a stored authentication
> via REST as REST is stateless.
> 
> I would appreciate any feedback or thoughts on this topic.
> --
> Mit freundlichen Grüßen / Regards
> 
> Sven Kieske
> 
> Systemadministrator
> Mittwald CM Service GmbH & Co. KG
> Königsberger Straße 6
> 32339 Espelkamp
> T: +49-5772-293-100
> F: +49-5772-293-333
> https://www.mittwald.de
> Geschäftsführer: Robert Meyer
> St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
> Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
> _______________________________________________
> Engine-devel mailing list
> Engine-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel
>



More information about the Engine-devel mailing list