From 25a71bc565d30554dfbfe9369569fd5e31a1e396 Mon Sep 17 00:00:00 2001 From: Phil Sphicas Date: Mon, 1 Jun 2020 02:30:25 +0000 Subject: [PATCH] Eliminate sudo and pam_unix(sudo:session) log spam MAAS rack and region controllers poll the status of services every minute, cluttering the logs with messages like the ones below. This change turns disables sudo logging for the maas user. sudo[10061]: maas : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/systemctl status ntp sudo[10061]: pam_unix(sudo:session): session opened for user root by (uid=0) sudo[10061]: pam_unix(sudo:session): session closed for user root Change-Id: I18547c5248cf73743cd8c0f26c471854540936eb --- images/maas-rack-controller/Dockerfile | 3 +++ images/maas-region-controller/Dockerfile | 3 +++ 2 files changed, 6 insertions(+) diff --git a/images/maas-rack-controller/Dockerfile b/images/maas-rack-controller/Dockerfile index 16d14d0..35b644c 100644 --- a/images/maas-rack-controller/Dockerfile +++ b/images/maas-rack-controller/Dockerfile @@ -70,5 +70,8 @@ COPY scripts/journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.ser RUN mkdir -p /etc/systemd/system/basic.target.wants ;\ ln -s /etc/systemd/system/journalctl-to-tty.service /etc/systemd/system/basic.target.wants/journalctl-to-tty.service +# quiet sudo for the maas user +RUN umask 0337; echo 'Defaults:maas !pam_session, !syslog' > /etc/sudoers.d/99-maas-no-log + # initalize systemd CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=console 3>&1"] diff --git a/images/maas-region-controller/Dockerfile b/images/maas-region-controller/Dockerfile index 104fd79..cdc2811 100644 --- a/images/maas-region-controller/Dockerfile +++ b/images/maas-region-controller/Dockerfile @@ -98,5 +98,8 @@ COPY journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service RUN mkdir -p /etc/systemd/system/basic.target.wants ;\ ln -s /etc/systemd/system/journalctl-to-tty.service /etc/systemd/system/basic.target.wants/journalctl-to-tty.service +# quiet sudo for the maas user +RUN umask 0337; echo 'Defaults:maas !pam_session, !syslog' > /etc/sudoers.d/99-maas-no-log + # initalize systemd CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=console 3>&1"]