Hello,
I am currently working on recovering some logs on rstudio.
The working environment on which I am working is the following:
- a virtual machine running the Rstudio Workbench service
- a GKE cluster that starts Rstudio sessions when you start a session on Rstudio Workbench
The problem I have right now is that some logs are not generated.
For example, in the file /var/lib/rstudio-server/audit/r-sessions/r-sessions.csv we get logs such as auth_login, session_start, session_quit, etc ...
However I don't get the file upload and download logs in a Rsession.
Here is my conf file :
cat > /etc/rstudio/rserver.conf << EOF
www-port=443
SSL
ssl-enabled=1
ssl-certificate=/etc/rstudio/cert.txt
ssl-certificate-key=/etc/rstudio/cert.keyserver conf
launcher-address=localhost
launcher-port=5559
launcher-sessions-enabled=1
launcher-default-cluster=Kubernetes
launcher-sessions-callback-address={rs_workbench_address} launcher-sessions-container-run-as-root=0 launcher-sessions-create-container-user=1 launcher-sessions-container-image={r_session_default_image}
admin-enabled=1
admin-group=rstudio-adminsLog and monitoring config
server-health-check-enabled=1
audit-r-sessions=1
audit-r-sessions-limit-mb=20
audit-r-sessions-limit-months=1
audit-r-console=inputSAML
auth-saml=1
auth-saml-metadata-path=/etc/rstudio/metadata.xml
auth-saml-sp-attribute-username=samaccountname
#auth-saml-sp-attribute-username=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
auth-saml-sp-base-uri=${rs_workbench_address} # Used as reply url
EOF
and here are the error messages I get when I access the session info start :
2023-01-06T17:53:53.790708Z [rsession-MY_VISA] ERROR asio.ssl error 337047686 (certificate verify failed (SSL routines, tls_process_server_certificate)) [host: rsw.teamdev.dev.df.avri.com, uri: /monitor/log_event, address: rsw.teamdev.dev.df.avri.com, port: 443, description: Failed request to auditing and monitoring service rserver-monitor]; OCCURRED AT void rstudio::core::http::TcpIpAsyncClientSsl::handleHandshake(const rstudio_boost::system::error_code&) src/cpp/session/SessionModuleContext.cpp:132;
And for all attempts to upload a file :
LOGGED FROM: void rstudio::monitor::{anonymous}::logErrorHandler(const rstudio::core::Error&) src/cpp/monitor/MonitorClientOverlay.cpp:64
2023-01-06T19:59:06.297591Z [rsession-MY_VISA] ERROR asio.ssl error 337047686 (certificate verify failed (SSL routines, tls_process_server_certificate)) [host: rsw.teamdev.dev.df.avri.com, uri: /monitor/log_console_action, address: rsw.teamdev.dev.df.avri.com, port: 443, description: Failed request to auditing and monitoring service rserver-monitor]; OCCURRED AT void rstudio::core::http::TcpIpAsyncClientSsl::handleHandshake(const rstudio_boost::system::error_code&) src/cpp/session/SessionModuleContext.cpp:132;
However, by adding the following line
launcher-sessions-callback-verify-ssl-certs=0
to the file /etc/rstudio/rserver.conf
I find the log session_file_upload and session_file_download that I searched, in the /var/lib/rstudio-server/audit/r-sessions/r-sessions.csv file of my workbench virtual machin.
This solution works but is not recommended in my company because setting
launcher-sessions-callback-verify-ssl-certs=0
indicates that we disable verification of the server's SSL certificate when Launcher sessions communicate back via the callback address.
So I tried another method by adding the following lines to the file /etc/rstudio/rserver.conf:
session-ssl-enabled = 1
session-ssl-cert = /etc/rstudio/cert.txt
session-ssl-cert-key = /etc/rstudio/cert.key
And I got this error :
2023-01-06T17:57:05.806196Z [rsession-MY_VISA] ERROR system error 2 (No such file or directory) [description: Session http certificate file does not exist: /etc/rstudio/cert.txt]; OCCURRED AT virtual rstudio::core::Error rstudio::session::TcpIpHttpConnectionListener::initializeAcceptor(rstudio::core::http::SocketAcceptorService<rstudio_boost::asio::ip::tcp>) src/cpp/session/http/SessionPosixHttpConnectionListener.cpp:82; LOGGED FROM: int main(int, char const*) src/cpp/session/SessionMain.cpp:2246
Can someone explaine me if my last solution is good and if it's a good solution can you help me to resolve it please ?
Thank you by advance,
Alain