fix: logging verbosity now actually applies + per-service log levels

Root causes fixed: - Dead LOG_LEVEL globals() lookup pinned root logger at INFO regardless of PIC_LOG_LEVEL env or config; replaced with _resolve_root_log_level() + apply_root_log_level() which sets both root logger and all attached handlers at startup and on runtime re-apply. - set_service_level() only set the named 'pic.<service>' logger; bare module loggers (e.g. 'caddy_manager') were never reached, so per-service log files stayed 0 bytes. Fixed via _SERVICE_MODULE_LOGGERS map covering all managers. - Log viewer GET /api/logs had no level filter; added ?level= query param. - Per-service log levels lived in an out-of-band config/api/log_levels.json side-file with no validation; migrated into ConfigManager under a new 'logging' section ({python:{root,services}, containers:{caddy,coredns, wireguard,mailserver,api}}) with get/set helpers, invalid-level rejection, and one-time migration from the old file on first load. New capabilities: - Container log levels: Caddy (injects global log { level X } + hot reload), CoreDNS (DEBUG enables log plugin, else errors-only), WireGuard/mailserver via pending_restart path. - PUT /api/logs/verbosity accepts {python, containers} dict; returns per-entry applied:hot|pending_restart status. - Webui Logs page gains two-section Verbosity tab (Python services + Container services) with needs-restart badges. - managers.py wires per-service loggers before manager instantiation and re-applies persisted levels from ConfigManager; legacy log_levels.json read removed. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-10 19:14:01 -04:00
parent 89aed4efe0
commit 13074f56cb
15 changed files with 726 additions and 158 deletions
@@ -41,6 +41,18 @@ CADDY_CONTAINER = 'cell-caddy'
 COREFILE_PATH = '/app/config/dns/Corefile'
 ZONE_DATA_DIR = '/data'  # inside CoreDNS container; mounted from ./data/dns

+# Optional callable wired by managers.py that returns the persisted CoreDNS log
+# level (Python level name). Lets generate_corefile keep the configured level
+# sticky across regenerations triggered for unrelated reasons (peer changes,
+# IP-range edits) without threading config_manager through every call site.
+_coredns_level_resolver = None
+
+
+def set_coredns_level_resolver(resolver) -> None:
+    """Wire the persisted-CoreDNS-level resolver (called once at startup)."""
+    global _coredns_level_resolver
+    _coredns_level_resolver = resolver
+

 def _run(cmd: List[str], check: bool = True) -> subprocess.CompletedProcess:
    """Run a shell command and return the result."""
@@ -709,10 +721,21 @@ def _build_acl_block(blocked_peers_by_service: Dict[str, List[str]],
    return '\n'.join(lines)


+def _coredns_log_directive(level: str) -> str:
+    """Return the per-block logging directive line for CoreDNS.
+
+    DEBUG → the verbose `log` query-logging plugin. Any higher level → `errors`
+    only (CoreDNS has no INFO/WARN query-log granularity), keeping the per-cell
+    DNS logs quiet by default.
+    """
+    return 'log' if (level or 'INFO').upper() == 'DEBUG' else 'errors'
+
+
 def generate_corefile(peers: List[Dict[str, Any]], corefile_path: str = COREFILE_PATH,
                      domain: str = 'cell',
                      cell_links: Optional[List[Dict[str, Any]]] = None,
-                      split_horizon_zones: Optional[List[str]] = None) -> bool:
+                      split_horizon_zones: Optional[List[str]] = None,
+                      coredns_level: Optional[str] = None) -> bool:
    """
    Rewrite the CoreDNS Corefile with per-peer ACL rules and reload plugin.
    The file is written to corefile_path (API-side path mapped into CoreDNS container).
@@ -739,7 +762,14 @@ def generate_corefile(peers: List[Dict[str, Any]], corefile_path: str = COREFILE

        acl_block = _build_acl_block(blocked, domain)

-        primary_zone_block = f'{domain} {{\n    file /data/{domain}.zone\n    log\n'
+        if coredns_level is None and _coredns_level_resolver is not None:
+            try:
+                coredns_level = _coredns_level_resolver()
+            except Exception:
+                coredns_level = 'INFO'
+        log_directive = _coredns_log_directive(coredns_level)
+
+        primary_zone_block = f'{domain} {{\n    file /data/{domain}.zone\n    {log_directive}\n'
        if acl_block:
            primary_zone_block += acl_block + '\n'
        primary_zone_block += '}\n'
@@ -747,7 +777,7 @@ def generate_corefile(peers: List[Dict[str, Any]], corefile_path: str = COREFILE
        corefile = f""". {{
    forward . 8.8.8.8 1.1.1.1
    cache
-    log
+    {log_directive}
    health
    reload
 }}
@@ -767,13 +797,13 @@ def generate_corefile(peers: List[Dict[str, Any]], corefile_path: str = COREFILE
                    f'\n_acme-challenge.{sz} {{\n'
                    f'    forward . 8.8.8.8 1.1.1.1\n'
                    f'    cache\n'
-                    f'    log\n'
+                    f'    {log_directive}\n'
                    f'}}\n'
                )
                corefile += (
                    f'\n{sz} {{\n'
                    f'    file /data/{sz}.zone\n'
-                    f'    log\n'
+                    f'    {log_directive}\n'
                    f'}}\n'
                )

@@ -788,7 +818,7 @@ def generate_corefile(peers: List[Dict[str, Any]], corefile_path: str = COREFILE
                    f'\n{link_domain} {{\n'
                    f'    forward . {link_dns_ip}\n'
                    f'    cache\n'
-                    f'    log\n'
+                    f'    {log_directive}\n'
                    f'}}\n'
                )
        elif not split_horizon_zones: