A new logging.properties has been added to each subsystem to define the PKI packages to be logged in the debug log. The server logging.properties has been updated to define the debug log handlers for each subsystem.
The pki.policy has been modified to allow Tomcat to read the default logging.properties files in /usr/share/pki and to generate debug logs in instance subfolders. https://fedorahosted.org/pki/ticket/195 -- Endi S. Dewata
>From 57459183285d9e9913c61ff6eb986e57ee9c3cf1 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <[email protected]> Date: Wed, 21 Sep 2016 03:23:02 +0200 Subject: [PATCH] Added subsystem logging.properties for debugging. A new logging.properties has been added to each subsystem to define the PKI packages to be logged in the debug log. The server logging.properties has been updated to define the debug log handlers for each subsystem. The pki.policy has been modified to allow Tomcat to read the default logging.properties files in /usr/share/pki and to generate debug logs in instance subfolders. https://fedorahosted.org/pki/ticket/195 --- .../webapps/ca/WEB-INF/classes/logging.properties | 27 +++++++++++++ .../webapps/kra/WEB-INF/classes/logging.properties | 27 +++++++++++++ .../ocsp/WEB-INF/classes/logging.properties | 27 +++++++++++++ .../python/pki/server/deployment/pkihelper.py | 12 ------ base/server/share/conf/logging.properties | 46 +++++++++++++++++++++- base/server/share/conf/pki.policy | 2 + .../webapps/tks/WEB-INF/classes/logging.properties | 27 +++++++++++++ .../webapps/tps/WEB-INF/classes/logging.properties | 27 +++++++++++++ 8 files changed, 182 insertions(+), 13 deletions(-) create mode 100644 base/ca/shared/webapps/ca/WEB-INF/classes/logging.properties create mode 100644 base/kra/shared/webapps/kra/WEB-INF/classes/logging.properties create mode 100644 base/ocsp/shared/webapps/ocsp/WEB-INF/classes/logging.properties create mode 100644 base/tks/shared/webapps/tks/WEB-INF/classes/logging.properties create mode 100644 base/tps/shared/webapps/tps/WEB-INF/classes/logging.properties diff --git a/base/ca/shared/webapps/ca/WEB-INF/classes/logging.properties b/base/ca/shared/webapps/ca/WEB-INF/classes/logging.properties new file mode 100644 index 0000000000000000000000000000000000000000..a07eeeb704fb9b267b8279813926eac9fd54d3c5 --- /dev/null +++ b/base/ca/shared/webapps/ca/WEB-INF/classes/logging.properties @@ -0,0 +1,27 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2016 Red Hat, Inc. +# All rights reserved. +# Modifications: configuration parameters +# --- END COPYRIGHT BLOCK --- + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +.handlers = 5ca-debug.java.util.logging.FileHandler + +netscape.level = ALL +com.netscape.level = ALL +org.dogtagpki.level = ALL diff --git a/base/kra/shared/webapps/kra/WEB-INF/classes/logging.properties b/base/kra/shared/webapps/kra/WEB-INF/classes/logging.properties new file mode 100644 index 0000000000000000000000000000000000000000..2dee48a0d341a5134ef4c024d6b1436bfc52a86d --- /dev/null +++ b/base/kra/shared/webapps/kra/WEB-INF/classes/logging.properties @@ -0,0 +1,27 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2016 Red Hat, Inc. +# All rights reserved. +# Modifications: configuration parameters +# --- END COPYRIGHT BLOCK --- + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +.handlers = 6kra-debug.java.util.logging.FileHandler + +netscape.level = ALL +com.netscape.level = ALL +org.dogtagpki.level = ALL diff --git a/base/ocsp/shared/webapps/ocsp/WEB-INF/classes/logging.properties b/base/ocsp/shared/webapps/ocsp/WEB-INF/classes/logging.properties new file mode 100644 index 0000000000000000000000000000000000000000..26b6cf43f15baa817f91373591e80139ce4b78c1 --- /dev/null +++ b/base/ocsp/shared/webapps/ocsp/WEB-INF/classes/logging.properties @@ -0,0 +1,27 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2016 Red Hat, Inc. +# All rights reserved. +# Modifications: configuration parameters +# --- END COPYRIGHT BLOCK --- + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +.handlers = 7ocsp-debug.java.util.logging.FileHandler + +netscape.level = ALL +com.netscape.level = ALL +org.dogtagpki.level = ALL diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 7ca6519c93be71908905bc8294b41d8709241922..c018ff4e551697c9ddb9329e4d864b935fb45f3e 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -416,18 +416,6 @@ class Namespace: log.PKIHELPER_NAMESPACE_COLLISION_2 % ( self.mdict['pki_instance_name'], self.mdict['pki_cgroup_cpu_systemd_service_path'])) - if os.path.exists(self.mdict['pki_instance_log_path']) and\ - os.path.exists(self.mdict['pki_subsystem_log_path']): - # Top-Level PKI log path collision - config.pki_log.error( - log.PKIHELPER_NAMESPACE_COLLISION_2, - self.mdict['pki_instance_name'], - self.mdict['pki_instance_log_path'], - extra=config.PKI_INDENTATION_LEVEL_2) - raise Exception( - log.PKIHELPER_NAMESPACE_COLLISION_2 % ( - self.mdict['pki_instance_name'], - self.mdict['pki_instance_log_path'])) if os.path.exists(self.mdict['pki_instance_configuration_path']) and\ os.path.exists(self.mdict['pki_subsystem_configuration_path']): # Top-Level PKI configuration path collision diff --git a/base/server/share/conf/logging.properties b/base/server/share/conf/logging.properties index 7c1ac37ec300375c96c0d415856622a429235b7f..be92bc727f3cc288e8f890aa88aaa513c920ba9b 100644 --- a/base/server/share/conf/logging.properties +++ b/base/server/share/conf/logging.properties @@ -19,7 +19,16 @@ # See the License for the specific language governing permissions and # limitations under the License. -handlers = 1catalina.org.apache.juli.FileHandler, 2localhost.org.apache.juli.FileHandler, 3manager.org.apache.juli.FileHandler, 4host-manager.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler +handlers = 1catalina.org.apache.juli.FileHandler,\ + 2localhost.org.apache.juli.FileHandler,\ + 3manager.org.apache.juli.FileHandler,\ + 4host-manager.org.apache.juli.FileHandler,\ + 5ca-debug.java.util.logging.FileHandler,\ + 6kra-debug.java.util.logging.FileHandler,\ + 7ocsp-debug.java.util.logging.FileHandler,\ + 8tks-debug.java.util.logging.FileHandler,\ + 9tps-debug.java.util.logging.FileHandler,\ + java.util.logging.ConsoleHandler ############################################################ # Handler specific properties. @@ -42,6 +51,41 @@ handlers = 1catalina.org.apache.juli.FileHandler, 2localhost.org.apache.juli.Fil 4host-manager.org.apache.juli.FileHandler.directory = ${catalina.base}/logs 4host-manager.org.apache.juli.FileHandler.prefix = host-manager. +5ca-debug.java.util.logging.FileHandler.level = ALL +5ca-debug.java.util.logging.FileHandler.pattern = ${catalina.base}/logs/ca/debug +5ca-debug.java.util.logging.FileHandler.limit = 10000000 +5ca-debug.java.util.logging.FileHandler.append = true +5ca-debug.java.util.logging.FileHandler.formatter = java.util.logging.SimpleFormatter +java.util.logging.SimpleFormatter.format = %1$tF %1$tT %5$s%6$s%n + +6kra-debug.java.util.logging.FileHandler.level = ALL +6kra-debug.java.util.logging.FileHandler.pattern = ${catalina.base}/logs/kra/debug +6kra-debug.java.util.logging.FileHandler.limit = 10000000 +6kra-debug.java.util.logging.FileHandler.append = true +6kra-debug.java.util.logging.FileHandler.formatter = java.util.logging.SimpleFormatter +java.util.logging.SimpleFormatter.format = %1$tF %1$tT %5$s%6$s%n + +7ocsp-debug.java.util.logging.FileHandler.level = ALL +7ocsp-debug.java.util.logging.FileHandler.pattern = ${catalina.base}/logs/ocsp/debug +7ocsp-debug.java.util.logging.FileHandler.limit = 10000000 +7ocsp-debug.java.util.logging.FileHandler.append = true +7ocsp-debug.java.util.logging.FileHandler.formatter = java.util.logging.SimpleFormatter +java.util.logging.SimpleFormatter.format = %1$tF %1$tT %5$s%6$s%n + +8tks-debug.java.util.logging.FileHandler.level = ALL +8tks-debug.java.util.logging.FileHandler.pattern = ${catalina.base}/logs/tks/debug +8tks-debug.java.util.logging.FileHandler.limit = 10000000 +8tks-debug.java.util.logging.FileHandler.append = true +8tks-debug.java.util.logging.FileHandler.formatter = java.util.logging.SimpleFormatter +java.util.logging.SimpleFormatter.format = %1$tF %1$tT %5$s%6$s%n + +9tps-debug.java.util.logging.FileHandler.level = ALL +9tps-debug.java.util.logging.FileHandler.pattern = ${catalina.base}/logs/tps/debug +9tps-debug.java.util.logging.FileHandler.limit = 10000000 +9tps-debug.java.util.logging.FileHandler.append = true +9tps-debug.java.util.logging.FileHandler.formatter = java.util.logging.SimpleFormatter +java.util.logging.SimpleFormatter.format = %1$tF %1$tT %5$s%6$s%n + java.util.logging.ConsoleHandler.level = ALL java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter java.util.logging.SimpleFormatter.format = %4$s: %5$s%6$s%n diff --git a/base/server/share/conf/pki.policy b/base/server/share/conf/pki.policy index 7d8cfec4591ec3ee28ade876253f4f593e086e67..993118b2e33d4b392523d541ab8a56f830efcff3 100644 --- a/base/server/share/conf/pki.policy +++ b/base/server/share/conf/pki.policy @@ -12,6 +12,8 @@ grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources"; + permission java.io.FilePermission "${catalina.base}/logs/-", "read, write"; + permission java.io.FilePermission "/usr/share/pki/-", "read"; }; grant codeBase "file:${catalina.base}/bin/bootstrap.jar" { diff --git a/base/tks/shared/webapps/tks/WEB-INF/classes/logging.properties b/base/tks/shared/webapps/tks/WEB-INF/classes/logging.properties new file mode 100644 index 0000000000000000000000000000000000000000..281366b7698bfcd7ee6d8e246c593982d95f5383 --- /dev/null +++ b/base/tks/shared/webapps/tks/WEB-INF/classes/logging.properties @@ -0,0 +1,27 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2016 Red Hat, Inc. +# All rights reserved. +# Modifications: configuration parameters +# --- END COPYRIGHT BLOCK --- + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +.handlers = 8tks-debug.java.util.logging.FileHandler + +netscape.level = ALL +com.netscape.level = ALL +org.dogtagpki.level = ALL diff --git a/base/tps/shared/webapps/tps/WEB-INF/classes/logging.properties b/base/tps/shared/webapps/tps/WEB-INF/classes/logging.properties new file mode 100644 index 0000000000000000000000000000000000000000..de98b1818af4214cb411f091bff2a35c828a99e7 --- /dev/null +++ b/base/tps/shared/webapps/tps/WEB-INF/classes/logging.properties @@ -0,0 +1,27 @@ +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2016 Red Hat, Inc. +# All rights reserved. +# Modifications: configuration parameters +# --- END COPYRIGHT BLOCK --- + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +.handlers = 9tps-debug.java.util.logging.FileHandler + +netscape.level = ALL +com.netscape.level = ALL +org.dogtagpki.level = ALL -- 2.5.5
_______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
