On Mon, Jul 13, 2015 at 09:34:23AM +0200, Lukas Slebodnik wrote:
> On (01/07/15 12:48), Jakub Hrozek wrote:
> >On Wed, Jul 01, 2015 at 12:03:48PM +0200, Pavel Březina wrote:
> >> On 06/29/2015 06:13 PM, Jakub Hrozek wrote:
> >> >Hi,
> >> >
> >> >I spent many hours debugging SSSD in different scenarios last week and I
> >> >admit it wasn't always easy -- and I have the source code knowledge I
> >> >can use. I imagine it's considerably harder for users and admins..
> >> >
> >> >So this is a brainstorm request on how can we make debugging with SSSD
> >> >easier. Maybe there are some low-hanging fruits that can be fixed
> >> >easily. Off the top of my head:
> >> >
> >> >- it should be easier to see start and end of a request in the back end.
> >> >   Instead of:
> >> >     [be_get_account_info] (0x0200): Got request for 
> >> > [0x1001][1][name=admin]
> >> >     [acctinfo_callback] (0x0100): Request processed. Returned 
> >> > 0,0,Success (Success)
> >> >   We could make the debug messages more explicit:
> >> >     [be_get_account_info] (0x0200): Received request for 
> >> > [object=user][key=name][value=admin]
> >> >     [acctinfo_callback] (0x0200): Finished request for 
> >> > [object=user][key=name][value=admin]. Returned 0,0,Success
> >> >
> >> >   Then we could document the messages in our troubleshooting document.
> >> >   Please note I'm not proposing to turn debug messages into any kind of
> >> >   API and keep them the same forever, but decorate the usual flow with
> >> >   messages that make sense without source level knowledge.
> >> >
> >> >- same for authentication
> >> >
> >> >- same for responder cache requests. We seem to have gotten better with
> >> >   the new cache_req code there, so this is mostly about using the new
> >> >   code in all responders. But also the commands we receive from sockets
> >> >   should be printed in human-readable form.
> >> >
> >> >- Running sssd in environment where all actions complete successfully
> >> >   should emit no debug messages. Default log level should be moved to
> >> >   SSSDBG_OP_FAILURE or CRIT_FAILURE. (This basically amounts to checking
> >> >   all OP, FATAL and CRIT failure messages..)
> >> >
> >> >   The reason is that sometimes sssd fails, but because logging is
> >> >   totally silent, we don't know what happened at all. Currently we have
> >> >   a couple of small bugs where we might print a loud DEBUG message just
> >> >   because we search for an entry which is not there etc.
> >> >
> >> >- anything that causes SSSD to fail to start should also emit a syslog
> >> >   message. Admins don't really know about sssd debug logs.
> >> >
> >> >- our man pages are not structured well, especially the LDAP man page is
> >> >   too big and contains too many options.
> >> >
> >> >One reason I'm bringing this up now is that we'll have a new SSSD 
> >> >developer
> >> >starting soon and these might be nice tasks to start with AND they're
> >> >also needed.
> >> 
> >> +1
> >> 
> >> I think the best way to start is to look at the existing debug messages and
> >> take advantage of the bit-mask based log levels - it's been there for a
> >> while and there is lots of space to increase its granularity but we still
> >> use it as 1-9 levels. That beeing said, we should create more levels so we
> >> can really distinguish between important trace parts (event start, event
> >> end), information (object not found but this was expected), low level stuff
> >> (ldb traces that brings lots of noice to the highest level), etc.
> >
> >The ldb traces are a really good point.
> >
> >OK, I like the suggestion with newer debug levels, but we should be
> >careful with not adding too many.
> >
> >The other thing to be careful about is that admins are used to just set:
> >    debug_level=10
> We needn't extend old debug levels just bit mask version
> and old debug level(0-9) can be a bitmask of more new debug_levels.
> 
> So if someone set debug_level 9 or 10 it will still enable all debug messages.

OK, that's a good idea.
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to