Some errors from dogtag are only logged in debug mode. We should always log any errors that come from dogtag.
Example
[Tue Apr 10 13:53:54 2012] [error] <?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><Status>1</Status><Error>Profile caIPAserviceCert Not Found</Error></XMLResponse> [Tue Apr 10 13:53:54 2012] [error] parse_result: [Tue Apr 10 13:53:54 2012] [error] {'error_code': 1, 'error_string': u'Profile caIPAserviceCert Not Found'}
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=813401
Question: Whenever we get an error from dogtag we raise a CertificateOperationError exception with the error information in it. Unfortunately we don't also send the error information to the log. We could do one of two things
1) add log call every place we raise CertificateOperationError with the same message
2) Maybe our custom exceptions should log, that way we always log errors for everything, the logging happens in one central place and you don't have to remember to add a log call every place an error exception is raised. One downside is the logging would have to be on the root logger not the logger bound t the class where the error occurred (the reason this is useful is because log message would contain the class name where the error occurred).
I think I'll pursue the first option, but have we considered the 2nd option?
For 2) you could look at wsgi_execute(). We have the exception to log but we explicitly just log the name. I did this for brevity but we could easily log the entire thing.
wsg_execute() doesn't handle all the cases of invoking a command. Anyway, I took the route of option 1, add a logging call just before raising the CertificateOperationError. If I shutdown PKI-CA you get this in the log now:
[Fri Apr 20 13:53:12 2012] [error] ipa: ERROR: ipaserver.plugins.dogtag.ra.get_certificate(): Unable to communicate with CMS (Service Temporarily Unavailable)
patch submitted
[PATCH 75] log dogtag errors
Moving to next month iteration.
FreeIPA 3.0.0 GA has been released, moving the ticket to 3.0 bugfixing release.
master: 38bbbde[[BR]] ipa-3-0: 819086f
Metadata Update from @rcritten: - Issue assigned to jdennis - Issue set to the milestone: FreeIPA 3.0.1 (bug fixing)
Login to comment on this ticket.