Bug 1554249

Summary: debug level man page + behaviour
Product: Red Hat Enterprise Linux 7 Reporter: Ondrej <ondrej.valousek>
Component: gssproxyAssignee: Robbie Harwood <rharwood>
Status: CLOSED ERRATA QA Contact: ipa-qe <ipa-qe>
Severity: unspecified Docs Contact:
Priority: low    
Version: 7.5CC: fs-qe, myusuf, ndehadra, yoyang
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://pagure.io/gssproxy/pull-request/229
Whiteboard:
Fixed In Version: gssproxy-0.7.0-20.el7 Doc Type: No Doc Update
Doc Text:
undefined
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-30 08:07:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ondrej 2018-03-12 08:57:18 UTC 
Description of problem:

When I specify a certain debug level for gssproxy, logs still say (level: 0):

● gssproxy.service - GSSAPI Proxy Daemon
   Loaded: loaded (/etc/systemd/system/gssproxy.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2018-03-08 08:28:39 GMT; 5s ago
  Process: 42751 ExecStart=/usr/sbin/gssproxy -D -d --debug-level=2 (code=exited, status=0/SUCCESS)
 Main PID: 42752 (gssproxy)
   CGroup: /system.slice/gssproxy.service
           └─42752 /usr/sbin/gssproxy -D -d --debug-level=2

Mar 08 08:28:39 carney systemd[1]: Starting GSSAPI Proxy Daemon...
Mar 08 08:28:39 carney gssproxy[42751]: [2018/03/08 08:28:39]: Debug Enabled (level: 0)
Mar 08 08:28:39 carney systemd[1]: Started GSSAPI Proxy Daemon.

Also, the option --debug-level is not mentioned in the man page for gssproxy. 

Version-Release number of selected component (if applicable):
gssproxy-0.7.0-17.el7.x86_64
Comment 3 Mohammad Rizwan 2018-08-07 10:51:33 UTC 
version:
gssproxy-0.7.0-21.el7.x86_64

Actual result:

1) check if man page for gssproxy have mention of --debug-level
[root@master ~]# man gssproxy
[...]
       -d,--debug
           Turn on debugging. This option is identical to --debug-level=1.

       --debug-level=
           Turn on debugging at the specified level. 0 corresponds to no logging, while 1 turns on basic debug logging.
           Level 2 increases verbosity, including more detailed credential verification.

           At level 3 and above, KRB5_TRACE output is logged. If KRB5_TRACE was already set in the execution environment,
           trace output is sent to its value instead.

[...]


2) check if debug level set properly

[root@master ~]# gssproxy --debug-level=3
[2018/08/07 10:45:22]: Debug Enabled (level: 3)
[2018/08/07 10:45:22]: Service: ipa-httpd, Keytab: /var/lib/ipa/gssproxy/http.keytab, Enctype: 18
[2018/08/07 10:45:22]: Service: ipa-api, Keytab: /var/lib/ipa/gssproxy/http.keytab, Enctype: 18
[2018/08/07 10:45:22]: Service: nfs-server, Keytab: /etc/krb5.keytab, Enctype: 18
[2018/08/07 10:45:22]: Service: nfs-client, Keytab: /etc/krb5.keytab, Enctype: 18
[2018/08/07 10:45:22]: Kernel doesn't support GSS-Proxy (can't open /proc/net/rpc/use-gss-proxy: 2 (No such file or directory))
[2018/08/07 10:45:22]: Problem with kernel communication!  NFS server will not work
[root@master ~]# gssproxy --debug-level=2
[2018/08/07 10:45:26]: Debug Enabled (level: 2)
[2018/08/07 10:45:26]: Service: ipa-httpd, Keytab: /var/lib/ipa/gssproxy/http.keytab, Enctype: 18
[2018/08/07 10:45:26]: Service: ipa-api, Keytab: /var/lib/ipa/gssproxy/http.keytab, Enctype: 18
[2018/08/07 10:45:26]: Service: nfs-server, Keytab: /etc/krb5.keytab, Enctype: 18
[2018/08/07 10:45:26]: Service: nfs-client, Keytab: /etc/krb5.keytab, Enctype: 18
[2018/08/07 10:45:26]: Kernel doesn't support GSS-Proxy (can't open /proc/net/rpc/use-gss-proxy: 2 (No such file or directory))
[2018/08/07 10:45:26]: Problem with kernel communication!  NFS server will not work
[root@master ~]# gssproxy --debug-level=1
[2018/08/07 10:45:30]: Debug Enabled (level: 1)
[2018/08/07 10:45:30]: Service: ipa-httpd, Keytab: /var/lib/ipa/gssproxy/http.keytab, Enctype: 18
[2018/08/07 10:45:30]: Service: ipa-api, Keytab: /var/lib/ipa/gssproxy/http.keytab, Enctype: 18
[2018/08/07 10:45:30]: Service: nfs-server, Keytab: /etc/krb5.keytab, Enctype: 18
[2018/08/07 10:45:30]: Service: nfs-client, Keytab: /etc/krb5.keytab, Enctype: 18
[2018/08/07 10:45:30]: Kernel doesn't support GSS-Proxy (can't open /proc/net/rpc/use-gss-proxy: 2 (No such file or directory))
[2018/08/07 10:45:30]: Problem with kernel communication!  NFS server will not work

Hence based on above observations, making bug as verified.
Comment 5 errata-xmlrpc 2018-10-30 08:07:58 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3070