Bug 753763

Summary: Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade
Product: Red Hat Enterprise Linux 6 Reporter: Marko Myllynen <myllynen>
Component: sssdAssignee: Stephen Gallagher <sgallagh>
Status: CLOSED ERRATA QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.3CC: apeetham, dpal, grajaiya, jgalipea, prc
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.8.0-11.el6 Doc Type: Bug Fix
Doc Text:
Title: Change in SSSD debug_level behavior SSSD has changed the behavior of the debug_level option in the /etc/sssd/sssd.conf file. Previously, it was possible to set the debug_level option in the [sssd] configuration section and the result would be that this became the default setting for other configuration sections, unless they explicitly overrode it. Several changes to internal debug logging features necessitated that the debug_level option must always be specified independently in each section of the configuration file, instead of acquiring its default from the [sssd] section. As a result, after updating to the latest version of SSSD, users may need to update their configurations in order to continue receiving debug logging at the same level. Users that configure SSSD on a per-machine basis can use a simple Python utility that updates their existing configuration in a compatible way. This can be accomplished by running the following command as root: ~]# python /usr/lib/python2.6/site-packages/sssd_update_debug_levels.py This utility makes the following changes to the configuration file: it checks to see if the debug_level option was specified in the [sssd] section. If so, it adds that same level value to each other section in the sssd.conf file for which debug_level is unspecified. If the debug_level option is already exists explicitly in another section, it is left unchanged. Users who rely on central configuration management tools need to make these same changes manually in the appropriate tool.
 Story Points: ---
Clone Of:
: 799045 (view as bug list) Environment:
Last Closed: 2012-06-20 11:48:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 735422    
Bug Blocks: 736857, 756082, 798881, 799045    

Description Marko Myllynen 2011-11-14 12:32:47 UTC 
Description of problem:
As per IRC discussion:

Logging configuration changed between upstream 1.5 / 1.6 so that debug_level under [sssd] section does not enable for example NSS logging any more with 1.6.

If/when including related changes in RHEL 6 SSSD then provide something like (quoting Stephen):

"Likely solution will be to just use the SSSDConfig API to do a one-time fix at RPM update time to just go through and set the debug level in each section where it's not manually specified."
Comment 2 Stephen Gallagher 2011-11-14 12:44:22 UTC 
As part of the changes we made to support changing the debug log level on the fly, we needed to drop support for setting the global debug level in the [sssd] section. It now needs to be specified in each section that wants it to be non-zero.

We need to include an upgrade script in RHEL when we rebase to 1.8.x that will ensure that the user-visible behaviour does not change. This probably means using the SSSDConfig API to read in the configuration, check if the debug_level is explicitly specified in the [sssd] section, and then copy into any other section in the config that isn't already explicitly set.
Comment 3 Jenny Severance 2012-02-02 13:08:24 UTC 
don't forget to verify man page update too :)
Comment 5 Jenny Severance 2012-02-29 20:27:58 UTC 
This is causing upgrade and downgrade issues as seen in the TPS tests

<snip>
Upgrade test FAILED Output from RPM Command: /var/tmp/rpm-tmp.zOmz54: line 1: fg: no job control warning: %triggerun(sssd-1.5.1-66.el6_2.3.i686) scriptlet failed, exit status 1 
</snip>

I think this would be better handled as a documentation issue on how to now properly set debug_level option in the sssd.conf file.
Comment 6 Stephen Gallagher 2012-03-01 16:08:38 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
SSSD has changed the behavior of the 'debug_level' option in sssd.conf. Previously, it was possible to set 'debug_level' in the [sssd] config section and the result would be that this became the default setting for other sections, unless they explicitly overrode it.

Several changes to internal debug logging features necessitated that 'debug_level' must always be specified independently in each section of the configuration file, instead of acquiring its default from [sssd].

As a result, after updating to the latest version of SSSD, users may need to update their configurations in order to continue receiving debug logging at the same level. For users that configure SSSD on a per-machine basis, we have included a simple python utility that will update their existing configuration in a compatible way. This can be accomplished by running 'python /usr/lib/python2.6/site-packages/sssd_update_debug_levels.py' as root manually from the command-line. This utility makes the following changes to the configuration file:

It checks to see if the 'debug_level' option was specified in [sssd]. If so, it will add that same level value to each other section in sssd.conf for which 'debug_level' is unspecified. If 'debug_level' already exists explicitly in another section, it will be left unchanged.

For those users who rely on central configuration management tools, they will need to make these same changes manually in the appropriate tool. We provide no automated way to accomplish this.
Comment 8 Martin Prpič 2012-04-03 08:54:22 UTC 
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,9 +1,13 @@
-SSSD has changed the behavior of the 'debug_level' option in sssd.conf. Previously, it was possible to set 'debug_level' in the [sssd] config section and the result would be that this became the default setting for other sections, unless they explicitly overrode it.
+Title: Change in SSSD debug_level behavior
 
-Several changes to internal debug logging features necessitated that 'debug_level' must always be specified independently in each section of the configuration file, instead of acquiring its default from [sssd].
+SSSD has changed the behavior of the debug_level option in the /etc/sssd/sssd.conf file. Previously, it was possible to set the debug_level option in the [sssd] configuration section and the result would be that this became the default setting for other configuration sections, unless they explicitly overrode it.
 
-As a result, after updating to the latest version of SSSD, users may need to update their configurations in order to continue receiving debug logging at the same level. For users that configure SSSD on a per-machine basis, we have included a simple python utility that will update their existing configuration in a compatible way. This can be accomplished by running 'python /usr/lib/python2.6/site-packages/sssd_update_debug_levels.py' as root manually from the command-line. This utility makes the following changes to the configuration file:
+Several changes to internal debug logging features necessitated that the debug_level option must always be specified independently in each section of the configuration file, instead of acquiring its default from the [sssd] section.
 
-It checks to see if the 'debug_level' option was specified in [sssd]. If so, it will add that same level value to each other section in sssd.conf for which 'debug_level' is unspecified. If 'debug_level' already exists explicitly in another section, it will be left unchanged.
+As a result, after updating to the latest version of SSSD, users may need to update their configurations in order to continue receiving debug logging at the same level. Users that configure SSSD on a per-machine basis can use a simple Python utility that updates their existing configuration in a compatible way. This can be accomplished by running the following command as root:
 
-For those users who rely on central configuration management tools, they will need to make these same changes manually in the appropriate tool. We provide no automated way to accomplish this.+~]# python /usr/lib/python2.6/site-packages/sssd_update_debug_levels.py
+
+This utility makes the following changes to the configuration file: it checks to see if the debug_level option was specified in the [sssd] section. If so, it adds that same level value to each other section in the sssd.conf file for which debug_level is unspecified. If the debug_level option is already exists explicitly in another section, it is left unchanged.
+
+Users who rely on central configuration management tools need to make these same changes manually in the appropriate tool.
Comment 9 Amith 2012-05-02 22:20:43 UTC 
Verified on sssd-1.8.0-22.el6.x86_64. 
Test conducted by executing the python script: /usr/lib/python2.6/site-packages/sssd_update_debug_levels.py. The log levels are properly updated at all the relevant sections in SSSD.conf file.
Comment 11 errata-xmlrpc 2012-06-20 11:48:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0747.html