blob: 65d08108df2164ba59104f6225627cb1b0e88282 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2020 NOKIA
Logging
=======
CertService API
---------------
To see CertService console logs use:
- Docker:
.. code-block:: bash
docker logs <cert-service-container-name>
e.g.
docker logs aafcert-service
- Kubernetes:
.. code-block:: bash
kubectl -n onap logs <cert-service-pod-name>
e.g.
kubectl -n onap logs $(kubectl -n onap get pods | grep cert-service | awk '{print $1}')
Console logs contains logs for logging levels from **DEBUG** to **ERROR**.
CertService logs for different logging levels are available in the container:
- Docker:
.. code-block:: bash
docker exec -it <cert-service-container-name> bash
e.g.
docker exec -it aafcert-service bash
- Kubernetes:
.. code-block:: bash
kubectl -n onap exec -it <cert-service-pod-name> bash
e.g.
kubectl -n onap exec -it $(kubectl -n onap get pods | grep cert-service | awk '{print $1}') bash
Path to logs:
/var/log/onap/aaf/certservice
Available log files:
- audit.log - contains logs for **INFO** logging level
- debug.log - contains logs for logging levels from **DEBUG** to **ERROR**
- error.log - contains logs for **ERROR** logging level
User cannot change logging levels.
.. _cert_logs:
CertService client
------------------
To see CertService client console logs use :
- Docker:
.. code-block:: bash
docker logs <cert-service-client-container-name>
e.g.
docker logs aafcert-client
- Kubernetes:
CertService client is used as init container in other components. In the following example:
- *<some-component-pod-name>* refers to the component that uses CertService client as init container
- *<cert-service-client-init-container-name>* refers to name of init container used by the mentioned component. It can be found by executing *'kubectl -n onap descrine pod <some-component-pod-name>'* and looking into 'Init Containers section'
.. code-block:: bash
kubectl -n onap logs <some-component-pod-name> -c <cert-service-client-init-container-name>
e.g.
kubectl -n onap logs <some-component-pod-name> -c cert-service-client
| Container stops after execution, so all available logs are printed on console.
| User cannot change logging levels.
Client application exits with following exit codes:
+-------+------------------------------------------------+
| Code | Information |
+=======+================================================+
| 0 | Success |
+-------+------------------------------------------------+
| 1 | Invalid client configuration |
+-------+------------------------------------------------+
| 2 | Invalid CSR configuration |
+-------+------------------------------------------------+
| 3 | Fail in key pair generation |
+-------+------------------------------------------------+
| 4 | Fail in CSR generation |
+-------+------------------------------------------------+
| 5 | CertService HTTP unsuccessful response |
+-------+------------------------------------------------+
| 6 | Internal HTTP Client connection problem |
+-------+------------------------------------------------+
| 7 | Fail in PKCS12 conversion |
+-------+------------------------------------------------+
| 8 | Fail in Private Key to PEM Encoding |
+-------+------------------------------------------------+
| 9 | Wrong TLS configuration |
+-------+------------------------------------------------+
|