From 302a81f28e7b869c5ecf45ccf833b1a794360b72 Mon Sep 17 00:00:00 2001 From: Scott Koranda Date: Fri, 23 Aug 2019 16:00:23 -0500 Subject: [PATCH] Refactor Shibboleth SP logging configuration Refactor the Shibboleth SP logging configuration so that default shibd.logger, native.logger, and console.logger with details appropriate for Docker images are in the base and can be easily copied into images. Remove shibd.logger and native.logger from the COmanage Registry and Mailman images as a result. --- .../apache-shib/Dockerfile | 3 - .../Dockerfile | 3 + .../console.logger | 22 +++---- .../native.logger | 1 - .../shibd.logger | 1 - comanage-registry-shibboleth-sp/Dockerfile | 3 - comanage-registry-shibboleth-sp/shibd.logger | 57 ------------------- 7 files changed, 14 insertions(+), 76 deletions(-) rename comanage-registry-shibboleth-sp/native.logger => comanage-registry-shibboleth-sp-base/console.logger (53%) rename {comanage-registry-mailman/apache-shib => comanage-registry-shibboleth-sp-base}/native.logger (99%) rename {comanage-registry-mailman/apache-shib => comanage-registry-shibboleth-sp-base}/shibd.logger (99%) delete mode 100644 comanage-registry-shibboleth-sp/shibd.logger diff --git a/comanage-registry-mailman/apache-shib/Dockerfile b/comanage-registry-mailman/apache-shib/Dockerfile index 56b9bb8..5fb115f 100644 --- a/comanage-registry-mailman/apache-shib/Dockerfile +++ b/comanage-registry-mailman/apache-shib/Dockerfile @@ -52,9 +52,6 @@ RUN /usr/sbin/useradd --system _shibd \ && rm -rf shibboleth \ && ln -s /etc/shibboleth shibboleth -COPY --chown=_shibd:_shibd shibd.logger /etc/shibboleth/shibd.logger -COPY --chown=_shibd:_shibd native.logger /etc/shibboleth/native.logger - COPY --from=comanage-registry-base /usr/local/lib/comanage_shibboleth_sp_utils.sh /usr/local/lib/comanage_shibboleth_sp_utils.sh COPY supervisord.conf /usr/local/etc/supervisord.conf diff --git a/comanage-registry-shibboleth-sp-base/Dockerfile b/comanage-registry-shibboleth-sp-base/Dockerfile index 2f45921..c7a9f41 100644 --- a/comanage-registry-shibboleth-sp-base/Dockerfile +++ b/comanage-registry-shibboleth-sp-base/Dockerfile @@ -139,6 +139,9 @@ RUN wget -O shibboleth-sp.tar.gz "${SHIBBOLETH_SP_URL}" \ COPY shib2.load /opt/shibboleth-sp/etc/shibboleth/shib2.load COPY shibboleth2.xml.template /opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml.template +COPY shibd.logger /opt/shibboleth-sp/etc/shibboleth/shibd.logger +COPY native.logger /opt/shibboleth-sp/etc/shibboleth/native.logger +COPY console.logger /opt/shibboleth-sp/etc/shibboleth/console.logger RUN apt-get update && apt-get install -y \ && apt-get purge -y \ diff --git a/comanage-registry-shibboleth-sp/native.logger b/comanage-registry-shibboleth-sp-base/console.logger similarity index 53% rename from comanage-registry-shibboleth-sp/native.logger rename to comanage-registry-shibboleth-sp-base/console.logger index f8300c8..fb256f1 100644 --- a/comanage-registry-shibboleth-sp/native.logger +++ b/comanage-registry-shibboleth-sp-base/console.logger @@ -1,14 +1,13 @@ -# set overall behavior -log4j.rootCategory=INFO, native_log +log4j.rootCategory=WARN, console -# fairly verbose for DEBUG, so generally leave at WARN/INFO -log4j.category.XMLTooling.XMLObject=WARN -log4j.category.XMLTooling.KeyInfoResolver=WARN -log4j.category.Shibboleth.IPRange=WARN -log4j.category.Shibboleth.PropertySet=WARN +# fairly verbose for DEBUG, so generally leave at INFO +log4j.category.XMLTooling.XMLObject=INFO +log4j.category.XMLTooling.KeyInfoResolver=INFO +log4j.category.Shibboleth.IPRange=INFO +log4j.category.Shibboleth.PropertySet=INFO # raise for low-level tracing of SOAP client HTTP/SSL behavior -log4j.category.XMLTooling.libcurl=WARN +log4j.category.XMLTooling.libcurl=INFO # useful categories to tune independently: # @@ -27,6 +26,7 @@ log4j.category.XMLTooling.libcurl=WARN # define the appender -log4j.appender.native_log=org.apache.log4j.ConsoleAppender -log4j.appender.native_log.layout=org.apache.log4j.PatternLayout -log4j.appender.native_log.layout.ConversionPattern=native_log %p %c %x: %m%n +log4j.appender.console=org.apache.log4j.ConsoleAppender +#log4j.appender.console.layout=org.apache.log4j.BasicLayout +log4j.appender.console.layout=org.apache.log4j.PatternLayout +log4j.appender.console.layout.ConversionPattern=console_log %d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n diff --git a/comanage-registry-mailman/apache-shib/native.logger b/comanage-registry-shibboleth-sp-base/native.logger similarity index 99% rename from comanage-registry-mailman/apache-shib/native.logger rename to comanage-registry-shibboleth-sp-base/native.logger index f8300c8..3858c44 100644 --- a/comanage-registry-mailman/apache-shib/native.logger +++ b/comanage-registry-shibboleth-sp-base/native.logger @@ -26,7 +26,6 @@ log4j.category.XMLTooling.libcurl=WARN #log4j.category.XMLTooling.StorageService=DEBUG # define the appender - log4j.appender.native_log=org.apache.log4j.ConsoleAppender log4j.appender.native_log.layout=org.apache.log4j.PatternLayout log4j.appender.native_log.layout.ConversionPattern=native_log %p %c %x: %m%n diff --git a/comanage-registry-mailman/apache-shib/shibd.logger b/comanage-registry-shibboleth-sp-base/shibd.logger similarity index 99% rename from comanage-registry-mailman/apache-shib/shibd.logger rename to comanage-registry-shibboleth-sp-base/shibd.logger index 5fd332b..39f152d 100644 --- a/comanage-registry-mailman/apache-shib/shibd.logger +++ b/comanage-registry-shibboleth-sp-base/shibd.logger @@ -43,7 +43,6 @@ log4j.ownAppenders.Shibboleth-TRANSACTION=true #log4j.category.Shibboleth-TRANSACTION.Logout=WARN # define the appenders - log4j.appender.shibd_log=org.apache.log4j.ConsoleAppender log4j.appender.shibd_log.layout=org.apache.log4j.PatternLayout log4j.appender.shibd_log.layout.ConversionPattern=shibd_log %d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n diff --git a/comanage-registry-shibboleth-sp/Dockerfile b/comanage-registry-shibboleth-sp/Dockerfile index 1a96d00..0d2e375 100644 --- a/comanage-registry-shibboleth-sp/Dockerfile +++ b/comanage-registry-shibboleth-sp/Dockerfile @@ -58,9 +58,6 @@ RUN /usr/sbin/useradd --system _shibd \ && ln -s /etc/shibboleth shibboleth \ && a2enmod shib2 -COPY --chown=_shibd:_shibd shibd.logger /etc/shibboleth/shibd.logger -COPY --chown=_shibd:_shibd native.logger /etc/shibboleth/native.logger - COPY supervisord.conf /usr/local/etc/supervisord.conf COPY 000-comanage.conf /etc/apache2/sites-available/ diff --git a/comanage-registry-shibboleth-sp/shibd.logger b/comanage-registry-shibboleth-sp/shibd.logger deleted file mode 100644 index 5fd332b..0000000 --- a/comanage-registry-shibboleth-sp/shibd.logger +++ /dev/null @@ -1,57 +0,0 @@ -# set overall behavior -log4j.rootCategory=INFO, shibd_log - -# fairly verbose for DEBUG, so generally leave at INFO -log4j.category.XMLTooling.XMLObject=INFO -log4j.category.XMLTooling.KeyInfoResolver=INFO -log4j.category.Shibboleth.IPRange=INFO -log4j.category.Shibboleth.PropertySet=INFO - -# raise for low-level tracing of SOAP client HTTP/SSL behavior -log4j.category.XMLTooling.libcurl=INFO - -# useful categories to tune independently: -# -# tracing of SAML messages and security policies -#log4j.category.OpenSAML.MessageDecoder=DEBUG -#log4j.category.OpenSAML.MessageEncoder=DEBUG -#log4j.category.OpenSAML.SecurityPolicyRule=DEBUG -#log4j.category.XMLTooling.SOAPClient=DEBUG -# interprocess message remoting -#log4j.category.Shibboleth.Listener=DEBUG -# mapping of requests to applicationId -#log4j.category.Shibboleth.RequestMapper=DEBUG -# high level session cache operations -#log4j.category.Shibboleth.SessionCache=DEBUG -# persistent storage and caching -#log4j.category.XMLTooling.StorageService=DEBUG - -# logs XML being signed or verified if set to DEBUG -log4j.category.XMLTooling.Signature.Debugger=INFO, sig_log -log4j.additivity.XMLTooling.Signature.Debugger=false -log4j.ownAppenders.XMLTooling.Signature.Debugger=true - -# the tran log blocks the "default" appender(s) at runtime -# Level should be left at INFO for this category -log4j.category.Shibboleth-TRANSACTION=INFO, tran_log -log4j.additivity.Shibboleth-TRANSACTION=false -log4j.ownAppenders.Shibboleth-TRANSACTION=true - -# uncomment to suppress particular event types -#log4j.category.Shibboleth-TRANSACTION.AuthnRequest=WARN -#log4j.category.Shibboleth-TRANSACTION.Login=WARN -#log4j.category.Shibboleth-TRANSACTION.Logout=WARN - -# define the appenders - -log4j.appender.shibd_log=org.apache.log4j.ConsoleAppender -log4j.appender.shibd_log.layout=org.apache.log4j.PatternLayout -log4j.appender.shibd_log.layout.ConversionPattern=shibd_log %d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n - -log4j.appender.tran_log=org.apache.log4j.ConsoleAppender -log4j.appender.tran_log.layout=org.apache.log4j.PatternLayout -log4j.appender.tran_log.layout.ConversionPattern=tran_log %d{%Y-%m-%d %H:%M:%S}|%c|%m%n - -log4j.appender.sig_log=org.apache.log4j.ConsoleAppender -log4j.appender.sig_log.layout=org.apache.log4j.PatternLayout -log4j.appender.sig_log.layout.ConversionPattern=sig_log %m