Setting idp.logfiles property in idp.properties is ignored in IdP V4

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Setting idp.logfiles property in idp.properties is ignored in IdP V4

Marc Jay
Hi,

I'm in the process of upgrading from 3.4.6 to 4.0.1 and I noticed that the Shibboleth logs stopped being written to our custom log location (/var/log/shibboleth-idp) and went back to the default ${idp.home}/logs.

In both versions we are setting this in conf/idp.properties: "idp.logfiles=/var/log/shibboleth-idp" as per the docs, however it seems to be ignored in 4.0.1

From digging into this, it appears to be due to the order in which variables are loaded in conf/logback.xml combined with the fact that it is not configured to check for a previous definition first. The original being:

    <!--
    If you want to use custom properties in this config file,
    we load the main property file for you.
    -->
    <variable file="${idp.home}/conf/idp.properties" />

    <!-- Location and retention. -->

    <variable name="idp.logfiles" value="${idp.home}/logs" />

I have tested the following change in logback.xml and I'm seeing that our setting in idp.properties is respected, along with the default if it is not set:

    <!-- Location and retention. -->

    <variable name="idp.logfiles" value="${idp.logfiles:-${idp.home}/logs}" />

Naturally, moving the loading of the <variable file /> below the variable definition also solves the issue.

There might be a good reason for this being the way that it is, but I just wanted to highlight this in case there was not.

Kind regards,

Marc

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Setting idp.logfiles property in idp.properties is ignored in IdP V4

Cantor, Scott E.
On 6/29/20, 5:22 PM, "users on behalf of Marc Jay" <[hidden email] on behalf of [hidden email]> wrote:
> There might be a good reason for this being the way that it is, but I just wanted to highlight this in case there was not.

There isn't one, but an upgrade wouldn't touch either file so nobody should have anything broken by a change in the behavior, unless it were a change in behavior in logback because the version is different. The variables have been in the file for many releases, it's not new to 4.0.

Filing the issue would be appreciated, it won't get tracked otherwise.

-- Scott


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Setting idp.logfiles property in idp.properties is ignored in IdP V4

Marc Jay
Hi Scott,

Many thanks for the reply. I've raised https://issues.shibboleth.net/jira/browse/IDP-1631 

We encountered the issue because we are not upgrading in-place as our Shibboleth config is fully configuration managed and we destroy and build new environments with each release.

Not that it's important but I strongly believe this is new in 4.0 (can confidently say this did not happen in 3.4.6) - it appears to be since this commit which fixed a typo in the idp.logfiles variable:
https://git.shibboleth.net/view/?p=java-identity-provider.git;a=blobdiff;f=idp-conf/src/main/resources/conf/logback.xml;h=f5d1078ecf5f702c95aea24c789d041e1d8e5199;hp=eeaecf454f1ceefc1b972b644ca40571ad2efbca;hb=da6c9070e58cdbdad68a9d89cc10c995d0d22376;hpb=12e9c375caf83476358e84aa7de03b6dafe9a8ef 

Kind regards,

Marc

´╗┐On 29/06/2020, 23:42, "users on behalf of Cantor, Scott" <[hidden email] on behalf of [hidden email]> wrote:

    On 6/29/20, 5:22 PM, "users on behalf of Marc Jay" <[hidden email] on behalf of [hidden email]> wrote:
    > There might be a good reason for this being the way that it is, but I just wanted to highlight this in case there was not.

    There isn't one, but an upgrade wouldn't touch either file so nobody should have anything broken by a change in the behavior, unless it were a change in behavior in logback because the version is different. The variables have been in the file for many releases, it's not new to 4.0.

    Filing the issue would be appreciated, it won't get tracked otherwise.

    -- Scott


    --
    For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
    To unsubscribe from this list send an email to [hidden email]

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]