-
Bug
-
Resolution: Unresolved
-
Major
-
rhel-10.0
-
None
-
dogtag-pki-11.6.0-1.el10
-
Yes
-
Moderate
-
rhel-sst-idm-cs
-
ssg_idm
-
0
-
Dev ack
-
False
-
-
No
-
None
-
Pass
-
-
Automated
-
Unspecified Release Note Type - Unknown
-
None
What were you trying to do that didn't work?
PKI debug log rotation not working
What is the impact of this issue to you?
PKI debug log rotation not working so when we perform PKI operation, no new logging generated in debug log file.
Please provide the package NVR for which the bug is seen:
dogtag-pki-11.6.0-0.2.alpha2.el10.src.rpm
jss-5.6.0-0.1.alpha1.el10.src.rpm
How reproducible is this bug?:
Always
Steps to reproduce
- Setup CA subsystem on RHEL 10.0 nightly build
- Change the system date or leave the setup as it is for 1 day
- Check if new debug log generated in the format at path /var/log/pki/<instance>/ca/: debug.YYYY-MM-DD.log
Expected results
PKI should automatically rotate debug log.
Actual results
# ls -l /var/log/pki/topology-00-CA/ca/debug.2025-01-20.log -rw-r--r--. 1 pkiuser pkiuser 181916 Jan 20 23:58 /var/log/pki/topology-00-CA/ca/debug.2025-01-20.log
Waited for another day and no new debug log generated:
# date
Tue Jan 21 04:54:59 EST 2025
[root@pki1 ~]#
[root@pki1 ~]# ls -l /var/log/pki/topology-00-CA/ca/
total 184
drwxrwx---. 2 pkiuser pkiuser 86 Jan 20 13:43 archive
-rw-r--r--. 1 pkiuser pkiuser 181916 Jan 20 23:58 debug.2025-01-20.log
-rw-r-----. 1 pkiuser pkiuser 1184 Jan 20 13:43 selftests.log
drwxrwx---. 2 pkiuser pkiuser 22 Jan 20 13:43 signedAudit
Last content of the debug log:
2025-01-20 23:53:07 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating revoked certs to expired 2025-01-20 23:53:07 [CertStatusUpdateTask] INFO: LDAPSession.continuousPagedSearch(): Searching ou=certificateRepository, ou=ca,o=topology-00-CA-CA for (&(certStatus=REVOKED)(notAfter<=20250120235307Z)) 2025-01-20 23:53:07 [CertStatusUpdateTask] INFO: LDAPSession.continuousPagedSearch(): Searching ou=certificateRepository, ou=ca,o=topology-00-CA-CA for (&(certStatus=REVOKED)(notAfter<=20250120235307Z)) 2025-01-20 23:53:08 [Timer-0] INFO: SessionTimer: checking security domain sessions 2025-01-20 23:58:07 [CRLIssuingPoint-MasterCRL] INFO: CRLIssuingPoint: Updating CRL cache 2025-01-20 23:58:07 [CRLIssuingPoint-MasterCRL] INFO: CRLRepository: Modifying cn=MasterCRL,ou=crlIssuingPoints,ou=ca,o=topology-00-CA-CA 2025-01-20 23:58:07 [CRLIssuingPoint-MasterCRL] INFO: LDAPSession: Modifying cn=MasterCRL,ou=crlIssuingPoints,ou=ca,o=topology-00-CA-CA 2025-01-20 23:58:08 [Timer-0] INFO: SessionTimer: checking security domain sessions
Even if we perform any PKI operation, no new debug logging generate. When we restart or Stop/Start the CA subsystem, then it generates the new logging:
# pki-server stop topology-00-CA
[root@pki1 ~]# pki-server start topology-00-CA
[root@pki1 ~]# ls -l /var/log/pki/topology-00-CA/ca/
total 184
drwxrwx---. 2 pkiuser pkiuser 86 Jan 20 13:43 archive
-rw-r--r--. 1 pkiuser pkiuser 181916 Jan 20 23:58 debug.2025-01-20.log
-rw-r--r--. 1 pkiuser pkiuser 0 Jan 21 04:56 debug.2025-01-21.log
-rw-r-----. 1 pkiuser pkiuser 1184 Jan 20 13:43 selftests.log
drwxrwx---. 2 pkiuser pkiuser 22 Jan 20 13:43 signedAudit
- relates to
-
-
- Integration
-
