PAA Troubleshooting

09 Nov 2023
3 Minutes to read

Print
Dark
Light
PDF

PAA Troubleshooting

Updated on 09 Nov 2023
3 Minutes to read

Print
Dark
Light
PDF

Article summary

Did you find this summary helpful?

Thank you for your feedback

About PAA Troubleshooting

The PlainID PAA is deployed on premises as a hybrid component and communicates with the Authorization Platform in the cloud. PlainID supports an admin API from the cloud, that can change logging level of services on premises to ease PAA service troubleshooting. Retrieving or modifying loggers is available for the PlainID Agent and PIP-Operator services and can be done without restarting the service or updating packages.
Only the Tenant Admins with JWT authentication can access these endpoints.

Changing Log Levels for PAA Troubleshooting

The PAA Logger API responses include a list of the PAA loggers which are configured in the PAA either through a Standalone configuration or the Environment Variables in Kubernetes.
The configurationLevel parameter indicates the logger level in the configuration, while the effectiveLevel indicates what the current logger level is. By default, the response only includes the configured loggers.

Important

It is recommended to exercise caution when modifying log levels, ensuring that they are set appropriately for troubleshooting and not left at higher levels in production environments.

To use these APIs, use the following URL's with your tenant details:

Enter your dedicated domain/URL according to your PlainID Tenant Location:

United States (US) - https://api.us1.plainid.io
Canada (CA) - https://api.ca1.plainid.io
Europe (EU) - https://api.eu1.plainid.io
Local PAA - https://api.plainid.local

Make sure to specify the regions indicated in the dedicated domain/URLs in the endpoints.

Authentication

These APIs require JWT authentication with Tenant Admin permissions.

Security: Bearer Auth

For more details on how to access Administration APIs and Authentication click here.

Provide your bearer token in the Authorization header when making requests to protected resources.
Example: Authorization: Bearer 123

PAA Logger APIs

The log level modification functionality is exposed through the following endpoints in the PIP Management:

Retrieving Loggers

GET https://api.{region}.plainid.io/pip-mgmt/1.0/monitor/loggers/{SERVICE_NAME}/{PAA_ID}

GET https://api.{region}.plainid.io/pip-mgmt/1.0/monitor/loggers/{SERVICE_NAME}/{PAA_ID}/{LOGGER_NAME}

To retrieve a list of the logger/s in the service:

Copy the GET request above.
Modify the Service Name (Agent or PIP Operator) and the PAA ID.
Specify the logger at the end of the endpoint to target a specific logger if needed. If no logger is specified, all loggers will be fetched.
Ensure you are authenticated and make the GET request.

To retrieve all loggers, including unconfigured loggers, append ?configured=false to the endpoint URL.

Example response with all configured loggers (condensed):

{
"data": {
        "levels": [
            "TRACE",
            "DEBUG",
            "INFO",
            "WARN",
            "ERROR"
        ],
        "loggers": {
            "com": {
                "configuredLevel": "INFO",
                "effectiveLevel": "INFO"
            },
            "org.teiid.COMMAND_LOG": {
                "configuredLevel": "ERROR",
                "effectiveLevel": "ERROR"
            },
            ...
            "org.teiid.RUNTIME": {
                "configuredLevel": "INFO",
                "effectiveLevel": "INFO"
            }
        }
    }
}

Example response with a specified configured logger (e.g"org.teiid.RUNTIME" logger):

{
    "data": {
        "configuredLevel": "INFO",
        "effectiveLevel": "INFO"
    }
}

Response

Parameter	Type	Description
configuredLevel	string	Indicates the level of the logger according to the configuration.
effectiveLevel	string	Indicates the current logger level. This can be modified with the configuredLevel parameter in the POST method.

Modifying the Log Level

POST https://api.{region}.plainid.io/pip-mgmt/1.0/monitor/loggers/{SERVICE_NAME}/{PAA_ID}/{LOGGER_NAME}

To change the log level for a specific service:

Copy the POST request above
Modify the Service Name (Agent or PIP Operator) and the PAA ID.
Specify the logger. This parameter is required.
Use the configuredLevel parameter to specify the desired log level (INFO, TRACE, DEBUG, ERROR, etc.)
Ensure you are authenticated and make the POST request.

Example of body when modifying log level to TRACE:

{
        "configuredLevel": "DEBUG"
}

Example of response when the log level is modified to TRACE:

{
    "data": {
        "configuredLevel": "INFO",
        "effectiveLevel": "DEBUG"
    }
}

Response

Parameter	Type	Description
configuredLevel	string	Indicates the level of the logger according to the configuration.
effectiveLevel	string	Indicates the current logger level. This can be modified with the configuredLevel parameter in the POST method.

Logging Configuration

Changes made through this are not permanent and revert to the initial setup if the service is restarted. For permanent log level changes, modifications should be made through helm or standalone configurations. These changes are ongoing, even after service restarts. Refer to the appropriate Helm and Standalone configurations to customize the loggers:

For Helm Configuration Logging, copy the following parameters from the values.yaml file, add them to the custom-values.yaml file and modify as needed according to the service:

PIP-Operator
- .Values.pipOperator.logLevel
PlainID Agent
- .Values.agent.logLevel

For the Standalone Configuration Logging, copy the log levels and modify these parameters in the Environment Variables as needed according to the service:

Was this article helpful?

What's Next

Caching Options

Table of contents