Contents x
      PAA Troubleshooting
      • 02 Dec 2024
      • 5 Minutes to read
      • Print
      • Dark
        Light
      • PDF
      Contents

      PAA Troubleshooting

      • Updated on 02 Dec 2024
      • 5 Minutes to read
      • Print
      • Dark
        Light
      • PDF
      Article summary

      About PAA Troubleshooting

      The PlainID PAA is deployed on premises as a hybrid component and communicates with the Authorization Platform in the cloud. PlainID supports an admin API from the cloud, that can change logging level of services on premises to ease PAA service troubleshooting. Retrieving or modifying loggers is available for the Runtime, Agent and PIP-Operator services and can be done without restarting the service or updating packages.
      This Admin API endpoints are only permitted for Tenant Admins and requires a Tenant Admin JWT authentication

      Changing Log Levels for PAA Troubleshooting

      The PAA Logger API responses include a list of the PAA loggers which are configured in the PAA either through a Standalone configuration or the Environment Variables in Kubernetes.
      The configurationLevel parameter specifies the logger level explicitly defined in the configuration or the API. The effectiveLevel parameter specifies the actual log level used by a specific logger - either defined specifically (matching the specified configured level) or inherited from its ancestor logger(s).

      Important

      It is recommended to exercise caution when modifying log levels, ensuring that they are set appropriately for troubleshooting and not left in lower levels in production Environments.

      To use these APIs, use the following URLs with your tenant details.
      Enter your dedicated domain/URL according to your PlainID Tenant Location:

      United States (US) - https://api.us1.plainid.io
      Canada (CA) - https://api.ca1.plainid.io
      Europe (EU) - https://api.eu1.plainid.io

      ​Make sure to specify the regions indicated in the dedicated domain/URLs in the endpoints.

      Authentication

      These APIs require JWT authentication with Tenant Admin permissions.

      Security: Bearer Auth

      For more details on how to access Administration APIs and Authentication click here.

      Provide your bearer token in the Authorization header when making requests to protected resources.
      Example: Authorization: Bearer 123

       

      PAA Logger APIs

      The log level modification functionality is exposed through the following Endpoints:

      Retrieving Loggers

      GET https://api.{region}.plainid.io/pip-mgmt/1.0/monitor/loggers/{SERVICE_NAME}/{PAA_ID}
      GET https://api.{region}.plainid.io/pip-mgmt/1.0/monitor/loggers/{SERVICE_NAME}/{PAA_ID}/{LOGGER_NAME}

      To retrieve a list of the logger/s in the service:

      1. Copy the GET request above.
      2. Modify the Service Name:
      • runtime
      • agent
      • pip-operator
      1. Specify the PAA ID. This can be found in the relevant PAA's Policy Authorization Agent Details
      2. Specify the logger at the end of the endpoint to target a specific logger if needed. If no logger is specified, all loggers will be fetched.
      3. Ensure you are authenticated and make the GET request.

      To retrieve all loggers, including unconfigured loggers, append ?configured=false to the endpoint URL.

      ​Example response with all configured loggers (condensed):

      {
"data": {
        "levels": [
            "OFF",
            "TRACE",
            "DEBUG",
            "INFO",
            "WARN",
            "ERROR"
        ],
        "loggers": {
            "com": {
                "configuredLevel": "INFO",
                "effectiveLevel": "INFO"
            },
            "org.teiid.COMMAND_LOG": {
                "configuredLevel": "ERROR",
                "effectiveLevel": "ERROR"
            },
            ...
            "org.teiid.RUNTIME": {
                "configuredLevel": "INFO",
                "effectiveLevel": "INFO"
            }
        }
    }
}

      Example response with a specified configured logger (e.g"org.teiid.RUNTIME" logger):

      {
    "data": {
        "configuredLevel": "INFO",
        "effectiveLevel": "INFO"
    }
}

      PIP Operator GET Response Example

      {
    "data": {
        "levels": [
            "OFF",
            "TRACE",
            "DEBUG",
            "INFO",
            "WARN",
            "ERROR"
        ],
        "loggers": {
            "com": {
                "configuredLevel": "DEBUG",
                "effectiveLevel": "DEBUG"
            },
            "org.teiid.COMMAND_LOG": {
                "configuredLevel": "ERROR",
                "effectiveLevel": "ERROR"
            },
            "org.teiid.PLANNER": {
                "configuredLevel": "INFO",
                "effectiveLevel": "INFO"
            },
            "tomcat": {
                "configuredLevel": "ERROR",
                "effectiveLevel": "ERROR"
            },
            "org": {
                "configuredLevel": "ERROR",
                "effectiveLevel": "ERROR"
            },
            "org.teiid.BUFFER_MGR": {
                "configuredLevel": "ERROR",
                "effectiveLevel": "ERROR"
            },
            "org.teiid.AUDIT_LOG": {
                "configuredLevel": "ERROR",
                "effectiveLevel": "ERROR"
            },
            "org.teiid.PROCESSOR": {
                "configuredLevel": "INFO",
                "effectiveLevel": "INFO"
            },
            "com.plainid": {
                "configuredLevel": "INFO",
                "effectiveLevel": "INFO"
            },
            "org.teiid.ADMIN_API": {
                "configuredLevel": "ERROR",
                "effectiveLevel": "ERROR"
            },
            "org.springframework.security": {
                "configuredLevel": "ERROR",
                "effectiveLevel": "ERROR"
            },
            "org.teiid.TRANSPORT": {
                "configuredLevel": "INFO",
                "effectiveLevel": "INFO"
            },
            "org.springframework.web": {
                "configuredLevel": "INFO",
                "effectiveLevel": "INFO"
            },
            "org.teiid": {
                "configuredLevel": "DEBUG",
                "effectiveLevel": "DEBUG"
            },
            "org.teiid.ODBC": {
                "configuredLevel": "ERROR",
                "effectiveLevel": "ERROR"
            },
            "org.teiid.CONNECTOR": {
                "configuredLevel": "DEBUG",
                "effectiveLevel": "DEBUG"
            },
            "org.teiid.TXN_LOG": {
                "configuredLevel": "ERROR",
                "effectiveLevel": "ERROR"
            },
            "org.springframework": {
                "configuredLevel": "DEBUG",
                "effectiveLevel": "DEBUG"
            },
            "web": {
                "configuredLevel": "ERROR",
                "effectiveLevel": "INFO"
            },
            "root": {
                "configuredLevel": "INFO",
                "effectiveLevel": "INFO"
            },
            "org.teiid.SECURITY": {
                "configuredLevel": "INFO",
                "effectiveLevel": "INFO"
            },
            "org.teiid.RUNTIME": {
                "configuredLevel": "INFO",
                "effectiveLevel": "INFO"
            }
        }
    }
}

      Agent GET Response Example

      {
    "data": {
        "levels": [
            "OFF",
            "TRACE",
            "DEBUG",
            "INFO",
            "WARN",
            "ERROR"
        ],
        "loggers": {
            "com": {
                "configuredLevel": "ERROR",
                "effectiveLevel": "ERROR"
            },
            "org.springframework": {
                "configuredLevel": "INFO",
                "effectiveLevel": "INFO"
            },
            "tomcat": {
                "configuredLevel": "ERROR",
                "effectiveLevel": "ERROR"
            },
            "web": {
                "configuredLevel": "ERROR",
                "effectiveLevel": "INFO"
            },
            "org": {
                "configuredLevel": "ERROR",
                "effectiveLevel": "ERROR"
            },
            "root": {
                "configuredLevel": "INFO",
                "effectiveLevel": "INFO"
            },
            "com.plainid": {
                "configuredLevel": "INFO",
                "effectiveLevel": "INFO"
            },
            "org.springframework.security": {
                "configuredLevel": "ERROR",
                "effectiveLevel": "ERROR"
            },
            "org.springframework.web": {
                "configuredLevel": "INFO",
                "effectiveLevel": "INFO"
            }
        }
    }
}

      Runtime GET Response Example

      {
    "data": {
        "levels": [
            "OFF",
            "TRACE",
            "DEBUG",
            "INFO",
            "WARN",
            "ERROR"
        ],
        "loggers": {
            "com.plainid.runtime": {
                "configuredLevel": "INFO",
                "effectiveLevel": "INFO"
            },
            "root": {
                "configuredLevel": "ERROR",
                "effectiveLevel": "ERROR"
            }
        }
    }
}

      Response

      ParameterTypeDescription
      configuredLevelstringIndicates the level of the logger explicitly set in the configuration or the API.
      effectiveLevelstringIndicates the logger level inherited by the ancestor(s) or defined specifically by the configuredLevel parameter. See the section on the POST method to learn how to configure this parameter.

      Modifying the Log Level

      POST https://api.{region}.plainid.io/pip-mgmt/1.0/monitor/loggers/{SERVICE_NAME}/{PAA_ID}/{LOGGER_NAME}

      To change the log level for a specific service:

      1. Copy the POST request above
      2. Modify the Service Name (Runtime, Agent, or PIP Operator) and the PAA ID.
      3. Specify the logger. This parameter is required.
      4. Use the configuredLevel parameter to specify the desired log level (OFF, INFO, TRACE, DEBUG, ERROR, WARN.)
      5. Ensure you are authenticated and make the POST request.

      Service POST Request Example

      Request example of a service (Runtime, Agent, or PIP Operator) body when modifying log level to TRACE:

      {
        "configuredLevel": "TRACE"
}

      Service POST Response Example

      Response Example of a service (Runtime, Agent, or PIP Operator) body when log level has been modified to TRACE:
      Res

      {
    "data": {
        "configuredLevel": "TRACE",
        "effectiveLevel": "TRACE"
    }
}

      Response

      ParameterTypeDescription
      configuredLevelstringIndicates the level of the logger explicitly set in the configuration or the API.
      effectiveLevelstringIndicates the logger level inherited by the ancestor(s) or defined specifically by the configuredLevel parameter. See the section on the POST method to learn how to configure this parameter.

      Logging Configuration

      Changes made through this are not permanent and revert to the initial setup if the service is restarted. For permanent log level changes, modifications should be made through helm or standalone configurations. These changes are ongoing, even after service restarts. Refer to the appropriate Helm and Standalone configurations to customize the loggers:

      For Helm Configuration Logging, copy the following parameters from the values.yaml file, add them to the custom-values.yaml file and modify as needed according to the service:

      • PIP-Operator

        • .Values.pipOperator.logLevel

      • PlainID Agent

        • .Values.agent.logLevel

      • Runtime

        • .Values.runtime.logLevel

      For the Standalone Configuration Logging, copy the log levels and modify these parameters in the Environment Variables as needed according to the service:

      Was this article helpful?
      What's Next