How to increase the log level for the ServiceCA Controller

Solution Verified - Updated 13 Jun 2024

Environment

OpenShift 4.x
Service CA Operator

Issue

When troubleshooting the ServiceCA Operator, the logLevel value for the servicecas.operator.openshift.io Custom Resource (CR) has been updated to Debug or TraceAll but the ServiceCA Controller has not increased the verbosity of the log output.

Is there a way to increase the log verbosity for debugging purposes?

Resolution

Red Hat is aware of this issue and this is currently being worked on by the Engineering Teams.

As a workaround for this issue, the ServiceCA Controller can be re-deployed after making changes to the ServiceCA Custom Resource (CR) using the following commands:

|⇒ oc patch servicecas/cluster --type merge --patch '{"spec": {"logLevel": "TraceAll"}}'
serviceca.operator.openshift.io/cluster patched

|⇒ oc get deploy -n openshift-service-ca
NAME         READY   UP-TO-DATE   AVAILABLE   AGE
service-ca   1/1     1            1           21h

|⇒ oc get deploy -n openshift-service-ca -o yaml | grep -- -v=
          - -v=2

|⇒ oc delete deploy/service-ca -n openshift-service-ca
deployment.apps "service-ca" deleted

|⇒ oc get deploy -n openshift-service-ca -o yaml | grep -- -v=
          - -v=8

Root Cause

The ServiceCA CR is not reconciled immediately by the OpenShift ServiceCA Operator at this stage.

Red Hat is aware of this issue and there is an open Bugzilla Ticket tracking this issue. ( This content is not included.BZ 2048349 )

If you are currently suffering from this issue or require further information about the progress on this bug, please create a support case and the Red Hat Support Teams will assist you further.

Diagnostic Steps

Change the servicecas.spec.logLevel option to Debug, Trace or TraceAll

  |⇒ oc patch servicecas/cluster --type merge --patch '{"spec": {"logLevel": "Debug"}}'
serviceca.operator.openshift.io/cluster patched

  |⇒ oc get servicecas/cluster -o yaml | grep logLevel
    logLevel: Debug

Check the ServiceCA Operator Pod and verify the verbosity level is at level 2.

  |⇒ oc get pods -n openshift-service-ca
  NAME                          READY   STATUS    RESTARTS   AGE
  service-ca-6c555ff88b-snzkk   1/1     Running   0          21h

  |⇒ oc get pods -n openshift-service-ca -o yaml | grep -- -v
        - -v=2

Inspect the output logs

|⇒ oc logs -n openshift-service-ca service-ca-6c555ff88b-snzkk
W0131 02:23:02.153165       1 cmd.go:204] Using insecure, self-signed certificates
I0131 02:23:02.153504       1 crypto.go:601] Generating new CA for service-ca-controller-signer@1643595782 cert, and key in /tmp/serving-cert-060059504/serving-signer.crt, /tmp/serving-cert-060059504/serving-signer.key
<truncated output>

SBR

Product(s)

Red Hat OpenShift Container Platform

Components

Category

Troubleshoot

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.