Debug and logging

therealhanlin · November 2, 2020, 7:03pm

Hi all,

I’m having a some issues with authentication, although I can’t seem to find where the log files are and how I can turn on debugging.

There is no field specified in the systemd file either. I’m just wondering if I missed something in the documentation or this is something to be added in the future.

Cheers

malnick · November 2, 2020, 7:16pm

Thanks for trying out Boundary @therealhanlin.

If you’re running the service under systemd you can see the logs by using journald. Example:

journalctl -u boundary-server.service # replace 'boundary-server' with the name of your boundary systemd unit name.

You can find the systemd unit file name by checking the systemd unit file.

We currently don’t support any log redirection within Boundary itself and instead leave this to the init systems that are running the process. Let me know if this helps!

therealhanlin · November 2, 2020, 7:21pm

Hi,

Thanks for the quick reply. I’ve tried that command, but it doesn’t show any logs regarding client log on. And all I can see on the client is 401 Error “Unauthenticated, or invalid token.”.

Cheers

malnick · November 2, 2020, 7:49pm

What’s does ‘systemctl status’ say?

therealhanlin · November 2, 2020, 7:52pm

Same thing as journalctl, it does show logs of API operations triggered by Terraform, just not any info on the client side.

malnick · November 2, 2020, 8:08pm

Should have asked this originally, have you successfully authenticated to Boundary? That error points to an invalid auth token.

therealhanlin · November 2, 2020, 9:12pm

No, I haven’t been able to auth. There is something wrong with my role and scope configs that I couldn’t figure out which is why I’m hoping to find something in the logs.

malnick · November 2, 2020, 9:42pm

Can you show me the complete CLI output from you auth command?

therealhanlin · November 2, 2020, 10:42pm

Please see below. I’m running boundary client in Powershell 7 on a Win10 machine.

Error from controller when performing authentication:
Error information:
  Code:                Unauthenticated
  Message:             Unauthenticated, or invalid token.
  Status:              401

malnick · November 2, 2020, 11:38pm

Thanks @therealhanlin - I need to see the command you ran as well, with any applicable flags.

therealhanlin · November 3, 2020, 8:30pm

I finally managed to login, I added 2 more roles allowing anonymous login. The rest is unchanged. Although I don’t really understand why I need those 2 roles for logging into Boundary.

resource "boundary_role" "global_anon_listing" {
  name     = "Global anonymous RO"
  scope_id = boundary_scope.global.id
  grant_strings = [
    "id=*;type=auth-method;actions=list,authenticate",
    "type=scope;actions=list",
    "id={{account.id}};actions=read,change-password"
  ]
  principal_ids = ["u_anon"]
}

resource "boundary_role" "org_anon_listing" {
  name     = "Org anonymous RO"
  scope_id = boundary_scope.org-rm.id
  grant_strings = [
    "id=*;type=auth-method;actions=list,authenticate",
    "type=scope;actions=list",
    "id={{account.id}};actions=read,change-password"
  ]
  principal_ids = ["u_anon"]
}