Debug and logging

Hi all,

I’m having a some issues with authentication, although I can’t seem to find where the log files are and how I can turn on debugging.

There is no field specified in the systemd file either. I’m just wondering if I missed something in the documentation or this is something to be added in the future.

Cheers

Thanks for trying out Boundary @therealhanlin.

If you’re running the service under systemd you can see the logs by using journald. Example:

journalctl -u boundary-server.service # replace 'boundary-server' with the name of your boundary systemd unit name.

You can find the systemd unit file name by checking the systemd unit file.

We currently don’t support any log redirection within Boundary itself and instead leave this to the init systems that are running the process. Let me know if this helps!

Hi,

Thanks for the quick reply. I’ve tried that command, but it doesn’t show any logs regarding client log on. And all I can see on the client is 401 Error “Unauthenticated, or invalid token.”.

Cheers

What’s does ‘systemctl status’ say?

Same thing as journalctl, it does show logs of API operations triggered by Terraform, just not any info on the client side.

Should have asked this originally, have you successfully authenticated to Boundary? That error points to an invalid auth token.

No, I haven’t been able to auth. There is something wrong with my role and scope configs that I couldn’t figure out which is why I’m hoping to find something in the logs.

Can you show me the complete CLI output from you auth command?

Please see below. I’m running boundary client in Powershell 7 on a Win10 machine.

Error from controller when performing authentication:
Error information:
  Code:                Unauthenticated
  Message:             Unauthenticated, or invalid token.
  Status:              401

Thanks @therealhanlin - I need to see the command you ran as well, with any applicable flags.

I finally managed to login, I added 2 more roles allowing anonymous login. The rest is unchanged. Although I don’t really understand why I need those 2 roles for logging into Boundary.

resource "boundary_role" "global_anon_listing" {
  name     = "Global anonymous RO"
  scope_id = boundary_scope.global.id
  grant_strings = [
    "id=*;type=auth-method;actions=list,authenticate",
    "type=scope;actions=list",
    "id={{account.id}};actions=read,change-password"
  ]
  principal_ids = ["u_anon"]
}

resource "boundary_role" "org_anon_listing" {
  name     = "Org anonymous RO"
  scope_id = boundary_scope.org-rm.id
  grant_strings = [
    "id=*;type=auth-method;actions=list,authenticate",
    "type=scope;actions=list",
    "id={{account.id}};actions=read,change-password"
  ]
  principal_ids = ["u_anon"]
}