Enable Logging for root Certmonger

While trying to debug an Ansible module calling Certmonger, I found myself afoul of some mistake I could not quite trace. Certmonger was having trouble reading the key to generate the certificate. But nothing was showing up in the log. Here’s how I got some logging info.

Certmonger is managed by systemd. The configuration is managed in /usr/lib/systemd/system/certmonger.service and on my system it looks like this:

[Unit]
Description=Certificate monitoring and PKI enrollment
After=syslog.target network.target dbus.service
 
[Service]
Type=dbus
PIDFile=/var/run/certmonger.pid
EnvironmentFile=-/etc/sysconfig/certmonger
ExecStart=/usr/sbin/certmonger -S -p /var/run/certmonger.pid -n $OPTS
BusName=org.fedorahosted.certmonger
 
[Install]
WantedBy=multi-user.target

I want to enable logging, and to do so, I need to fill in that $OPTS param. I can do that by putting the entry I want in the EnvironmentFile. To see mine:

$ sudo cat /etc/sysconfig/certmonger
OPTS="-d 15"

And restart cermonger

sudo systemctl restart certmonger

Next time I do a certmonger command I can tail the journal:

 sudo journalctl -f

And I will see output along the lines of:

Mar 02 19:52:19 sso.ayoung.rdusalab certmonger[15680]: 2018-03-02 19:52:19 [15680] Certificate issued (0 chain certificates, 0 roots).
Mar 02 19:52:19 sso.ayoung.rdusalab certmonger[15680]: 2018-03-02 19:52:19 [15680] Request2('20180303005218') moved to state 'NEED_TO_SAVE_CERT'
Mar 02 19:52:19 sso.ayoung.rdusalab certmonger[15680]: 2018-03-02 19:52:19 [15680] Will revisit Request2('20180303005218') now.
Mar 02 19:52:19 sso.ayoung.rdusalab certmonger[15680]: 2018-03-02 19:52:19 [15680] Request2('20180303005218') taking writing lock
Mar 02 19:52:19 sso.ayoung.rdusalab certmonger[15680]: 2018-03-02 19:52:19 [15680] No hooks set for pre-save command.
Mar 02 19:52:19 sso.ayoung.rdusalab certmonger[15680]: 2018-03-02 19:52:19 [15680] Request2('20180303005218') moved to state 'START_SAVING_CERT'
Mar 02 19:52:19 sso.ayoung.rdusalab certmonger[15680]: 2018-03-02 19:52:19 [15680] Will revisit Request2('20180303005218') now.
Mar 02 19:52:19 sso.ayoung.rdusalab certmonger[15680]: 2018-03-02 19:52:19 [15680] Request2('20180303005218') moved to state 'SAVING_CERT'
Mar 02 19:52:19 sso.ayoung.rdusalab certmonger[15680]: 2018-03-02 19:52:19 [15680] Will revisit Request2('20180303005218') on traffic from 11.
Mar 02 19:52:19 sso.ayoung.rdusalab certmonger[15680]: 2018-03-02 19:52:19 [15680] Request2('20180303005218') moved to state 'SAVED_CERT'
Mar 02 19:52:19 sso.ayoung.rdusalab certmonger[15680]: 2018-03-02 19:52:19 [15680] Will revisit Request2('20180303005218') now.
Mar 02 19:52:19 sso.ayoung.rdusalab certmonger[15680]: 2018-03-02 19:52:19 [15680] Request2('20180303005218') moved to state 'NEED_TO_SAVE_CA_CERTS'
Mar 02 19:52:19 sso.ayoung.rdusalab certmonger[15680]: 2018-03-02 19:52:19 [15680] Will revisit Request2('20180303005218') now.
Mar 02 19:52:19 sso.ayoung.rdusalab certmonger[15680]: 2018-03-02 19:52:19 [15680] Request2('20180303005218') moved to state 'START_SAVING_CA_CERTS'
Mar 02 19:52:19 sso.ayoung.rdusalab certmonger[15680]: 2018-03-02 19:52:19 [15680] Will revisit Request2('20180303005218') now.
Mar 02 19:52:19 sso.ayoung.rdusalab certmonger[15680]: 2018-03-02 19:52:19 [15680] Request2('20180303005218') moved to state 'SAVING_CA_CERTS'
Mar 02 19:52:19 sso.ayoung.rdusalab certmonger[15680]: 2018-03-02 19:52:19 [15680] Will revisit Request2('20180303005218') on traffic from 11.
Mar 02 19:52:19 sso.ayoung.rdusalab certmonger[15680]: 2018-03-02 19:52:19 [15680] Request2('20180303005218') moved to state 'NEED_TO_READ_CERT'
Mar 02 19:52:19 sso.ayoung.rdusalab certmonger[15680]: 2018-03-02 19:52:19 [15680] Will revisit Request2('20180303005218') now.
Mar 02 19:52:19 sso.ayoung.rdusalab certmonger[15680]: 2018-03-02 19:52:19 [15680] Request2('20180303005218') moved to state 'READING_CERT'
Mar 02 19:52:19 sso.ayoung.rdusalab certmonger[15680]: 2018-03-02 19:52:19 [15680] Will revisit Request2('20180303005218') on traffic from 11.
Mar 02 19:52:19 sso.ayoung.rdusalab certmonger[15680]: 2018-03-02 19:52:19 [16036] Read value "0" from "/proc/sys/crypto/fips_enabled".

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.