Move Certificate install in resotre path to DEBUG
We are seeing 387+ `Certificate install` messages for a single boot in
the journal log.
Moved the `Certifacte install` log for the restore path to DEBUG instead
of INFO to remove it on the normal jorunal logs.
Tested:
```
systemctl status phosphor-certificate-manager@bmcweb.service
* phosphor-certificate-manager@bmcweb.service - Phosphor certificate manager for bmcweb
Loaded: loaded (/lib/systemd/system/phosphor-certificate-manager@.service; static)
Active: active (running) since Fri 2018-03-09 19:19:02 UTC; 24s ago
Main PID: 25773 (phosphor-certif)
CGroup: /system.slice/system-phosphor\x2dcertificate\x2dmanager.slice/phosphor-certificate-manager@bmcweb.service
`-25773 /usr/bin/phosphor-certificate-manager --endpoint https --path /path/server.pem --type server --unit server_creds.target
Mar 09 19:19:02 [hostname] systemd[1]: Started Phosphor certificate manager for bmcweb.
Mar 09 19:19:03 [hostname] phosphor-certificate-manager[25773]: Error occurred during X509_verify_cert call, checking for known error
Mar 09 19:19:03 [hostname] phosphor-certificate-manager[25773]: Certificate compareKeys
Mar 09 19:19:03 [hostname] phosphor-certificate-manager[25773]: Certificate install
...
```
Change-Id: I907afd6ce4522e5c54348d16c1ace0a770f3b8f1
Signed-off-by: Willy Tu <wltu@google.com>
diff --git a/certificate.cpp b/certificate.cpp
index bf20845..9628b55 100644
--- a/certificate.cpp
+++ b/certificate.cpp
@@ -231,7 +231,7 @@
Certificate::Certificate(sdbusplus::bus_t& bus, const std::string& objPath,
CertificateType type, const std::string& installPath,
const std::string& uploadPath, Watch* watch,
- Manager& parent) :
+ Manager& parent, bool restore) :
internal::CertificateInterface(
bus, objPath.c_str(),
internal::CertificateInterface::action::defer_emit),
@@ -261,7 +261,7 @@
certFilePath = generateCertFilePath(uploadPath);
// install the certificate
- install(uploadPath);
+ install(uploadPath, restore);
this->emit_object_added();
}
@@ -270,7 +270,7 @@
const CertificateType& type,
const std::string& installPath, X509_STORE& x509Store,
const std::string& pem, Watch* watchPtr,
- Manager& parent) :
+ Manager& parent, bool restore) :
internal::CertificateInterface(
bus, objPath.c_str(),
internal::CertificateInterface::action::defer_emit),
@@ -281,7 +281,7 @@
certFilePath = generateUniqueFilePath(installPath);
// install the certificate
- install(x509Store, pem);
+ install(x509Store, pem, restore);
this->emit_object_added();
}
@@ -300,10 +300,18 @@
manager.replaceCertificate(this, filePath);
}
-void Certificate::install(const std::string& certSrcFilePath)
+void Certificate::install(const std::string& certSrcFilePath, bool restore)
{
- log<level::INFO>("Certificate install ",
- entry("FILEPATH=%s", certSrcFilePath.c_str()));
+ if (restore)
+ {
+ log<level::DEBUG>("Certificate install ",
+ entry("FILEPATH=%s", certSrcFilePath.c_str()));
+ }
+ else
+ {
+ log<level::INFO>("Certificate install ",
+ entry("FILEPATH=%s", certSrcFilePath.c_str()));
+ }
// stop watch for user initiated certificate install
if (certWatch != nullptr)
@@ -388,9 +396,19 @@
}
}
-void Certificate::install(X509_STORE& x509Store, const std::string& pem)
+void Certificate::install(X509_STORE& x509Store, const std::string& pem,
+ bool restore)
{
- log<level::INFO>("Certificate install ", entry("PEM_STR=%s", pem.data()));
+ if (restore)
+ {
+ log<level::DEBUG>("Certificate install ",
+ entry("PEM_STR=%s", pem.data()));
+ }
+ else
+ {
+ log<level::INFO>("Certificate install ",
+ entry("PEM_STR=%s", pem.data()));
+ }
if (certType != CertificateType::authority)
{
diff --git a/certificate.hpp b/certificate.hpp
index e6d22d1..8a5f70e 100644
--- a/certificate.hpp
+++ b/certificate.hpp
@@ -96,10 +96,12 @@
* @param[in] uploadPath - Path of the certificate file to upload
* @param[in] watchPtr - watch on self signed certificate
* @param[in] parent - the manager that owns the certificate
+ * @param[in] restore - the certificate is created in the restore path
*/
Certificate(sdbusplus::bus_t& bus, const std::string& objPath,
CertificateType type, const std::string& installPath,
- const std::string& uploadPath, Watch* watch, Manager& parent);
+ const std::string& uploadPath, Watch* watch, Manager& parent,
+ bool restore);
/** @brief Constructor for the Certificate Object; a variant for authorities
* list install
@@ -114,18 +116,20 @@
* @param[in] watchPtr - watch on self signed certificate
* @param[in] parent - Pointer to the manager which owns the constructed
* Certificate object
+ * @param[in] restore - the certificate is created in the restore path
*/
Certificate(sdbusplus::bus_t& bus, const std::string& objPath,
const CertificateType& type, const std::string& installPath,
X509_STORE& x509Store, const std::string& pem, Watch* watchPtr,
- Manager& parent);
+ Manager& parent, bool restore);
/** @brief Validate and Replace/Install the certificate file
* Install/Replace the existing certificate file with another
* (possibly CA signed) Certificate file.
* @param[in] filePath - Certificate file path.
+ * @param[in] restore - the certificate is created in the restore path
*/
- void install(const std::string& filePath);
+ void install(const std::string& filePath, bool restore);
/** @brief Validate and Replace/Install the certificate file
* Install/Replace the existing certificate file with another
@@ -133,8 +137,9 @@
* @param[in] x509Store - an initialized X509 store used for certificate
* validation; Certificate object doesn't own it
* @param[in] pem - a string buffer which stores a PEM encoded certificate.
+ * @param[in] restore - the certificate is created in the restore path
*/
- void install(X509_STORE& x509Store, const std::string& pem);
+ void install(X509_STORE& x509Store, const std::string& pem, bool restore);
/** @brief Validate certificate and replace the existing certificate
* @param[in] filePath - Certificate file path.
diff --git a/certs_manager.cpp b/certs_manager.cpp
index 0d0a87a..984a896 100644
--- a/certs_manager.cpp
+++ b/certs_manager.cpp
@@ -267,7 +267,7 @@
certObjectPath = objectPath + '/' + std::to_string(certIdCounter);
installedCerts.emplace_back(std::make_unique<Certificate>(
bus, certObjectPath, certType, certInstallPath, filePath,
- certWatchPtr.get(), *this));
+ certWatchPtr.get(), *this, /*restore=*/false));
reloadOrReset(unitToRestart);
certIdCounter++;
}
@@ -329,7 +329,7 @@
objectPath + '/' + std::to_string(tempCertIdCounter);
tempCertificates.emplace_back(std::make_unique<Certificate>(
bus, certObjectPath, certType, tempPath, *x509Store, authority,
- certWatchPtr.get(), *this));
+ certWatchPtr.get(), *this, /*restore=*/false));
tempCertIdCounter++;
}
@@ -425,7 +425,7 @@
{
if (isCertificateUnique(filePath, certificate))
{
- certificate->install(filePath);
+ certificate->install(filePath, false);
storageUpdate();
reloadOrReset(unitToRestart);
}
@@ -958,7 +958,7 @@
installedCerts.emplace_back(std::make_unique<Certificate>(
bus, certObjectPath + std::to_string(certIdCounter++),
certType, certInstallPath, path.path(),
- certWatchPtr.get(), *this));
+ certWatchPtr.get(), *this, /*restore=*/true));
}
}
catch (const InternalFailure& e)
@@ -978,7 +978,7 @@
{
installedCerts.emplace_back(std::make_unique<Certificate>(
bus, certObjectPath + '1', certType, certInstallPath,
- certInstallPath, certWatchPtr.get(), *this));
+ certInstallPath, certWatchPtr.get(), *this, /*restore=*/false));
}
catch (const InternalFailure& e)
{