How to change the logging level of a Spring boot app in Apps Manager through the CLI in Tanzu Application Service for VMs
search cancel

How to change the logging level of a Spring boot app in Apps Manager through the CLI in Tanzu Application Service for VMs

book

Article ID: 298198

calendar_today

Updated On:

Products

VMware Tanzu Application Service for VMs

Issue/Introduction

Apps Manager allows you to configure the logging level for each package in your Spring Boot app. However, there are times when you want to programmatically change this level through the CLI.

Environment

Product Version: 2.10

Resolution

There are a couple of ways you can approach this.


Method 1

You can curl the /actuator/loggers endpoint of your app (actuator-demo, in this example) to configure the logging level of the app. For more information, refer to Spring Boot Actuator Web API Documentation.

A pre-requisite for this to work is that the management endpoint of this app should be configured as shown here in your application.yaml or application.properties file:

management.endpoints.web.exposure.include=loggers


In this example, we are setting the logging level of the actuator-demo app to DEBUG:

curl -X POST http://actuator-demo-jh.cfapps-50.slot-59.pez.vmware.com/actuator/loggers/org.springframework.core.io.support.PathMatchingResourcePatternResolver -d '{"configuredLevel": "debug"}' -H 'Content-Type: application/json’


Note: The issue with this method is that once you expose the actuator endpoint, you give all users with access to the app the ability to change the logging level. This is a security concern and you can solve this by using Spring Security to secure this endpoint, but this would involve additional changes to the code.
 

Method 2

Programmatically access /cloudfounryapplication/loggers (instead of /acuator/logger in method 1), which is the same endpoint used by Apps Manager. To curl this end point, both the user and cf client should have the cloud_controller.user and actuator.read scopes. The user should also have a SpaceDeveloper role.

Using UAAC, you can add these scopes to a user and the cf client. Verify it as shown and then proceed to curl the cloudfounryapplication/loggers endpoint.

ubuntu@opsmgr-06-slot-59-pez-vmware-com:~$ uaac user get user | grep display
    display: roles
    display: emails.write
    display: cloud_controller.user
    display: credhub.write
    display: routing.router_groups.read
    display: profile
    display: dashboard.user
    display: notification_preferences.read
    display: scim.write
    display: actuator.read


To see an example of how to update the client scopes, refer to Update Clients with UAAC.
 
Here is an example for cf client.

uaac client update cf --scope cloud_controller.read,cloud_controller.write,cloud_controller.global_auditor,openid,password.write,cloud_controller.admin,scim.read,scim.write,doppler.firehose,uaa.user,routing.router_groups.read,routing.router_groups.write,cloud_controller.admin_read_only,network.admin,network.write,usage_service.audit,cloud_controller.user,actuator.read.


​​​​Note: Include all scopes returned by uaac client get cf Add actuator.read and cloud_controller.user to the list as show in the example.



Powered by Wolken Software