What are methods to enable / disable GSKit tracing on lightweight containers?
In the past, we could either set the options in the webseal configuration or we could use isam_cli logs ssl -c enable proxy-instance
Then the gskit trace events went to the logging directory for the Web reverse proxy instance and was named ssl_trace.log.
If we enable/disable with a webseal configuration change and restart the container to pick up the latest published configuration, with the lightweight containers, as soon as they are restarted the overlay filesystem on OpenShift disappears, so all trace data is lost. Hence, it would be best to have something like the isam_cli logs ssl command. Is there such an option in wrpadmin or some other binary on the lightweight containers, or should I open an idea? This seems like an important thing to require based on how often L2 asked for gskit traces for various issues.
The same question goes for routing traces. We haven't had to do this in a long time. But if we did now with the lightweight containers, the trace data would be lost as soon as the container restarts. Enabling/disabling on a live container would be better so they could be collected before the container restarts.
Also, just to head off the question, yes, we could attach a persistent volume to the container temporarily. However, on production systems, altering our statefulset/deployment app configuration to add the persistent volume is going to be frowned on, in conjunction with the fact that it requires a restart of the pod/container and hence causes an outage as a webseal restart would.
In summary, is a gskit trace and/or a routing trace without restarting the webseal process on lightweight containers possible? If so, how is each done? If not, does anyone else think this would be a good idea canidiate?
Thanks for your thoughts!
------------------------------
Matt Jenkins
------------------------------