You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Mike Jumper (Jira)" <ji...@apache.org> on 2020/07/20 21:05:00 UTC
[jira] [Commented] (GUACAMOLE-1142) Insufficient verbosity for
FreeRDP logging failures.
[ https://issues.apache.org/jira/browse/GUACAMOLE-1142?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17161537#comment-17161537 ]
Mike Jumper commented on GUACAMOLE-1142:
----------------------------------------
{quote}
Meaning, the `WARNING` should actually be `ERROR` ...
{quote}
That message is logged at the "warning" level rather than "error" because it is not necessarily an error. There is no way to know at the point that the message is logged that the connection will fail, and no way to know at the point that the failure occurs that it is due to the condition warned about. It is a warning because it is a known incorrect configuration which may cause trouble, and should be noted by the administrator if things are misbehaving.
{quote}
... and a bit more descriptive.
{quote}
The message reads:
"FreeRDP initialization may fail: The current user's home directory ("/var/lib/tomcat9") is not writable, but FreeRDP generally requires a writable home directory for storage of configuration files and certificates."
Certainly that is descriptive enough?
I don't disagree that there should be better logging of the failure that occurs within FreeRDP, however:
* I don't think the issue here is the log level of the warning (which I would argue is correct)
* Internal log messages from FreeRDP are available via guacd's "debug" log level, but beware that we relegated the internal FreeRDP messages to the "debug" level for a reason. They are very low level, and often more confusing than helpful, particularly when things are actually functioning without issue.
* FreeRDP does expose additional error information that we can hook in to for the benefit of a better error message, but beware that the failure in this case would likely also be confusing, with FreeRDP reporting that security negotiation has failed or similar.
So, overall:
* Yes, logging should be improved.
* No, that message is correct in being a warning.
* Given the information exposed by the FreeRDP library, improved logging would not have helped you here. Or ... perhaps more accurately: it is not possible to improve the logging to the point that it would have helped you in this specific case, and the existing warning already covers this to the degree possible.
{quote}
I lost quite a bit of time today due to an issue. It would have been resolved WAY faster, if the logging for the FreeRDP was more verbose.
{quote}
If things are not behaving as expected, reading through the logs for things like warnings would be a best practice. For the case at hand, that warning really does seem pretty darn verbose.
> Insufficient verbosity for FreeRDP logging failures.
> ----------------------------------------------------
>
> Key: GUACAMOLE-1142
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1142
> Project: Guacamole
> Issue Type: Improvement
> Components: guacd
> Affects Versions: 1.2.0
> Environment: Ubuntu 20.04 LTS Server
> Reporter: Georgi Yankov
> Priority: Major
>
> I lost quite a bit of time today due to an issue. It would have been resolved WAY faster, if the logging for the FreeRDP was more verbose.
> Issue was as follow:
> Tomcat9 from package manager, for the guacamole-client, v1.2, running under TOMCAT:TOMCAT;
> guacamole-server v1.2, running as systemd service under USER1:USER1.
> Issue was, that i had set the USER1 home directory as `/var/lib/tomcat9`, which was with TOMCAT:TOMCAT ownership.
> As such, when trying to create a RDP session through the guacamole, it was failing in the GUI with generic error, and in the `guacd` logs with the following:
> {code:none}
> guacd[86198]: INFO: Creating new client for protocol "rdp"
> guacd[86198]: INFO: Connection ID is "$7a42dbb9-c455-456d-b3c7-de3e55d996f1"
> guacd[86239]: WARNING: FreeRDP initialization may fail: The current user's home directory ("/var/lib/tomcat9") is not writable, but FreeRDP generally requires a writable home directory for storage of configuration files and certificates.
> guacd[86239]: INFO: Security mode: TLS
> guacd[86239]: INFO: Resize method: none
> guacd[86239]: INFO: User "@d9c76574-ff04-41eb-8f09-e045a2e202a4" joined connection "$7a42dbb9-c455-456d-b3c7-de3e55d996f1" (1 users now present)
> guacd[86239]: INFO: Loading keymap "base"
> guacd[86239]: INFO: Loading keymap "en-us-qwerty"
> guacd[86239]: ERROR: Error connecting to RDP server
> guacd[86239]: INFO: User "@d9c76574-ff04-41eb-8f09-e045a2e202a4" disconnected (0 users remain)
> guacd[86239]: INFO: Last user of connection "$7a42dbb9-c455-456d-b3c7-de3e55d996f1" disconnected
> guacd[86198]: INFO: Connection "$7a42dbb9-c455-456d-b3c7-de3e55d996f1" removed.{code}
> As you can see, there is a simple `ERROR`, which means ABSOLUTELY nothing. Its terribly descriptive.
> But thats not all.
> The main issue is, that the `WARNING` present, is also misleading. The cause of the issue was in fact permissions, because the user under which `guacd` runs, needs to have write permissions for its $HOME directory, to create the FreeRDP `.config` folder.
>
> Meaning, the `WARNING` should actually be `ERROR` and a bit more descriptive.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)