Page History
...
You might prefer to have the IDP application write its logs to a more standard file system location in the file system, specifically one outside the application's own directory and on a file system that where data usage is expected to grow dynamically (e.g. on /var). To do that simply set the the idp.logfiles property in any of the property files read by the IDP, e.g. within conf/idp.properties:
...
We also have to create that directory. And in order for the example commands in this documentation to work with either log directory location we'll remove the (still empty) log dir created by the IDP installer and replace it with a symlink to the actual log directoryone we just created ourselfs:
| No Format |
|---|
install -o tomcat -g root -m 0750 -d /var/log/shibboleth/ cd /opt/shibboleth-idp/ && rmdir logs && ln -s /var/log/shibboleth logs |
...
If you're certain there's no catalina.log file being generated anymore you can also disable the default logrotate config snippet for it:
...
Debian's Tomcat comes with an almost-usable systemd service that needs to be amended in order to:
- Avoid the systemd-house-of-horror that's still all too common with Tomcat/Java packaging
- Avoid slow startup times due to use of a blocking /dev/random (cf. Myths about urandom, also linked to from the Shib wiki).
- Allow the IDP application to write logs and metadata to the filesystem as needed (by adding more
ReadWritePaths) - Try avoiding the creation of catalina.out (we already have its content in journald using this configuration)
And since we're creating an override for the systemOS-supplied systemd service unit anyway we'll also set the maximum memory usage there ("-Xmx3g" in the example below, i.e., 3GB).
Adjust this as needed, but 3-4GB should be sufficient even for large metadata aggregates (as are common with with Interfederation). Also leave a bit of RAM for the OS. (Not that you should be running anything else on an IDP server.)
...
Overview
Content Tools
Tasks