<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">ACKed by alee and checked-in (with the
collapsed conditional discussed).<br>
<blockquote>commit 01bbfc224a228206fbe18318b2a23363fa9663cc<br>
Author: Matthew Harmsen <a class="moz-txt-link-rfc2396E" href="mailto:mharmsen@redhat.com"><mharmsen@redhat.com></a><br>
Date: Wed Dec 19 11:49:57 2012 -0800<br>
<br>
TRAC Ticket #271 - Dogtag 10: Fix 'status' command in
'pkidaemon' . . .<br>
<br>
</blockquote>
On 12/19/12 11:35, Matthew Harmsen wrote:<br>
</div>
<blockquote cite="mid:50D216F6.30302@redhat.com" type="cite">Ade,
<br>
<br>
The attached patch should address these issues.
<br>
<br>
-- Matt
<br>
<br>
On 12/19/12 09:46, Ade Lee wrote:
<br>
<blockquote type="cite">OK -- I tried this --
<br>
<br>
1. Install instance A with CA, KRA
<br>
2. Install instance B with CA. At this point, status shows me
error on
<br>
not being able to find KRA files on instance B.
<br>
3. Install OCSP on instance A.
<br>
4. Remove OCSP on instance A. Other than problem mentioned
above, all
<br>
looks ok.
<br>
5. Install OCSP on instance B.
<br>
<br>
I see this for B:
<br>
Status for pki-tomcat28: pki-tomcat28 is running ..
<br>
<br>
[CA Status Definitions]
<br>
Unsecure Port =
<a class="moz-txt-link-freetext" href="http://alee-workpc.redhat.com:8280/ca/ee/ca">http://alee-workpc.redhat.com:8280/ca/ee/ca</a>
<br>
Secure Agent Port =
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8283/ca/agent/ca">https://alee-workpc.redhat.com:8283/ca/agent/ca</a>
<br>
Secure EE Port =
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8283/ca/ee/ca">https://alee-workpc.redhat.com:8283/ca/ee/ca</a>
<br>
Secure Admin Port =
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8283/ca/services">https://alee-workpc.redhat.com:8283/ca/services</a>
<br>
EE Client Auth Port =
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8283/ca/eeca/ca">https://alee-workpc.redhat.com:8283/ca/eeca/ca</a>
<br>
PKI Console Port = pkiconsole
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8283/ca">https://alee-workpc.redhat.com:8283/ca</a>
<br>
Tomcat Port = 8285 (for shutdown)
<br>
Unsecure Port =
<a class="moz-txt-link-freetext" href="http://alee-workpc.redhat.com:8280/kra/ee/kra">http://alee-workpc.redhat.com:8280/kra/ee/kra</a>
<br>
Secure Agent Port =
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8283/kra/agent/kra">https://alee-workpc.redhat.com:8283/kra/agent/kra</a>
<br>
Secure EE Port =
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8283/kra/ee/kra">https://alee-workpc.redhat.com:8283/kra/ee/kra</a>
<br>
Secure Admin Port =
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8283/kra/services">https://alee-workpc.redhat.com:8283/kra/services</a>
<br>
PKI Console Port = pkiconsole
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8283/kra">https://alee-workpc.redhat.com:8283/kra</a>
<br>
Tomcat Port = 8285 (for shutdown)
<br>
<br>
[OCSP Status Definitions]
<br>
Unsecure Port =
<a class="moz-txt-link-freetext" href="http://alee-workpc.redhat.com:8280/ocsp/ee/ocsp">http://alee-workpc.redhat.com:8280/ocsp/ee/ocsp</a>
<br>
Secure Agent Port =
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8283/ocsp/agent/ocsp">https://alee-workpc.redhat.com:8283/ocsp/agent/ocsp</a>
<br>
Secure EE Port =
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8283/ocsp/ee/ocsp">https://alee-workpc.redhat.com:8283/ocsp/ee/ocsp</a>
<br>
Secure Admin Port =
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8283/ocsp/services">https://alee-workpc.redhat.com:8283/ocsp/services</a>
<br>
PKI Console Port = pkiconsole
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8283/ocsp">https://alee-workpc.redhat.com:8283/ocsp</a>
<br>
Tomcat Port = 8285 (for shutdown)
<br>
<br>
Looks like you are not parsing the server.conf correctly.
<br>
<br>
<br>
On Wed, 2012-12-19 at 12:29 -0500, Ade Lee wrote:
<br>
<blockquote type="cite">I found the following issues:
<br>
<br>
Issue 1:
<br>
<br>
Lets say I have the following setup:
<br>
instance A with subsystems CA, KRA, OCSP
<br>
instance B with subsystem CA, KRA
<br>
<br>
Then for instance B, I see the following error message:
<br>
<br>
grep: /var/lib/pki/pki-tomcat27/conf/ocsp/CS.cfg: No such file
or directory
<br>
pki-tomcat27 Configuration Definitions not found for ocsp
<br>
<br>
It appears that if any instance has a subsystem, then it is
assumed that
<br>
all instances have that subsystem because you use a global
list of
<br>
subsystems.
<br>
<br>
Issue 2:
<br>
<br>
This may be a pkidestroy problem. I did a pkidestroy of the
OCSP on
<br>
instance A. Now I see the following:
<br>
<br>
[CA Status Definitions]
<br>
Unsecure Port =
<a class="moz-txt-link-freetext" href="http://alee-workpc.redhat.com:8220/ca/ee/ca">http://alee-workpc.redhat.com:8220/ca/ee/ca</a>
<br>
Secure Agent Port =
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8223/ca/agent/ca">https://alee-workpc.redhat.com:8223/ca/agent/ca</a>
<br>
Secure EE Port =
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8223/ca/ee/ca">https://alee-workpc.redhat.com:8223/ca/ee/ca</a>
<br>
Secure Admin Port =
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8223/ca/services">https://alee-workpc.redhat.com:8223/ca/services</a>
<br>
EE Client Auth Port =
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8223/ca/eeca/ca">https://alee-workpc.redhat.com:8223/ca/eeca/ca</a>
<br>
PKI Console Port = pkiconsole
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8223/ca">https://alee-workpc.redhat.com:8223/ca</a>
<br>
Tomcat Port = 8225 (for shutdown)
<br>
<br>
[DRM Status Definitions]
<br>
Unsecure Port =
<a class="moz-txt-link-freetext" href="http://alee-workpc.redhat.com:8220/kra/ee/kra">http://alee-workpc.redhat.com:8220/kra/ee/kra</a>
<br>
Secure Agent Port =
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8223/kra/agent/kra">https://alee-workpc.redhat.com:8223/kra/agent/kra</a>
<br>
Secure EE Port =
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8223/kra/ee/kra">https://alee-workpc.redhat.com:8223/kra/ee/kra</a>
<br>
Secure Admin Port =
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8223/kra/services">https://alee-workpc.redhat.com:8223/kra/services</a>
<br>
PKI Console Port = pkiconsole
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8223/kra">https://alee-workpc.redhat.com:8223/kra</a>
<br>
Tomcat Port = 8225 (for shutdown)
<br>
Unsecure Port =
<a class="moz-txt-link-freetext" href="http://alee-workpc.redhat.com:8220/ocsp/ee/ocsp">http://alee-workpc.redhat.com:8220/ocsp/ee/ocsp</a>
<br>
Secure Agent Port =
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8223/ocsp/agent/ocsp">https://alee-workpc.redhat.com:8223/ocsp/agent/ocsp</a>
<br>
Secure EE Port =
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8223/ocsp/ee/ocsp">https://alee-workpc.redhat.com:8223/ocsp/ee/ocsp</a>
<br>
Secure Admin Port =
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8223/ocsp/services">https://alee-workpc.redhat.com:8223/ocsp/services</a>
<br>
PKI Console Port = pkiconsole
<a class="moz-txt-link-freetext" href="https://alee-workpc.redhat.com:8223/ocsp">https://alee-workpc.redhat.com:8223/ocsp</a>
<br>
Tomcat Port = 8225 (for shutdown)
<br>
<br>
That is -- I still see definitions from the removed OCSP.
Ditto if I
<br>
remove the KRA.
<br>
<br>
Maybe this is a weird instance. Still testing ..
<br>
<br>
<br>
<br>
On Tue, 2012-12-18 at 19:36 -0800, Matthew Harmsen wrote:
<br>
<blockquote type="cite">The attached patch addresses the
following PKI issue:
<br>
* TRAC Ticket #271 - Dogtag 10: Fix 'status' command
in
<br>
'pkidaemon' . . .
<br>
<br>
_______________________________________________
<br>
Pki-devel mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a>
<br>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a>
<br>
</blockquote>
<br>
_______________________________________________
<br>
Pki-devel mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a>
<br>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a>
<br>
</blockquote>
<br>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Pki-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a></pre>
</blockquote>
<br>
</body>
</html>