<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<tt>Please review the attached patch for:</tt><tt><br>
</tt>
<ul>
<li><tt><a href="https://fedorahosted.org/pki/ticket/899">PKI TRAC
Ticket #899 - RFE - ipa-server should keep backup of CS.cfg</a></tt></li>
</ul>
<p><tt>This patch is based upon a previously reviewed patch for the
Dogtag 9 architecture utilized by the
IPA_v2_RHEL_6_ERRATA_BRANCH, but was modified and tested to work
with the Dogtag 10.2 architecture.</tt><tt><br>
</tt></p>
<p><tt>CAVEAT 1:</tt><tt><br>
</tt></p>
<blockquote><tt>Although this patch contains changes to multiple PKI
subsystem's 'CS.cfg' configuration files, an upgrade script
should not be specifically required for legacy instances since
the parameter that is added, 'archive.configuration_file=true',
is presumed even if the parameter is missing (as it would be on
any legacy instance). In this case, it would only be necessary
to add this parameter to a legacy instance's CS.cfg, and set the
value to 'false' in order to turn off 'CS.cfg' configuration
file archival (explicit instructions detailing this are found in
the 'operations' script). However, if this is desired for
completeness, I don't mind adding it.</tt><tt><br>
</tt></blockquote>
<tt>CAVEAT 2:</tt><tt><br>
</tt>
<blockquote><tt>I had originally made the effort to attempt to have
specific crucial WARNING messages echoed to the display as well
as to the journal. I believe that this would be beneficial, as,
for example, it would immediately notify an admin that since an
error had occurred, 'CS.cfg' backups would be discontinued until
the error was corrected. My idea was to echo these WARNING
messages explicitly to stderr via redirecting them (>&2),
and adding the parameter 'StandardError=journal+console' under
the [Service] section of the '<a class="moz-txt-link-abbreviated" href="mailto:pki-tomcatd@pki-tomcat.service">pki-tomcatd@pki-tomcat.service</a>'
file. Unfortunately, I was never able to make this work - both
stdout and stderr messages were stored in the journal, but were
never displayed to the screen when typing 'systemctl restart
<a class="moz-txt-link-abbreviated" href="mailto:pki-tomcatd@pki-tomcat.service">pki-tomcatd@pki-tomcat.service</a>' (even after a 'systemctl
daemon-reload' had been performed).</tt><tt><br>
</tt></blockquote>
<tt>-- Matt</tt><br>
</body>
</html>