[Pki-devel] [PATCH] Fix 'status' command in 'pkidaemon' . . .

Ade Lee alee at redhat.com
Wed Dec 19 17:46:34 UTC 2012 

OK -- I tried this -- 

1. Install instance A with CA, KRA
2. Install instance B with CA.  At this point, status shows me error on
not being able to find KRA files on instance B.
3. Install OCSP on instance A.
4. Remove OCSP on instance A.  Other than problem mentioned above, all
looks ok.
5. Install OCSP on instance B.

I see this for B:
Status for pki-tomcat28: pki-tomcat28 is running ..

    [CA Status Definitions]
    Unsecure Port       = http://alee-workpc.redhat.com:8280/ca/ee/ca
    Secure Agent Port   = https://alee-workpc.redhat.com:8283/ca/agent/ca
    Secure EE Port      = https://alee-workpc.redhat.com:8283/ca/ee/ca
    Secure Admin Port   = https://alee-workpc.redhat.com:8283/ca/services
    EE Client Auth Port = https://alee-workpc.redhat.com:8283/ca/eeca/ca
    PKI Console Port    = pkiconsole https://alee-workpc.redhat.com:8283/ca
    Tomcat Port         = 8285 (for shutdown)
    Unsecure Port       = http://alee-workpc.redhat.com:8280/kra/ee/kra
    Secure Agent Port   = https://alee-workpc.redhat.com:8283/kra/agent/kra
    Secure EE Port      = https://alee-workpc.redhat.com:8283/kra/ee/kra
    Secure Admin Port   = https://alee-workpc.redhat.com:8283/kra/services
    PKI Console Port    = pkiconsole https://alee-workpc.redhat.com:8283/kra
    Tomcat Port         = 8285 (for shutdown)

    [OCSP Status Definitions]
    Unsecure Port       = http://alee-workpc.redhat.com:8280/ocsp/ee/ocsp
    Secure Agent Port   = https://alee-workpc.redhat.com:8283/ocsp/agent/ocsp
    Secure EE Port      = https://alee-workpc.redhat.com:8283/ocsp/ee/ocsp
    Secure Admin Port   = https://alee-workpc.redhat.com:8283/ocsp/services
    PKI Console Port    = pkiconsole https://alee-workpc.redhat.com:8283/ocsp
    Tomcat Port         = 8285 (for shutdown)

Looks like you are not parsing the server.conf correctly.


On Wed, 2012-12-19 at 12:29 -0500, Ade Lee wrote:
> I found the following issues:
> 
> Issue 1:
> 
> Lets say I have the following setup:
> instance A with subsystems CA, KRA, OCSP
> instance B with subsystem CA, KRA
> 
> Then for instance B, I see the following error message:
> 
> grep: /var/lib/pki/pki-tomcat27/conf/ocsp/CS.cfg: No such file or directory
> pki-tomcat27 Configuration Definitions not found for ocsp
> 
> It appears that if any instance has a subsystem, then it is assumed that
> all instances have that subsystem because you use a global list of
> subsystems.
> 
> Issue 2:
> 
> This may be a pkidestroy problem.  I did a pkidestroy of the OCSP on
> instance A.  Now I see the following:
> 
>     [CA Status Definitions]
>     Unsecure Port       = http://alee-workpc.redhat.com:8220/ca/ee/ca
>     Secure Agent Port   = https://alee-workpc.redhat.com:8223/ca/agent/ca
>     Secure EE Port      = https://alee-workpc.redhat.com:8223/ca/ee/ca
>     Secure Admin Port   = https://alee-workpc.redhat.com:8223/ca/services
>     EE Client Auth Port = https://alee-workpc.redhat.com:8223/ca/eeca/ca
>     PKI Console Port    = pkiconsole https://alee-workpc.redhat.com:8223/ca
>     Tomcat Port         = 8225 (for shutdown)
> 
>     [DRM Status Definitions]
>     Unsecure Port       = http://alee-workpc.redhat.com:8220/kra/ee/kra
>     Secure Agent Port   = https://alee-workpc.redhat.com:8223/kra/agent/kra
>     Secure EE Port      = https://alee-workpc.redhat.com:8223/kra/ee/kra
>     Secure Admin Port   = https://alee-workpc.redhat.com:8223/kra/services
>     PKI Console Port    = pkiconsole https://alee-workpc.redhat.com:8223/kra
>     Tomcat Port         = 8225 (for shutdown)
>     Unsecure Port       = http://alee-workpc.redhat.com:8220/ocsp/ee/ocsp
>     Secure Agent Port   = https://alee-workpc.redhat.com:8223/ocsp/agent/ocsp
>     Secure EE Port      = https://alee-workpc.redhat.com:8223/ocsp/ee/ocsp
>     Secure Admin Port   = https://alee-workpc.redhat.com:8223/ocsp/services
>     PKI Console Port    = pkiconsole https://alee-workpc.redhat.com:8223/ocsp
>     Tomcat Port         = 8225 (for shutdown)
> 
> That is -- I still see definitions from the removed OCSP.  Ditto if I
> remove the KRA.
> 
> Maybe this is a weird instance.  Still testing ..
> 
> 
> 
> On Tue, 2012-12-18 at 19:36 -0800, Matthew Harmsen wrote:
> > The attached patch addresses the following PKI issue:
> >       * TRAC Ticket #271 - Dogtag 10: Fix 'status' command in
> >         'pkidaemon' . . .
> > 
> > _______________________________________________
> > Pki-devel mailing list
> > Pki-devel at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-devel
> 
> 
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

More information about the Pki-devel mailing list