[Pki-devel] [PATCH] Fix 'status' command in 'pkidaemon' . . .

Ade Lee alee at redhat.com
Wed Dec 19 17:29:05 UTC 2012 

I found the following issues:

Issue 1:

Lets say I have the following setup:
instance A with subsystems CA, KRA, OCSP
instance B with subsystem CA, KRA

Then for instance B, I see the following error message:

grep: /var/lib/pki/pki-tomcat27/conf/ocsp/CS.cfg: No such file or directory
pki-tomcat27 Configuration Definitions not found for ocsp

It appears that if any instance has a subsystem, then it is assumed that
all instances have that subsystem because you use a global list of
subsystems.

Issue 2:

This may be a pkidestroy problem.  I did a pkidestroy of the OCSP on
instance A.  Now I see the following:

    [CA Status Definitions]
    Unsecure Port       = http://alee-workpc.redhat.com:8220/ca/ee/ca
    Secure Agent Port   = https://alee-workpc.redhat.com:8223/ca/agent/ca
    Secure EE Port      = https://alee-workpc.redhat.com:8223/ca/ee/ca
    Secure Admin Port   = https://alee-workpc.redhat.com:8223/ca/services
    EE Client Auth Port = https://alee-workpc.redhat.com:8223/ca/eeca/ca
    PKI Console Port    = pkiconsole https://alee-workpc.redhat.com:8223/ca
    Tomcat Port         = 8225 (for shutdown)

    [DRM Status Definitions]
    Unsecure Port       = http://alee-workpc.redhat.com:8220/kra/ee/kra
    Secure Agent Port   = https://alee-workpc.redhat.com:8223/kra/agent/kra
    Secure EE Port      = https://alee-workpc.redhat.com:8223/kra/ee/kra
    Secure Admin Port   = https://alee-workpc.redhat.com:8223/kra/services
    PKI Console Port    = pkiconsole https://alee-workpc.redhat.com:8223/kra
    Tomcat Port         = 8225 (for shutdown)
    Unsecure Port       = http://alee-workpc.redhat.com:8220/ocsp/ee/ocsp
    Secure Agent Port   = https://alee-workpc.redhat.com:8223/ocsp/agent/ocsp
    Secure EE Port      = https://alee-workpc.redhat.com:8223/ocsp/ee/ocsp
    Secure Admin Port   = https://alee-workpc.redhat.com:8223/ocsp/services
    PKI Console Port    = pkiconsole https://alee-workpc.redhat.com:8223/ocsp
    Tomcat Port         = 8225 (for shutdown)

That is -- I still see definitions from the removed OCSP.  Ditto if I
remove the KRA.

Maybe this is a weird instance.  Still testing ..



On Tue, 2012-12-18 at 19:36 -0800, Matthew Harmsen wrote:
> The attached patch addresses the following PKI issue:
>       * TRAC Ticket #271 - Dogtag 10: Fix 'status' command in
>         'pkidaemon' . . .
> 
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

More information about the Pki-devel mailing list