[Pki-devel] [PATCH] Fix 'status' command in 'pkidaemon' . . .
Matthew Harmsen
mharmsen at redhat.com
Wed Dec 19 19:35:18 UTC 2012
Ade,
The attached patch should address these issues.
-- Matt
On 12/19/12 09:46, Ade Lee wrote:
> OK -- I tried this --
>
> 1. Install instance A with CA, KRA
> 2. Install instance B with CA. At this point, status shows me error on
> not being able to find KRA files on instance B.
> 3. Install OCSP on instance A.
> 4. Remove OCSP on instance A. Other than problem mentioned above, all
> looks ok.
> 5. Install OCSP on instance B.
>
> I see this for B:
> Status for pki-tomcat28: pki-tomcat28 is running ..
>
> [CA Status Definitions]
> Unsecure Port = http://alee-workpc.redhat.com:8280/ca/ee/ca
> Secure Agent Port = https://alee-workpc.redhat.com:8283/ca/agent/ca
> Secure EE Port = https://alee-workpc.redhat.com:8283/ca/ee/ca
> Secure Admin Port = https://alee-workpc.redhat.com:8283/ca/services
> EE Client Auth Port = https://alee-workpc.redhat.com:8283/ca/eeca/ca
> PKI Console Port = pkiconsole https://alee-workpc.redhat.com:8283/ca
> Tomcat Port = 8285 (for shutdown)
> Unsecure Port = http://alee-workpc.redhat.com:8280/kra/ee/kra
> Secure Agent Port = https://alee-workpc.redhat.com:8283/kra/agent/kra
> Secure EE Port = https://alee-workpc.redhat.com:8283/kra/ee/kra
> Secure Admin Port = https://alee-workpc.redhat.com:8283/kra/services
> PKI Console Port = pkiconsole https://alee-workpc.redhat.com:8283/kra
> Tomcat Port = 8285 (for shutdown)
>
> [OCSP Status Definitions]
> Unsecure Port = http://alee-workpc.redhat.com:8280/ocsp/ee/ocsp
> Secure Agent Port = https://alee-workpc.redhat.com:8283/ocsp/agent/ocsp
> Secure EE Port = https://alee-workpc.redhat.com:8283/ocsp/ee/ocsp
> Secure Admin Port = https://alee-workpc.redhat.com:8283/ocsp/services
> PKI Console Port = pkiconsole https://alee-workpc.redhat.com:8283/ocsp
> Tomcat Port = 8285 (for shutdown)
>
> Looks like you are not parsing the server.conf correctly.
>
>
> On Wed, 2012-12-19 at 12:29 -0500, Ade Lee wrote:
>> I found the following issues:
>>
>> Issue 1:
>>
>> Lets say I have the following setup:
>> instance A with subsystems CA, KRA, OCSP
>> instance B with subsystem CA, KRA
>>
>> Then for instance B, I see the following error message:
>>
>> grep: /var/lib/pki/pki-tomcat27/conf/ocsp/CS.cfg: No such file or directory
>> pki-tomcat27 Configuration Definitions not found for ocsp
>>
>> It appears that if any instance has a subsystem, then it is assumed that
>> all instances have that subsystem because you use a global list of
>> subsystems.
>>
>> Issue 2:
>>
>> This may be a pkidestroy problem. I did a pkidestroy of the OCSP on
>> instance A. Now I see the following:
>>
>> [CA Status Definitions]
>> Unsecure Port = http://alee-workpc.redhat.com:8220/ca/ee/ca
>> Secure Agent Port = https://alee-workpc.redhat.com:8223/ca/agent/ca
>> Secure EE Port = https://alee-workpc.redhat.com:8223/ca/ee/ca
>> Secure Admin Port = https://alee-workpc.redhat.com:8223/ca/services
>> EE Client Auth Port = https://alee-workpc.redhat.com:8223/ca/eeca/ca
>> PKI Console Port = pkiconsole https://alee-workpc.redhat.com:8223/ca
>> Tomcat Port = 8225 (for shutdown)
>>
>> [DRM Status Definitions]
>> Unsecure Port = http://alee-workpc.redhat.com:8220/kra/ee/kra
>> Secure Agent Port = https://alee-workpc.redhat.com:8223/kra/agent/kra
>> Secure EE Port = https://alee-workpc.redhat.com:8223/kra/ee/kra
>> Secure Admin Port = https://alee-workpc.redhat.com:8223/kra/services
>> PKI Console Port = pkiconsole https://alee-workpc.redhat.com:8223/kra
>> Tomcat Port = 8225 (for shutdown)
>> Unsecure Port = http://alee-workpc.redhat.com:8220/ocsp/ee/ocsp
>> Secure Agent Port = https://alee-workpc.redhat.com:8223/ocsp/agent/ocsp
>> Secure EE Port = https://alee-workpc.redhat.com:8223/ocsp/ee/ocsp
>> Secure Admin Port = https://alee-workpc.redhat.com:8223/ocsp/services
>> PKI Console Port = pkiconsole https://alee-workpc.redhat.com:8223/ocsp
>> Tomcat Port = 8225 (for shutdown)
>>
>> That is -- I still see definitions from the removed OCSP. Ditto if I
>> remove the KRA.
>>
>> Maybe this is a weird instance. Still testing ..
>>
>>
>>
>> On Tue, 2012-12-18 at 19:36 -0800, Matthew Harmsen wrote:
>>> The attached patch addresses the following PKI issue:
>>> * TRAC Ticket #271 - Dogtag 10: Fix 'status' command in
>>> 'pkidaemon' . . .
>>>
>>> _______________________________________________
>>> Pki-devel mailing list
>>> Pki-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/pki-devel
>>
>> _______________________________________________
>> Pki-devel mailing list
>> Pki-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-devel
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20121219-TRAC-Ticket-271-Dogtag-10-Fix-status-command-in-pkid.patch
Type: text/x-patch
Size: 15314 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20121219/5cef62c0/attachment.bin>
More information about the Pki-devel
mailing list