[Pki-devel] [PATCH] Fix 'status' command in 'pkidaemon' . . .

Matthew Harmsen mharmsen at redhat.com
Wed Dec 19 19:35:18 UTC 2012 

Ade,

The attached patch should address these issues.

-- Matt

On 12/19/12 09:46, Ade Lee wrote:
> OK -- I tried this --
>
> 1. Install instance A with CA, KRA
> 2. Install instance B with CA.  At this point, status shows me error on
> not being able to find KRA files on instance B.
> 3. Install OCSP on instance A.
> 4. Remove OCSP on instance A.  Other than problem mentioned above, all
> looks ok.
> 5. Install OCSP on instance B.
>
> I see this for B:
> Status for pki-tomcat28: pki-tomcat28 is running ..
>
>      [CA Status Definitions]
>      Unsecure Port       = http://alee-workpc.redhat.com:8280/ca/ee/ca
>      Secure Agent Port   = https://alee-workpc.redhat.com:8283/ca/agent/ca
>      Secure EE Port      = https://alee-workpc.redhat.com:8283/ca/ee/ca
>      Secure Admin Port   = https://alee-workpc.redhat.com:8283/ca/services
>      EE Client Auth Port = https://alee-workpc.redhat.com:8283/ca/eeca/ca
>      PKI Console Port    = pkiconsole https://alee-workpc.redhat.com:8283/ca
>      Tomcat Port         = 8285 (for shutdown)
>      Unsecure Port       = http://alee-workpc.redhat.com:8280/kra/ee/kra
>      Secure Agent Port   = https://alee-workpc.redhat.com:8283/kra/agent/kra
>      Secure EE Port      = https://alee-workpc.redhat.com:8283/kra/ee/kra
>      Secure Admin Port   = https://alee-workpc.redhat.com:8283/kra/services
>      PKI Console Port    = pkiconsole https://alee-workpc.redhat.com:8283/kra
>      Tomcat Port         = 8285 (for shutdown)
>
>      [OCSP Status Definitions]
>      Unsecure Port       = http://alee-workpc.redhat.com:8280/ocsp/ee/ocsp
>      Secure Agent Port   = https://alee-workpc.redhat.com:8283/ocsp/agent/ocsp
>      Secure EE Port      = https://alee-workpc.redhat.com:8283/ocsp/ee/ocsp
>      Secure Admin Port   = https://alee-workpc.redhat.com:8283/ocsp/services
>      PKI Console Port    = pkiconsole https://alee-workpc.redhat.com:8283/ocsp
>      Tomcat Port         = 8285 (for shutdown)
>
> Looks like you are not parsing the server.conf correctly.
>
>
> On Wed, 2012-12-19 at 12:29 -0500, Ade Lee wrote:
>> I found the following issues:
>>
>> Issue 1:
>>
>> Lets say I have the following setup:
>> instance A with subsystems CA, KRA, OCSP
>> instance B with subsystem CA, KRA
>>
>> Then for instance B, I see the following error message:
>>
>> grep: /var/lib/pki/pki-tomcat27/conf/ocsp/CS.cfg: No such file or directory
>> pki-tomcat27 Configuration Definitions not found for ocsp
>>
>> It appears that if any instance has a subsystem, then it is assumed that
>> all instances have that subsystem because you use a global list of
>> subsystems.
>>
>> Issue 2:
>>
>> This may be a pkidestroy problem.  I did a pkidestroy of the OCSP on
>> instance A.  Now I see the following:
>>
>>      [CA Status Definitions]
>>      Unsecure Port       = http://alee-workpc.redhat.com:8220/ca/ee/ca
>>      Secure Agent Port   = https://alee-workpc.redhat.com:8223/ca/agent/ca
>>      Secure EE Port      = https://alee-workpc.redhat.com:8223/ca/ee/ca
>>      Secure Admin Port   = https://alee-workpc.redhat.com:8223/ca/services
>>      EE Client Auth Port = https://alee-workpc.redhat.com:8223/ca/eeca/ca
>>      PKI Console Port    = pkiconsole https://alee-workpc.redhat.com:8223/ca
>>      Tomcat Port         = 8225 (for shutdown)
>>
>>      [DRM Status Definitions]
>>      Unsecure Port       = http://alee-workpc.redhat.com:8220/kra/ee/kra
>>      Secure Agent Port   = https://alee-workpc.redhat.com:8223/kra/agent/kra
>>      Secure EE Port      = https://alee-workpc.redhat.com:8223/kra/ee/kra
>>      Secure Admin Port   = https://alee-workpc.redhat.com:8223/kra/services
>>      PKI Console Port    = pkiconsole https://alee-workpc.redhat.com:8223/kra
>>      Tomcat Port         = 8225 (for shutdown)
>>      Unsecure Port       = http://alee-workpc.redhat.com:8220/ocsp/ee/ocsp
>>      Secure Agent Port   = https://alee-workpc.redhat.com:8223/ocsp/agent/ocsp
>>      Secure EE Port      = https://alee-workpc.redhat.com:8223/ocsp/ee/ocsp
>>      Secure Admin Port   = https://alee-workpc.redhat.com:8223/ocsp/services
>>      PKI Console Port    = pkiconsole https://alee-workpc.redhat.com:8223/ocsp
>>      Tomcat Port         = 8225 (for shutdown)
>>
>> That is -- I still see definitions from the removed OCSP.  Ditto if I
>> remove the KRA.
>>
>> Maybe this is a weird instance.  Still testing ..
>>
>>
>>
>> On Tue, 2012-12-18 at 19:36 -0800, Matthew Harmsen wrote:
>>> The attached patch addresses the following PKI issue:
>>>        * TRAC Ticket #271 - Dogtag 10: Fix 'status' command in
>>>          'pkidaemon' . . .
>>>
>>> _______________________________________________
>>> Pki-devel mailing list
>>> Pki-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/pki-devel
>>
>> _______________________________________________
>> Pki-devel mailing list
>> Pki-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-devel
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20121219-TRAC-Ticket-271-Dogtag-10-Fix-status-command-in-pkid.patch
Type: text/x-patch
Size: 15314 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20121219/5cef62c0/attachment.bin>

More information about the Pki-devel mailing list