[Pki-devel] [PATCH] Fix 'status' command in 'pkidaemon' . . .

Matthew Harmsen mharmsen at redhat.com
Wed Dec 19 19:53:33 UTC 2012 

ACKed by alee and checked-in (with the collapsed conditional discussed).

    commit 01bbfc224a228206fbe18318b2a23363fa9663cc
    Author: Matthew Harmsen <mharmsen at redhat.com>
    Date:   Wed Dec 19 11:49:57 2012 -0800

         TRAC Ticket #271 - Dogtag 10: Fix 'status' command in
    'pkidaemon' . . .

On 12/19/12 11:35, Matthew Harmsen wrote:
> Ade,
>
> The attached patch should address these issues.
>
> -- Matt
>
> On 12/19/12 09:46, Ade Lee wrote:
>> OK -- I tried this --
>>
>> 1. Install instance A with CA, KRA
>> 2. Install instance B with CA.  At this point, status shows me error on
>> not being able to find KRA files on instance B.
>> 3. Install OCSP on instance A.
>> 4. Remove OCSP on instance A.  Other than problem mentioned above, all
>> looks ok.
>> 5. Install OCSP on instance B.
>>
>> I see this for B:
>> Status for pki-tomcat28: pki-tomcat28 is running ..
>>
>>      [CA Status Definitions]
>>      Unsecure Port       = http://alee-workpc.redhat.com:8280/ca/ee/ca
>>      Secure Agent Port   = 
>> https://alee-workpc.redhat.com:8283/ca/agent/ca
>>      Secure EE Port      = https://alee-workpc.redhat.com:8283/ca/ee/ca
>>      Secure Admin Port   = 
>> https://alee-workpc.redhat.com:8283/ca/services
>>      EE Client Auth Port = 
>> https://alee-workpc.redhat.com:8283/ca/eeca/ca
>>      PKI Console Port    = pkiconsole 
>> https://alee-workpc.redhat.com:8283/ca
>>      Tomcat Port         = 8285 (for shutdown)
>>      Unsecure Port       = http://alee-workpc.redhat.com:8280/kra/ee/kra
>>      Secure Agent Port   = 
>> https://alee-workpc.redhat.com:8283/kra/agent/kra
>>      Secure EE Port      = 
>> https://alee-workpc.redhat.com:8283/kra/ee/kra
>>      Secure Admin Port   = 
>> https://alee-workpc.redhat.com:8283/kra/services
>>      PKI Console Port    = pkiconsole 
>> https://alee-workpc.redhat.com:8283/kra
>>      Tomcat Port         = 8285 (for shutdown)
>>
>>      [OCSP Status Definitions]
>>      Unsecure Port       = 
>> http://alee-workpc.redhat.com:8280/ocsp/ee/ocsp
>>      Secure Agent Port   = 
>> https://alee-workpc.redhat.com:8283/ocsp/agent/ocsp
>>      Secure EE Port      = 
>> https://alee-workpc.redhat.com:8283/ocsp/ee/ocsp
>>      Secure Admin Port   = 
>> https://alee-workpc.redhat.com:8283/ocsp/services
>>      PKI Console Port    = pkiconsole 
>> https://alee-workpc.redhat.com:8283/ocsp
>>      Tomcat Port         = 8285 (for shutdown)
>>
>> Looks like you are not parsing the server.conf correctly.
>>
>>
>> On Wed, 2012-12-19 at 12:29 -0500, Ade Lee wrote:
>>> I found the following issues:
>>>
>>> Issue 1:
>>>
>>> Lets say I have the following setup:
>>> instance A with subsystems CA, KRA, OCSP
>>> instance B with subsystem CA, KRA
>>>
>>> Then for instance B, I see the following error message:
>>>
>>> grep: /var/lib/pki/pki-tomcat27/conf/ocsp/CS.cfg: No such file or 
>>> directory
>>> pki-tomcat27 Configuration Definitions not found for ocsp
>>>
>>> It appears that if any instance has a subsystem, then it is assumed 
>>> that
>>> all instances have that subsystem because you use a global list of
>>> subsystems.
>>>
>>> Issue 2:
>>>
>>> This may be a pkidestroy problem.  I did a pkidestroy of the OCSP on
>>> instance A.  Now I see the following:
>>>
>>>      [CA Status Definitions]
>>>      Unsecure Port       = http://alee-workpc.redhat.com:8220/ca/ee/ca
>>>      Secure Agent Port   = 
>>> https://alee-workpc.redhat.com:8223/ca/agent/ca
>>>      Secure EE Port      = https://alee-workpc.redhat.com:8223/ca/ee/ca
>>>      Secure Admin Port   = 
>>> https://alee-workpc.redhat.com:8223/ca/services
>>>      EE Client Auth Port = 
>>> https://alee-workpc.redhat.com:8223/ca/eeca/ca
>>>      PKI Console Port    = pkiconsole 
>>> https://alee-workpc.redhat.com:8223/ca
>>>      Tomcat Port         = 8225 (for shutdown)
>>>
>>>      [DRM Status Definitions]
>>>      Unsecure Port       = 
>>> http://alee-workpc.redhat.com:8220/kra/ee/kra
>>>      Secure Agent Port   = 
>>> https://alee-workpc.redhat.com:8223/kra/agent/kra
>>>      Secure EE Port      = 
>>> https://alee-workpc.redhat.com:8223/kra/ee/kra
>>>      Secure Admin Port   = 
>>> https://alee-workpc.redhat.com:8223/kra/services
>>>      PKI Console Port    = pkiconsole 
>>> https://alee-workpc.redhat.com:8223/kra
>>>      Tomcat Port         = 8225 (for shutdown)
>>>      Unsecure Port       = 
>>> http://alee-workpc.redhat.com:8220/ocsp/ee/ocsp
>>>      Secure Agent Port   = 
>>> https://alee-workpc.redhat.com:8223/ocsp/agent/ocsp
>>>      Secure EE Port      = 
>>> https://alee-workpc.redhat.com:8223/ocsp/ee/ocsp
>>>      Secure Admin Port   = 
>>> https://alee-workpc.redhat.com:8223/ocsp/services
>>>      PKI Console Port    = pkiconsole 
>>> https://alee-workpc.redhat.com:8223/ocsp
>>>      Tomcat Port         = 8225 (for shutdown)
>>>
>>> That is -- I still see definitions from the removed OCSP. Ditto if I
>>> remove the KRA.
>>>
>>> Maybe this is a weird instance.  Still testing ..
>>>
>>>
>>>
>>> On Tue, 2012-12-18 at 19:36 -0800, Matthew Harmsen wrote:
>>>> The attached patch addresses the following PKI issue:
>>>>        * TRAC Ticket #271 - Dogtag 10: Fix 'status' command in
>>>>          'pkidaemon' . . .
>>>>
>>>> _______________________________________________
>>>> Pki-devel mailing list
>>>> Pki-devel at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/pki-devel
>>>
>>> _______________________________________________
>>> Pki-devel mailing list
>>> Pki-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/pki-devel
>>
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20121219/5e3beaaf/attachment.htm>

More information about the Pki-devel mailing list