[Pki-devel] [PATCH] Fix 'status' command in 'pkidaemon' . . .
Matthew Harmsen
mharmsen at redhat.com
Wed Dec 19 19:53:33 UTC 2012
ACKed by alee and checked-in (with the collapsed conditional discussed).
commit 01bbfc224a228206fbe18318b2a23363fa9663cc
Author: Matthew Harmsen <mharmsen at redhat.com>
Date: Wed Dec 19 11:49:57 2012 -0800
TRAC Ticket #271 - Dogtag 10: Fix 'status' command in
'pkidaemon' . . .
On 12/19/12 11:35, Matthew Harmsen wrote:
> Ade,
>
> The attached patch should address these issues.
>
> -- Matt
>
> On 12/19/12 09:46, Ade Lee wrote:
>> OK -- I tried this --
>>
>> 1. Install instance A with CA, KRA
>> 2. Install instance B with CA. At this point, status shows me error on
>> not being able to find KRA files on instance B.
>> 3. Install OCSP on instance A.
>> 4. Remove OCSP on instance A. Other than problem mentioned above, all
>> looks ok.
>> 5. Install OCSP on instance B.
>>
>> I see this for B:
>> Status for pki-tomcat28: pki-tomcat28 is running ..
>>
>> [CA Status Definitions]
>> Unsecure Port = http://alee-workpc.redhat.com:8280/ca/ee/ca
>> Secure Agent Port =
>> https://alee-workpc.redhat.com:8283/ca/agent/ca
>> Secure EE Port = https://alee-workpc.redhat.com:8283/ca/ee/ca
>> Secure Admin Port =
>> https://alee-workpc.redhat.com:8283/ca/services
>> EE Client Auth Port =
>> https://alee-workpc.redhat.com:8283/ca/eeca/ca
>> PKI Console Port = pkiconsole
>> https://alee-workpc.redhat.com:8283/ca
>> Tomcat Port = 8285 (for shutdown)
>> Unsecure Port = http://alee-workpc.redhat.com:8280/kra/ee/kra
>> Secure Agent Port =
>> https://alee-workpc.redhat.com:8283/kra/agent/kra
>> Secure EE Port =
>> https://alee-workpc.redhat.com:8283/kra/ee/kra
>> Secure Admin Port =
>> https://alee-workpc.redhat.com:8283/kra/services
>> PKI Console Port = pkiconsole
>> https://alee-workpc.redhat.com:8283/kra
>> Tomcat Port = 8285 (for shutdown)
>>
>> [OCSP Status Definitions]
>> Unsecure Port =
>> http://alee-workpc.redhat.com:8280/ocsp/ee/ocsp
>> Secure Agent Port =
>> https://alee-workpc.redhat.com:8283/ocsp/agent/ocsp
>> Secure EE Port =
>> https://alee-workpc.redhat.com:8283/ocsp/ee/ocsp
>> Secure Admin Port =
>> https://alee-workpc.redhat.com:8283/ocsp/services
>> PKI Console Port = pkiconsole
>> https://alee-workpc.redhat.com:8283/ocsp
>> Tomcat Port = 8285 (for shutdown)
>>
>> Looks like you are not parsing the server.conf correctly.
>>
>>
>> On Wed, 2012-12-19 at 12:29 -0500, Ade Lee wrote:
>>> I found the following issues:
>>>
>>> Issue 1:
>>>
>>> Lets say I have the following setup:
>>> instance A with subsystems CA, KRA, OCSP
>>> instance B with subsystem CA, KRA
>>>
>>> Then for instance B, I see the following error message:
>>>
>>> grep: /var/lib/pki/pki-tomcat27/conf/ocsp/CS.cfg: No such file or
>>> directory
>>> pki-tomcat27 Configuration Definitions not found for ocsp
>>>
>>> It appears that if any instance has a subsystem, then it is assumed
>>> that
>>> all instances have that subsystem because you use a global list of
>>> subsystems.
>>>
>>> Issue 2:
>>>
>>> This may be a pkidestroy problem. I did a pkidestroy of the OCSP on
>>> instance A. Now I see the following:
>>>
>>> [CA Status Definitions]
>>> Unsecure Port = http://alee-workpc.redhat.com:8220/ca/ee/ca
>>> Secure Agent Port =
>>> https://alee-workpc.redhat.com:8223/ca/agent/ca
>>> Secure EE Port = https://alee-workpc.redhat.com:8223/ca/ee/ca
>>> Secure Admin Port =
>>> https://alee-workpc.redhat.com:8223/ca/services
>>> EE Client Auth Port =
>>> https://alee-workpc.redhat.com:8223/ca/eeca/ca
>>> PKI Console Port = pkiconsole
>>> https://alee-workpc.redhat.com:8223/ca
>>> Tomcat Port = 8225 (for shutdown)
>>>
>>> [DRM Status Definitions]
>>> Unsecure Port =
>>> http://alee-workpc.redhat.com:8220/kra/ee/kra
>>> Secure Agent Port =
>>> https://alee-workpc.redhat.com:8223/kra/agent/kra
>>> Secure EE Port =
>>> https://alee-workpc.redhat.com:8223/kra/ee/kra
>>> Secure Admin Port =
>>> https://alee-workpc.redhat.com:8223/kra/services
>>> PKI Console Port = pkiconsole
>>> https://alee-workpc.redhat.com:8223/kra
>>> Tomcat Port = 8225 (for shutdown)
>>> Unsecure Port =
>>> http://alee-workpc.redhat.com:8220/ocsp/ee/ocsp
>>> Secure Agent Port =
>>> https://alee-workpc.redhat.com:8223/ocsp/agent/ocsp
>>> Secure EE Port =
>>> https://alee-workpc.redhat.com:8223/ocsp/ee/ocsp
>>> Secure Admin Port =
>>> https://alee-workpc.redhat.com:8223/ocsp/services
>>> PKI Console Port = pkiconsole
>>> https://alee-workpc.redhat.com:8223/ocsp
>>> Tomcat Port = 8225 (for shutdown)
>>>
>>> That is -- I still see definitions from the removed OCSP. Ditto if I
>>> remove the KRA.
>>>
>>> Maybe this is a weird instance. Still testing ..
>>>
>>>
>>>
>>> On Tue, 2012-12-18 at 19:36 -0800, Matthew Harmsen wrote:
>>>> The attached patch addresses the following PKI issue:
>>>> * TRAC Ticket #271 - Dogtag 10: Fix 'status' command in
>>>> 'pkidaemon' . . .
>>>>
>>>> _______________________________________________
>>>> Pki-devel mailing list
>>>> Pki-devel at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/pki-devel
>>>
>>> _______________________________________________
>>> Pki-devel mailing list
>>> Pki-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/pki-devel
>>
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20121219/5e3beaaf/attachment.htm>
More information about the Pki-devel
mailing list