[Pki-devel] [PATCH] 178, 179 - changes to allow debian to start Dogtag CA
Matthew Harmsen
mharmsen at redhat.com
Wed Jan 8 22:26:50 UTC 2014
ACK
On 01/07/14 21:46, Ade Lee wrote:
> New patch attached addressing the problems below. Also fixed "status"
> on debian to print out the config details when the process is running.
>
> See more details below:
>
> On Fri, 2014-01-03 at 19:21 -0800, Matthew Harmsen wrote:
>> On 01/03/14 13:09, Ade Lee wrote:
>>
>>> These two patches have changes on the dogtag side to allow debian to
>>> start up a dogtag CA. Along with some debian specific patches which
>>> will be kept with the debian repo, we can now pkispawn and run a Dogtag
>>> 10 CA on debian!
>>>
>>> Please review,
>>> Ade
>>>
>>> Patch 179:
>>>
>>> Debian: add init script functionality
>>>
>>> The addtions in this patch will add start/stop/restart
>>> functionality to operations, so that Debian systems can perform
>>> these operations by calling these functions from an init script.
>>>
>>> We also introduce a parameter in the configuration scripts that
>>> can be used to determine if the system is a debian system. This
>>> parameter is used to specify a system V init script instead of
>>> a systemd script on a debian system, when the configuration
>>> scriptlets start and stop a system.
>>>
>>> Also source apparently does not work by default in debian. Used
>>> dot (.) instead.
>>>
>>> Patch 178:
>>>
>>> Debian - replace arch specification
>>>
>>> uname -i returns "unknown" on a debian system. "arch" on the other
>>> hand works for fedora, rhel and debian. Replacing these for all
>>> packages except for the migration ones which will not be built on
>>> debian in any case.
>>>
>>>
>>>
>>> _______________________________________________
>>> Pki-devel mailing list
>>> Pki-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/pki-devel
>> (1) While I was unable to configure a Debian machine appropriate to
>> check out these fixes, I did successfully install the patches and
>> successfully build from source on a Fedora 20 x86_64 machine.
>>
>> However, when I attempted to install a CA instance using 'pkispawn -s
>> CA -f /tmp/pki/ca.cfg', I received the following error:
>> ...
>> pkispawn : INFO ....... executing 'certutil -N
>> -d /root/.dogtag/pki-tomcat/ca/alias
>> -f /root/.dogtag/pki-tomcat/ca/password.conf'
>> pkispawn : INFO ....... executing 'systemctl start
>> pki-tomcatd at pki-tomcat.service'
>> Job for pki-tomcatd at pki-tomcat.service failed. See 'systemctl
>> status pki-tomcatd at pki-tomcat.service' and 'journalctl -xn'
>> for details.
>> pkispawn : ERROR ....... subprocess.CalledProcessError:
>> Command '['systemctl', 'start',
>> 'pki-tomcatd at pki-tomcat.service']' returned non-zero exit
>> status 1!
>> pkispawn : DEBUG ....... Error Type: CalledProcessError
>> pkispawn : DEBUG ....... Error Message: Command
>> '['systemctl', 'start', 'pki-tomcatd at pki-tomcat.service']'
>> returned non-zero exit status 1
>> pkispawn : DEBUG ....... File "/sbin/pkispawn", line
>> 463, in main
>> rv = instance.spawn(deployer)
>> File
>> "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py", line 97, in spawn
>> deployer.systemd.start()
>> File
>> "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py", line 3088, in start
>> subprocess.check_call(command)
>> File "/usr/lib64/python2.7/subprocess.py", line 542, in
>> check_call
>> raise CalledProcessError(retcode, cmd)
>>
>>
>> Installation failed.
>>
>>
>> # systemctl status -l pki-tomcatd at pki-tomcat.service
>> pki-tomcatd at pki-tomcat.service - PKI Tomcat Server pki-tomcat
>> Loaded: loaded
>> (/usr/lib/systemd/system/pki-tomcatd at .service; enabled)
>> Active: failed (Result: exit-code) since Fri 2014-01-03
>> 18:59:42 PST; 6min ago
>> Process: 21904 ExecStartPre=/usr/bin/pkidaemon start tomcat
>> %i (code=exited, status=1/FAILURE)
>>
>> Jan 03 18:59:40 dogtag20.example.com systemd[1]: Starting PKI
>> Tomcat Server pki-tomcat...
>> Jan 03 18:59:42 dogtag20.example.com pkidaemon[21904]:
>> WARNING: Attempting to change symbolic link
>> '/var/lib/pki/pki-tomcat/bin' to point to target
>> '/usr/share/tomcat7/bin' INSTEAD of current target
>> '/usr/share/tomcat/bin'!
>> Jan 03 18:59:42 dogtag20.example.com systemd[1]:
>> pki-tomcatd at pki-tomcat.service: control process exited,
>> code=exited status=1
>> Jan 03 18:59:42 dogtag20.example.com systemd[1]: Failed to
>> start PKI Tomcat Server pki-tomcat.
>> Jan 03 18:59:42 dogtag20.example.com systemd[1]: Unit
>> pki-tomcatd at pki-tomcat.service entered failed state.
>>
>>
>> # journalctl -xn
>> -- Logs begin at Wed 2013-07-10 14:02:40 PDT, end at Fri
>> 2014-01-03 19:08:02 PST
>> Jan 03 19:06:01 dogtag20.example.com systemd[1]: Starting
>> Session 21094 o
>> -- Subject: Unit session-21094.scope has begun with start-up
>> -- Defined-By: systemd
>> -- Support:
>> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>> --
>> -- Unit session-21094.scope has begun starting up.
>> Jan 03 19:06:01 dogtag20.example.com systemd[1]: Started
>> Session 21094 of
>> -- Subject: Unit session-21094.scope has finished start-up
>> -- Defined-By: systemd
>> -- Support:
>> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>> --
>> -- Unit session-21094.scope has finished starting up.
>> --
>> -- The start-up result is done.
>> Jan 03 19:06:03 dogtag20.example.com CROND[21984]: (root) CMD
>> (/usr/bin/r
>> Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]:
>> dbus[493]: [system
>> Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system]
>> Activating via s
>> Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system]
>> Activation via s
>> Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]:
>> dbus[493]: [system
>> Jan 03 19:08:01 dogtag20.example.com systemd[1]: Starting
>> Session 21095 o
>> -- Subject: Unit session-21095.scope has begun with start-up
>> -- Defined-By: systemd
>> -- Support:
>> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>> --
>> -- Unit session-21095.scope has begun starting up.
>> Jan 03 19:08:01 dogtag20.example.com systemd[1]: Started
>> Session 21095 of
>> -- Subject: Unit session-21095.scope has finished start-up
>> -- Defined-By: systemd
>> -- Support:
>> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>> --
>> -- Unit session-21095.scope has finished starting up.
>> --
>> -- The start-up result is done.
>> Jan 03 19:08:02 dogtag20.example.com CROND[21995]: (root) CMD
>> (/usr/bin/r
>>
> Fixed this. The problem was partly that $debian was not defined as
> false by default, and partly because of using set -e, causing the script
> to exit unexpectedly. The set -e invocations have been removed.
>
>> (2) One concern that I can see from reviewing the code appears that
>> the 'stop' and 'restart' commands will still not work on Debian, as
>> the entry point which comes from 'pkidaemon' will utilize the '*'
>> option which will yield the following messages:
>> unknown action (stop)
>> Usage: /usr/bin/pkidaemon {start|stop|restart|status}
>> instance-type [instance-name]
>> ...
>>
>> unknown action (restart)
>> Usage: /usr/bin/pkidaemon {start|stop|restart|status}
>> instance-type [instance-name]
>> ...
>>
>> NOTE: These commands SHOULD yield this on Fedora systems, but
>> NOT on Debian systems.
> Actually, this did work on debian because in the init script, I did not
> invoke pkidaemon. Rather, I sourced operations directly. The check
> that you are referring to is in pkidaemon - and having not been sourced
> is never encountered.
>
> To be more consistent though, I have simply added the relevant logic to
> pkidaemon.
>
>> (3) Finally, the following white spaces were present in your patches
>> when they were applied:
>> # git am ../*.patch
>> Applying: Debian - replace arch specification
>> Applying: Debian: add init script functionality
>> /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:18:
>> trailing whitespace.
>>
>> /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:61:
>> trailing whitespace.
>> command = ["/etc/init.d/pki-tomcatd", "stop",
>> /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:76:
>> trailing whitespace.
>> command = ["/etc/init.d/pki-tomcatd",
>> "restart",
>> warning: 3 lines add whitespace errors.
>>
> Fixed.
>
More information about the Pki-devel
mailing list