[Pki-devel] [PATCH] 178, 179 - changes to allow debian to start Dogtag CA
Matthew Harmsen
mharmsen at redhat.com
Sat Jan 4 03:21:58 UTC 2014
On 01/03/14 13:09, Ade Lee wrote:
> These two patches have changes on the dogtag side to allow debian to
> start up a dogtag CA. Along with some debian specific patches which
> will be kept with the debian repo, we can now pkispawn and run a Dogtag
> 10 CA on debian!
>
> Please review,
> Ade
>
> Patch 179:
>
> Debian: add init script functionality
>
> The addtions in this patch will add start/stop/restart
> functionality to operations, so that Debian systems can perform
> these operations by calling these functions from an init script.
>
> We also introduce a parameter in the configuration scripts that
> can be used to determine if the system is a debian system. This
> parameter is used to specify a system V init script instead of
> a systemd script on a debian system, when the configuration
> scriptlets start and stop a system.
>
> Also source apparently does not work by default in debian. Used
> dot (.) instead.
>
> Patch 178:
>
> Debian - replace arch specification
>
> uname -i returns "unknown" on a debian system. "arch" on the other
> hand works for fedora, rhel and debian. Replacing these for all
> packages except for the migration ones which will not be built on
> debian in any case.
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
(1) While I was unable to configure a Debian machine appropriate to
check out these fixes, I did successfully install the patches and
successfully build from source on a Fedora 20 x86_64 machine.
However, when I attempted to install a CA instance using 'pkispawn -s CA
-f /tmp/pki/ca.cfg', I received the following error:
...
pkispawn : INFO ....... executing 'certutil -N -d
/root/.dogtag/pki-tomcat/ca/alias -f
/root/.dogtag/pki-tomcat/ca/password.conf'
pkispawn : INFO ....... executing 'systemctl start
pki-tomcatd at pki-tomcat.service'
Job for pki-tomcatd at pki-tomcat.service failed. See 'systemctl status
pki-tomcatd at pki-tomcat.service' and 'journalctl -xn' for details.
pkispawn : ERROR ....... subprocess.CalledProcessError:
Command '['systemctl', 'start', 'pki-tomcatd at pki-tomcat.service']'
returned non-zero exit status 1!
pkispawn : DEBUG ....... Error Type: CalledProcessError
pkispawn : DEBUG ....... Error Message: Command '['systemctl',
'start', 'pki-tomcatd at pki-tomcat.service']' returned non-zero exit
status 1
pkispawn : DEBUG ....... File "/sbin/pkispawn", line 463, in
main
rv = instance.spawn(deployer)
File
"/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py",
line 97, in spawn
deployer.systemd.start()
File
"/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py",
line 3088, in start
subprocess.check_call(command)
File "/usr/lib64/python2.7/subprocess.py", line 542, in check_call
raise CalledProcessError(retcode, cmd)
Installation failed.
# systemctl status -l pki-tomcatd at pki-tomcat.service
pki-tomcatd at pki-tomcat.service - PKI Tomcat Server pki-tomcat
Loaded: loaded (/usr/lib/systemd/system/pki-tomcatd at .service;
enabled)
Active: failed (Result: exit-code) since Fri 2014-01-03 18:59:42
PST; 6min ago
Process: 21904 ExecStartPre=/usr/bin/pkidaemon start tomcat %i
(code=exited, status=1/FAILURE)
Jan 03 18:59:40 dogtag20.example.com systemd[1]: Starting PKI Tomcat
Server pki-tomcat...
Jan 03 18:59:42 dogtag20.example.com pkidaemon[21904]: WARNING:
Attempting to change symbolic link '/var/lib/pki/pki-tomcat/bin' to
point to target '/usr/share/tomcat7/bin' INSTEAD of current target
'/usr/share/tomcat/bin'!
Jan 03 18:59:42 dogtag20.example.com systemd[1]:
pki-tomcatd at pki-tomcat.service: control process exited, code=exited
status=1
Jan 03 18:59:42 dogtag20.example.com systemd[1]: Failed to start PKI
Tomcat Server pki-tomcat.
Jan 03 18:59:42 dogtag20.example.com systemd[1]: Unit
pki-tomcatd at pki-tomcat.service entered failed state.
# journalctl -xn
-- Logs begin at Wed 2013-07-10 14:02:40 PDT, end at Fri 2014-01-03
19:08:02 PST
Jan 03 19:06:01 dogtag20.example.com systemd[1]: Starting Session
21094 o
-- Subject: Unit session-21094.scope has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-21094.scope has begun starting up.
Jan 03 19:06:01 dogtag20.example.com systemd[1]: Started Session
21094 of
-- Subject: Unit session-21094.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-21094.scope has finished starting up.
--
-- The start-up result is done.
Jan 03 19:06:03 dogtag20.example.com CROND[21984]: (root) CMD
(/usr/bin/r
Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]: dbus[493]:
[system
Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system] Activating
via s
Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system] Activation
via s
Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]: dbus[493]:
[system
Jan 03 19:08:01 dogtag20.example.com systemd[1]: Starting Session
21095 o
-- Subject: Unit session-21095.scope has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-21095.scope has begun starting up.
Jan 03 19:08:01 dogtag20.example.com systemd[1]: Started Session
21095 of
-- Subject: Unit session-21095.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-21095.scope has finished starting up.
--
-- The start-up result is done.
Jan 03 19:08:02 dogtag20.example.com CROND[21995]: (root) CMD
(/usr/bin/r
(2) One concern that I can see from reviewing the code appears that the
'stop' and 'restart' commands will still not work on Debian, as the
entry point which comes from 'pkidaemon' will utilize the '*' option
which will yield the following messages:
unknown action (stop)
Usage: /usr/bin/pkidaemon {start|stop|restart|status} instance-type
[instance-name]
...
unknown action (restart)
Usage: /usr/bin/pkidaemon {start|stop|restart|status} instance-type
[instance-name]
...
NOTE: These commands SHOULD yield this on Fedora systems, but NOT
on Debian systems.
(3) Finally, the following white spaces were present in your patches
when they were applied:
# git am ../*.patch
Applying: Debian - replace arch specification
Applying: Debian: add init script functionality
/home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:18: trailing
whitespace.
/home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:61: trailing
whitespace.
command = ["/etc/init.d/pki-tomcatd", "stop",
/home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:76: trailing
whitespace.
command = ["/etc/init.d/pki-tomcatd", "restart",
warning: 3 lines add whitespace errors.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140103/c2b37db6/attachment.htm>
More information about the Pki-devel
mailing list