[Pki-devel] [PATCH] 178, 179 - changes to allow debian to start Dogtag CA

Sat Jan 4 03:21:58 UTC 2014

On 01/03/14 13:09, Ade Lee wrote:
> These two patches have changes on the dogtag side to allow debian to
> start up a dogtag CA.  Along with some debian specific patches which
> will be kept with the debian repo, we can now pkispawn and run a Dogtag
> 10 CA on debian!
>
> Please review,
> Ade
>
> Patch 179:
>
>      Debian: add init script functionality
>      
>      The addtions in this patch will add start/stop/restart
>      functionality to operations, so that Debian systems can perform
>      these operations by calling these functions from an init script.
>      
>      We also introduce a parameter in the configuration scripts that
>      can be used to determine if the system is a debian system.  This
>      parameter is used to specify a system V init script instead of
>      a systemd script on a debian system, when the configuration
>      scriptlets start and stop a system.
>      
>      Also source apparently does not work by default in debian.  Used
>      dot (.) instead.
>
> Patch 178:
>   
>      Debian - replace arch specification
>      
>      uname -i returns "unknown" on a debian system. "arch" on the other
>      hand works for fedora, rhel and debian.  Replacing these for all
>      packages except for the migration ones which will not be built on
>      debian in any case.
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
(1) While I was unable to configure a Debian machine appropriate to 
check out these fixes, I did successfully install the patches and 
successfully build from source on a Fedora 20 x86_64 machine.

However, when I attempted to install a CA instance using 'pkispawn -s CA 
-f /tmp/pki/ca.cfg', I received the following error:

    ...
    pkispawn    : INFO     ....... executing 'certutil -N -d
    /root/.dogtag/pki-tomcat/ca/alias -f
    /root/.dogtag/pki-tomcat/ca/password.conf'
    pkispawn    : INFO     ....... executing 'systemctl start
    pki-tomcatd at pki-tomcat.service'
    Job for pki-tomcatd at pki-tomcat.service failed. See 'systemctl status
    pki-tomcatd at pki-tomcat.service' and 'journalctl -xn' for details.
    pkispawn    : ERROR    ....... subprocess.CalledProcessError:
    Command '['systemctl', 'start', 'pki-tomcatd at pki-tomcat.service']'
    returned non-zero exit status 1!
    pkispawn    : DEBUG    ....... Error Type: CalledProcessError
    pkispawn    : DEBUG    ....... Error Message: Command '['systemctl',
    'start', 'pki-tomcatd at pki-tomcat.service']' returned non-zero exit
    status 1
    pkispawn    : DEBUG    .......   File "/sbin/pkispawn", line 463, in
    main
         rv = instance.spawn(deployer)
       File
    "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py",
    line 97, in spawn
         deployer.systemd.start()
       File
    "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py",
    line 3088, in start
         subprocess.check_call(command)
       File "/usr/lib64/python2.7/subprocess.py", line 542, in check_call
         raise CalledProcessError(retcode, cmd)


    Installation failed.


    # systemctl status -l pki-tomcatd at pki-tomcat.service
    pki-tomcatd at pki-tomcat.service - PKI Tomcat Server pki-tomcat
        Loaded: loaded (/usr/lib/systemd/system/pki-tomcatd at .service;
    enabled)
        Active: failed (Result: exit-code) since Fri 2014-01-03 18:59:42
    PST; 6min ago
       Process: 21904 ExecStartPre=/usr/bin/pkidaemon start tomcat %i
    (code=exited, status=1/FAILURE)

    Jan 03 18:59:40 dogtag20.example.com systemd[1]: Starting PKI Tomcat
    Server pki-tomcat...
    Jan 03 18:59:42 dogtag20.example.com pkidaemon[21904]: WARNING:
    Attempting to change symbolic link '/var/lib/pki/pki-tomcat/bin' to
    point to target '/usr/share/tomcat7/bin' INSTEAD of current target
    '/usr/share/tomcat/bin'!
    Jan 03 18:59:42 dogtag20.example.com systemd[1]:
    pki-tomcatd at pki-tomcat.service: control process exited, code=exited
    status=1
    Jan 03 18:59:42 dogtag20.example.com systemd[1]: Failed to start PKI
    Tomcat Server pki-tomcat.
    Jan 03 18:59:42 dogtag20.example.com systemd[1]: Unit
    pki-tomcatd at pki-tomcat.service entered failed state.


    # journalctl -xn
    -- Logs begin at Wed 2013-07-10 14:02:40 PDT, end at Fri 2014-01-03
    19:08:02 PST
    Jan 03 19:06:01 dogtag20.example.com systemd[1]: Starting Session
    21094 o
    -- Subject: Unit session-21094.scope has begun with start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    -- 
    -- Unit session-21094.scope has begun starting up.
    Jan 03 19:06:01 dogtag20.example.com systemd[1]: Started Session
    21094 of
    -- Subject: Unit session-21094.scope has finished start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    -- 
    -- Unit session-21094.scope has finished starting up.
    -- 
    -- The start-up result is done.
    Jan 03 19:06:03 dogtag20.example.com CROND[21984]: (root) CMD
    (/usr/bin/r
    Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]: dbus[493]:
    [system
    Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system] Activating
    via s
    Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system] Activation
    via s
    Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]: dbus[493]:
    [system
    Jan 03 19:08:01 dogtag20.example.com systemd[1]: Starting Session
    21095 o
    -- Subject: Unit session-21095.scope has begun with start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    -- 
    -- Unit session-21095.scope has begun starting up.
    Jan 03 19:08:01 dogtag20.example.com systemd[1]: Started Session
    21095 of
    -- Subject: Unit session-21095.scope has finished start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    -- 
    -- Unit session-21095.scope has finished starting up.
    -- 
    -- The start-up result is done.
    Jan 03 19:08:02 dogtag20.example.com CROND[21995]: (root) CMD
    (/usr/bin/r


(2) One concern that I can see from reviewing the code appears that the 
'stop' and 'restart' commands will still not work on Debian, as the 
entry point which comes from 'pkidaemon' will utilize the '*' option 
which will yield the following messages:

    unknown action (stop)
    Usage: /usr/bin/pkidaemon {start|stop|restart|status} instance-type
    [instance-name]
    ...

    unknown action (restart)
    Usage: /usr/bin/pkidaemon {start|stop|restart|status} instance-type
    [instance-name]
    ...

    NOTE:  These commands SHOULD yield this on Fedora systems, but NOT
    on Debian systems.

(3) Finally, the following white spaces were present in your patches 
when they were applied:

    # git am ../*.patch
    Applying: Debian - replace arch specification
    Applying: Debian: add init script functionality
    /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:18: trailing
    whitespace.

    /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:61: trailing
    whitespace.
                     command = ["/etc/init.d/pki-tomcatd", "stop",
    /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:76: trailing
    whitespace.
                     command = ["/etc/init.d/pki-tomcatd", "restart",
    warning: 3 lines add whitespace errors.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140103/c2b37db6/attachment.htm>