[Pki-devel] [PATCH] 178, 179 - changes to allow debian to start Dogtag CA
Ade Lee
alee at redhat.com
Wed Jan 8 05:46:21 UTC 2014
New patch attached addressing the problems below. Also fixed "status"
on debian to print out the config details when the process is running.
See more details below:
On Fri, 2014-01-03 at 19:21 -0800, Matthew Harmsen wrote:
> On 01/03/14 13:09, Ade Lee wrote:
>
> > These two patches have changes on the dogtag side to allow debian to
> > start up a dogtag CA. Along with some debian specific patches which
> > will be kept with the debian repo, we can now pkispawn and run a Dogtag
> > 10 CA on debian!
> >
> > Please review,
> > Ade
> >
> > Patch 179:
> >
> > Debian: add init script functionality
> >
> > The addtions in this patch will add start/stop/restart
> > functionality to operations, so that Debian systems can perform
> > these operations by calling these functions from an init script.
> >
> > We also introduce a parameter in the configuration scripts that
> > can be used to determine if the system is a debian system. This
> > parameter is used to specify a system V init script instead of
> > a systemd script on a debian system, when the configuration
> > scriptlets start and stop a system.
> >
> > Also source apparently does not work by default in debian. Used
> > dot (.) instead.
> >
> > Patch 178:
> >
> > Debian - replace arch specification
> >
> > uname -i returns "unknown" on a debian system. "arch" on the other
> > hand works for fedora, rhel and debian. Replacing these for all
> > packages except for the migration ones which will not be built on
> > debian in any case.
> >
> >
> >
> > _______________________________________________
> > Pki-devel mailing list
> > Pki-devel at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-devel
> (1) While I was unable to configure a Debian machine appropriate to
> check out these fixes, I did successfully install the patches and
> successfully build from source on a Fedora 20 x86_64 machine.
>
> However, when I attempted to install a CA instance using 'pkispawn -s
> CA -f /tmp/pki/ca.cfg', I received the following error:
> ...
> pkispawn : INFO ....... executing 'certutil -N
> -d /root/.dogtag/pki-tomcat/ca/alias
> -f /root/.dogtag/pki-tomcat/ca/password.conf'
> pkispawn : INFO ....... executing 'systemctl start
> pki-tomcatd at pki-tomcat.service'
> Job for pki-tomcatd at pki-tomcat.service failed. See 'systemctl
> status pki-tomcatd at pki-tomcat.service' and 'journalctl -xn'
> for details.
> pkispawn : ERROR ....... subprocess.CalledProcessError:
> Command '['systemctl', 'start',
> 'pki-tomcatd at pki-tomcat.service']' returned non-zero exit
> status 1!
> pkispawn : DEBUG ....... Error Type: CalledProcessError
> pkispawn : DEBUG ....... Error Message: Command
> '['systemctl', 'start', 'pki-tomcatd at pki-tomcat.service']'
> returned non-zero exit status 1
> pkispawn : DEBUG ....... File "/sbin/pkispawn", line
> 463, in main
> rv = instance.spawn(deployer)
> File
> "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py", line 97, in spawn
> deployer.systemd.start()
> File
> "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py", line 3088, in start
> subprocess.check_call(command)
> File "/usr/lib64/python2.7/subprocess.py", line 542, in
> check_call
> raise CalledProcessError(retcode, cmd)
>
>
> Installation failed.
>
>
> # systemctl status -l pki-tomcatd at pki-tomcat.service
> pki-tomcatd at pki-tomcat.service - PKI Tomcat Server pki-tomcat
> Loaded: loaded
> (/usr/lib/systemd/system/pki-tomcatd at .service; enabled)
> Active: failed (Result: exit-code) since Fri 2014-01-03
> 18:59:42 PST; 6min ago
> Process: 21904 ExecStartPre=/usr/bin/pkidaemon start tomcat
> %i (code=exited, status=1/FAILURE)
>
> Jan 03 18:59:40 dogtag20.example.com systemd[1]: Starting PKI
> Tomcat Server pki-tomcat...
> Jan 03 18:59:42 dogtag20.example.com pkidaemon[21904]:
> WARNING: Attempting to change symbolic link
> '/var/lib/pki/pki-tomcat/bin' to point to target
> '/usr/share/tomcat7/bin' INSTEAD of current target
> '/usr/share/tomcat/bin'!
> Jan 03 18:59:42 dogtag20.example.com systemd[1]:
> pki-tomcatd at pki-tomcat.service: control process exited,
> code=exited status=1
> Jan 03 18:59:42 dogtag20.example.com systemd[1]: Failed to
> start PKI Tomcat Server pki-tomcat.
> Jan 03 18:59:42 dogtag20.example.com systemd[1]: Unit
> pki-tomcatd at pki-tomcat.service entered failed state.
>
>
> # journalctl -xn
> -- Logs begin at Wed 2013-07-10 14:02:40 PDT, end at Fri
> 2014-01-03 19:08:02 PST
> Jan 03 19:06:01 dogtag20.example.com systemd[1]: Starting
> Session 21094 o
> -- Subject: Unit session-21094.scope has begun with start-up
> -- Defined-By: systemd
> -- Support:
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> --
> -- Unit session-21094.scope has begun starting up.
> Jan 03 19:06:01 dogtag20.example.com systemd[1]: Started
> Session 21094 of
> -- Subject: Unit session-21094.scope has finished start-up
> -- Defined-By: systemd
> -- Support:
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> --
> -- Unit session-21094.scope has finished starting up.
> --
> -- The start-up result is done.
> Jan 03 19:06:03 dogtag20.example.com CROND[21984]: (root) CMD
> (/usr/bin/r
> Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]:
> dbus[493]: [system
> Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system]
> Activating via s
> Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system]
> Activation via s
> Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]:
> dbus[493]: [system
> Jan 03 19:08:01 dogtag20.example.com systemd[1]: Starting
> Session 21095 o
> -- Subject: Unit session-21095.scope has begun with start-up
> -- Defined-By: systemd
> -- Support:
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> --
> -- Unit session-21095.scope has begun starting up.
> Jan 03 19:08:01 dogtag20.example.com systemd[1]: Started
> Session 21095 of
> -- Subject: Unit session-21095.scope has finished start-up
> -- Defined-By: systemd
> -- Support:
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> --
> -- Unit session-21095.scope has finished starting up.
> --
> -- The start-up result is done.
> Jan 03 19:08:02 dogtag20.example.com CROND[21995]: (root) CMD
> (/usr/bin/r
>
Fixed this. The problem was partly that $debian was not defined as
false by default, and partly because of using set -e, causing the script
to exit unexpectedly. The set -e invocations have been removed.
> (2) One concern that I can see from reviewing the code appears that
> the 'stop' and 'restart' commands will still not work on Debian, as
> the entry point which comes from 'pkidaemon' will utilize the '*'
> option which will yield the following messages:
> unknown action (stop)
> Usage: /usr/bin/pkidaemon {start|stop|restart|status}
> instance-type [instance-name]
> ...
>
> unknown action (restart)
> Usage: /usr/bin/pkidaemon {start|stop|restart|status}
> instance-type [instance-name]
> ...
>
> NOTE: These commands SHOULD yield this on Fedora systems, but
> NOT on Debian systems.
Actually, this did work on debian because in the init script, I did not
invoke pkidaemon. Rather, I sourced operations directly. The check
that you are referring to is in pkidaemon - and having not been sourced
is never encountered.
To be more consistent though, I have simply added the relevant logic to
pkidaemon.
> (3) Finally, the following white spaces were present in your patches
> when they were applied:
> # git am ../*.patch
> Applying: Debian - replace arch specification
> Applying: Debian: add init script functionality
> /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:18:
> trailing whitespace.
>
> /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:61:
> trailing whitespace.
> command = ["/etc/init.d/pki-tomcatd", "stop",
> /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:76:
> trailing whitespace.
> command = ["/etc/init.d/pki-tomcatd",
> "restart",
> warning: 3 lines add whitespace errors.
>
Fixed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0179-1-Debian-add-init-script-functionality.patch
Type: text/x-patch
Size: 24964 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140108/02b0345a/attachment.bin>
More information about the Pki-devel
mailing list