[Pki-devel] [PATCH] 178, 179 - changes to allow debian to start Dogtag CA
Ade Lee
alee at redhat.com
Wed Jan 8 22:35:53 UTC 2014
Thanks. Pushed to master.
Ade
On Wed, 2014-01-08 at 14:26 -0800, Matthew Harmsen wrote:
> ACK
>
> On 01/07/14 21:46, Ade Lee wrote:
> > New patch attached addressing the problems below. Also fixed "status"
> > on debian to print out the config details when the process is running.
> >
> > See more details below:
> >
> > On Fri, 2014-01-03 at 19:21 -0800, Matthew Harmsen wrote:
> >> On 01/03/14 13:09, Ade Lee wrote:
> >>
> >>> These two patches have changes on the dogtag side to allow debian to
> >>> start up a dogtag CA. Along with some debian specific patches which
> >>> will be kept with the debian repo, we can now pkispawn and run a Dogtag
> >>> 10 CA on debian!
> >>>
> >>> Please review,
> >>> Ade
> >>>
> >>> Patch 179:
> >>>
> >>> Debian: add init script functionality
> >>>
> >>> The addtions in this patch will add start/stop/restart
> >>> functionality to operations, so that Debian systems can perform
> >>> these operations by calling these functions from an init script.
> >>>
> >>> We also introduce a parameter in the configuration scripts that
> >>> can be used to determine if the system is a debian system. This
> >>> parameter is used to specify a system V init script instead of
> >>> a systemd script on a debian system, when the configuration
> >>> scriptlets start and stop a system.
> >>>
> >>> Also source apparently does not work by default in debian. Used
> >>> dot (.) instead.
> >>>
> >>> Patch 178:
> >>>
> >>> Debian - replace arch specification
> >>>
> >>> uname -i returns "unknown" on a debian system. "arch" on the other
> >>> hand works for fedora, rhel and debian. Replacing these for all
> >>> packages except for the migration ones which will not be built on
> >>> debian in any case.
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> Pki-devel mailing list
> >>> Pki-devel at redhat.com
> >>> https://www.redhat.com/mailman/listinfo/pki-devel
> >> (1) While I was unable to configure a Debian machine appropriate to
> >> check out these fixes, I did successfully install the patches and
> >> successfully build from source on a Fedora 20 x86_64 machine.
> >>
> >> However, when I attempted to install a CA instance using 'pkispawn -s
> >> CA -f /tmp/pki/ca.cfg', I received the following error:
> >> ...
> >> pkispawn : INFO ....... executing 'certutil -N
> >> -d /root/.dogtag/pki-tomcat/ca/alias
> >> -f /root/.dogtag/pki-tomcat/ca/password.conf'
> >> pkispawn : INFO ....... executing 'systemctl start
> >> pki-tomcatd at pki-tomcat.service'
> >> Job for pki-tomcatd at pki-tomcat.service failed. See 'systemctl
> >> status pki-tomcatd at pki-tomcat.service' and 'journalctl -xn'
> >> for details.
> >> pkispawn : ERROR ....... subprocess.CalledProcessError:
> >> Command '['systemctl', 'start',
> >> 'pki-tomcatd at pki-tomcat.service']' returned non-zero exit
> >> status 1!
> >> pkispawn : DEBUG ....... Error Type: CalledProcessError
> >> pkispawn : DEBUG ....... Error Message: Command
> >> '['systemctl', 'start', 'pki-tomcatd at pki-tomcat.service']'
> >> returned non-zero exit status 1
> >> pkispawn : DEBUG ....... File "/sbin/pkispawn", line
> >> 463, in main
> >> rv = instance.spawn(deployer)
> >> File
> >> "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py", line 97, in spawn
> >> deployer.systemd.start()
> >> File
> >> "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py", line 3088, in start
> >> subprocess.check_call(command)
> >> File "/usr/lib64/python2.7/subprocess.py", line 542, in
> >> check_call
> >> raise CalledProcessError(retcode, cmd)
> >>
> >>
> >> Installation failed.
> >>
> >>
> >> # systemctl status -l pki-tomcatd at pki-tomcat.service
> >> pki-tomcatd at pki-tomcat.service - PKI Tomcat Server pki-tomcat
> >> Loaded: loaded
> >> (/usr/lib/systemd/system/pki-tomcatd at .service; enabled)
> >> Active: failed (Result: exit-code) since Fri 2014-01-03
> >> 18:59:42 PST; 6min ago
> >> Process: 21904 ExecStartPre=/usr/bin/pkidaemon start tomcat
> >> %i (code=exited, status=1/FAILURE)
> >>
> >> Jan 03 18:59:40 dogtag20.example.com systemd[1]: Starting PKI
> >> Tomcat Server pki-tomcat...
> >> Jan 03 18:59:42 dogtag20.example.com pkidaemon[21904]:
> >> WARNING: Attempting to change symbolic link
> >> '/var/lib/pki/pki-tomcat/bin' to point to target
> >> '/usr/share/tomcat7/bin' INSTEAD of current target
> >> '/usr/share/tomcat/bin'!
> >> Jan 03 18:59:42 dogtag20.example.com systemd[1]:
> >> pki-tomcatd at pki-tomcat.service: control process exited,
> >> code=exited status=1
> >> Jan 03 18:59:42 dogtag20.example.com systemd[1]: Failed to
> >> start PKI Tomcat Server pki-tomcat.
> >> Jan 03 18:59:42 dogtag20.example.com systemd[1]: Unit
> >> pki-tomcatd at pki-tomcat.service entered failed state.
> >>
> >>
> >> # journalctl -xn
> >> -- Logs begin at Wed 2013-07-10 14:02:40 PDT, end at Fri
> >> 2014-01-03 19:08:02 PST
> >> Jan 03 19:06:01 dogtag20.example.com systemd[1]: Starting
> >> Session 21094 o
> >> -- Subject: Unit session-21094.scope has begun with start-up
> >> -- Defined-By: systemd
> >> -- Support:
> >> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> >> --
> >> -- Unit session-21094.scope has begun starting up.
> >> Jan 03 19:06:01 dogtag20.example.com systemd[1]: Started
> >> Session 21094 of
> >> -- Subject: Unit session-21094.scope has finished start-up
> >> -- Defined-By: systemd
> >> -- Support:
> >> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> >> --
> >> -- Unit session-21094.scope has finished starting up.
> >> --
> >> -- The start-up result is done.
> >> Jan 03 19:06:03 dogtag20.example.com CROND[21984]: (root) CMD
> >> (/usr/bin/r
> >> Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]:
> >> dbus[493]: [system
> >> Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system]
> >> Activating via s
> >> Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system]
> >> Activation via s
> >> Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]:
> >> dbus[493]: [system
> >> Jan 03 19:08:01 dogtag20.example.com systemd[1]: Starting
> >> Session 21095 o
> >> -- Subject: Unit session-21095.scope has begun with start-up
> >> -- Defined-By: systemd
> >> -- Support:
> >> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> >> --
> >> -- Unit session-21095.scope has begun starting up.
> >> Jan 03 19:08:01 dogtag20.example.com systemd[1]: Started
> >> Session 21095 of
> >> -- Subject: Unit session-21095.scope has finished start-up
> >> -- Defined-By: systemd
> >> -- Support:
> >> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> >> --
> >> -- Unit session-21095.scope has finished starting up.
> >> --
> >> -- The start-up result is done.
> >> Jan 03 19:08:02 dogtag20.example.com CROND[21995]: (root) CMD
> >> (/usr/bin/r
> >>
> > Fixed this. The problem was partly that $debian was not defined as
> > false by default, and partly because of using set -e, causing the script
> > to exit unexpectedly. The set -e invocations have been removed.
> >
> >> (2) One concern that I can see from reviewing the code appears that
> >> the 'stop' and 'restart' commands will still not work on Debian, as
> >> the entry point which comes from 'pkidaemon' will utilize the '*'
> >> option which will yield the following messages:
> >> unknown action (stop)
> >> Usage: /usr/bin/pkidaemon {start|stop|restart|status}
> >> instance-type [instance-name]
> >> ...
> >>
> >> unknown action (restart)
> >> Usage: /usr/bin/pkidaemon {start|stop|restart|status}
> >> instance-type [instance-name]
> >> ...
> >>
> >> NOTE: These commands SHOULD yield this on Fedora systems, but
> >> NOT on Debian systems.
> > Actually, this did work on debian because in the init script, I did not
> > invoke pkidaemon. Rather, I sourced operations directly. The check
> > that you are referring to is in pkidaemon - and having not been sourced
> > is never encountered.
> >
> > To be more consistent though, I have simply added the relevant logic to
> > pkidaemon.
> >
> >> (3) Finally, the following white spaces were present in your patches
> >> when they were applied:
> >> # git am ../*.patch
> >> Applying: Debian - replace arch specification
> >> Applying: Debian: add init script functionality
> >> /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:18:
> >> trailing whitespace.
> >>
> >> /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:61:
> >> trailing whitespace.
> >> command = ["/etc/init.d/pki-tomcatd", "stop",
> >> /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:76:
> >> trailing whitespace.
> >> command = ["/etc/init.d/pki-tomcatd",
> >> "restart",
> >> warning: 3 lines add whitespace errors.
> >>
> > Fixed.
> >
>
More information about the Pki-devel
mailing list