[Pki-devel] [PATCH] PKI TRAC Ticket #899 - RFE - ipa-server should keep backup of CS.cfg

Matthew Harmsen mharmsen at redhat.com
Sat Jun 28 03:58:55 UTC 2014 

Please review the attached patch for:

  * PKI TRAC Ticket #899 - RFE - ipa-server should keep backup of CS.cfg
    <https://fedorahosted.org/pki/ticket/899>

This patch is based upon a previously reviewed patch for the Dogtag 9 
architecture utilized by the IPA_v2_RHEL_6_ERRATA_BRANCH, but was 
modified and tested to work with the Dogtag 10.2 architecture.

CAVEAT 1:

    Although this patch contains changes to multiple PKI subsystem's
    'CS.cfg' configuration files, an upgrade script should not be
    specifically required for legacy instances since the parameter that
    is added, 'archive.configuration_file=true', is presumed even if the
    parameter is missing (as it would be on any legacy instance).  In
    this case, it would only be necessary to add this parameter to a
    legacy instance's CS.cfg, and set the value to 'false' in order to
    turn off 'CS.cfg' configuration file archival (explicit instructions
    detailing this are found in the 'operations' script).  However, if
    this is desired for completeness, I don't mind adding it.

CAVEAT 2:

    I had originally made the effort to attempt to have specific crucial
    WARNING messages echoed to the display as well as to the journal.  I
    believe that this would be beneficial, as, for example, it would
    immediately notify an admin that since an error had occurred,
    'CS.cfg' backups would be discontinued until the error was
    corrected.  My idea was to echo these WARNING messages explicitly to
    stderr via redirecting them (>&2), and adding the parameter
    'StandardError=journal+console' under the [Service] section of the
    'pki-tomcatd at pki-tomcat.service' file.  Unfortunately, I was never
    able to make this work - both stdout and stderr messages were stored
    in the journal, but were never displayed to the screen when typing
    'systemctl restart pki-tomcatd at pki-tomcat.service' (even after a
    'systemctl daemon-reload' had been performed).

-- Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140627/3b60f7ff/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20140627-Backup-and-Archive-CS.cfg.patch
Type: text/x-patch
Size: 13008 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140627/3b60f7ff/attachment.bin>

More information about the Pki-devel mailing list