Re: [Pki-devel] [PATCH] Fix 'status' command in 'pkidaemon' . . .

OK -- I tried this -- 1. Install instance A with CA, KRA 2. Install instance B with CA. At this point, status shows me error on not being able to find KRA files on instance B. 3. Install OCSP on instance A. 4. Remove OCSP on instance A. Other than problem mentioned above, all looks ok. 5. Install OCSP on instance B. I see this for B: Status for pki-tomcat28: pki-tomcat28 is running .. [CA Status Definitions] Unsecure Port = http://alee-workpc.redhat.com:8280/ca/ee/ca Secure Agent Port = https://alee-workpc.redhat.com:8283/ca/agent/ca Secure EE Port = https://alee-workpc.redhat.com:8283/ca/ee/ca Secure Admin Port = https://alee-workpc.redhat.com:8283/ca/services EE Client Auth Port = https://alee-workpc.redhat.com:8283/ca/eeca/ca PKI Console Port = pkiconsole https://alee-workpc.redhat.com:8283/ca Tomcat Port = 8285 (for shutdown) Unsecure Port = http://alee-workpc.redhat.com:8280/kra/ee/kra Secure Agent Port = https://alee-workpc.redhat.com:8283/kra/agent/kra Secure EE Port = https://alee-workpc.redhat.com:8283/kra/ee/kra Secure Admin Port = https://alee-workpc.redhat.com:8283/kra/services PKI Console Port = pkiconsole https://alee-workpc.redhat.com:8283/kra Tomcat Port = 8285 (for shutdown) [OCSP Status Definitions] Unsecure Port = http://alee-workpc.redhat.com:8280/ocsp/ee/ocsp Secure Agent Port = https://alee-workpc.redhat.com:8283/ocsp/agent/ocsp Secure EE Port = https://alee-workpc.redhat.com:8283/ocsp/ee/ocsp Secure Admin Port = https://alee-workpc.redhat.com:8283/ocsp/services PKI Console Port = pkiconsole https://alee-workpc.redhat.com:8283/ocsp Tomcat Port = 8285 (for shutdown) Looks like you are not parsing the server.conf correctly. On Wed, 2012-12-19 at 12:29 -0500, Ade Lee wrote: > I found the following issues: > > Issue 1: > > Lets say I have the following setup: > instance A with subsystems CA, KRA, OCSP > instance B with subsystem CA, KRA > > Then for instance B, I see the following error message: > > grep: /var/lib/pki/pki-tomcat27/conf/ocsp/CS.cfg: No such file or directory > pki-tomcat27 Configuration Definitions not found for ocsp > > It appears that if any instance has a subsystem, then it is assumed that > all instances have that subsystem because you use a global list of > subsystems. > > Issue 2: > > This may be a pkidestroy problem. I did a pkidestroy of the OCSP on > instance A. Now I see the following: > > [CA Status Definitions] > Unsecure Port = http://alee-workpc.redhat.com:8220/ca/ee/ca > Secure Agent Port = https://alee-workpc.redhat.com:8223/ca/agent/ca > Secure EE Port = https://alee-workpc.redhat.com:8223/ca/ee/ca > Secure Admin Port = https://alee-workpc.redhat.com:8223/ca/services > EE Client Auth Port = https://alee-workpc.redhat.com:8223/ca/eeca/ca > PKI Console Port = pkiconsole https://alee-workpc.redhat.com:8223/ca > Tomcat Port = 8225 (for shutdown) > > [DRM Status Definitions] > Unsecure Port = http://alee-workpc.redhat.com:8220/kra/ee/kra > Secure Agent Port = https://alee-workpc.redhat.com:8223/kra/agent/kra > Secure EE Port = https://alee-workpc.redhat.com:8223/kra/ee/kra > Secure Admin Port = https://alee-workpc.redhat.com:8223/kra/services > PKI Console Port = pkiconsole https://alee-workpc.redhat.com:8223/kra > Tomcat Port = 8225 (for shutdown) > Unsecure Port = http://alee-workpc.redhat.com:8220/ocsp/ee/ocsp > Secure Agent Port = https://alee-workpc.redhat.com:8223/ocsp/agent/ocsp > Secure EE Port = https://alee-workpc.redhat.com:8223/ocsp/ee/ocsp > Secure Admin Port = https://alee-workpc.redhat.com:8223/ocsp/services > PKI Console Port = pkiconsole https://alee-workpc.redhat.com:8223/ocsp > Tomcat Port = 8225 (for shutdown) > > That is -- I still see definitions from the removed OCSP. Ditto if I > remove the KRA. > > Maybe this is a weird instance. Still testing .. > > > > On Tue, 2012-12-18 at 19:36 -0800, Matthew Harmsen wrote: >> The attached patch addresses the following PKI issue: >> * TRAC Ticket #271 - Dogtag 10: Fix 'status' command in >> 'pkidaemon' . . . >> >> _______________________________________________ >> Pki-devel mailing list >> Pki-devel(a)redhat.com >> https://www.redhat.com/mailman/listinfo/pki-devel > > _______________________________________________ > Pki-devel mailing list > Pki-devel(a)redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel