ACKed by alee and checked-in (with the collapsed conditional discussed).
commit 01bbfc224a228206fbe18318b2a23363fa9663cc
Author: Matthew Harmsen <mharmsen@redhat.com>
Date:   Wed Dec 19 11:49:57 2012 -0800

    TRAC Ticket #271 - Dogtag 10: Fix 'status' command in 'pkidaemon' . . .

On 12/19/12 11:35, Matthew Harmsen wrote:
Ade,

The attached patch should address these issues.

-- Matt

On 12/19/12 09:46, Ade Lee wrote:
OK -- I tried this --

1. Install instance A with CA, KRA
2. Install instance B with CA.  At this point, status shows me error on
not being able to find KRA files on instance B.
3. Install OCSP on instance A.
4. Remove OCSP on instance A.  Other than problem mentioned above, all
looks ok.
5. Install OCSP on instance B.

I see this for B:
Status for pki-tomcat28: pki-tomcat28 is running ..

     [CA Status Definitions]
     Unsecure Port       = http://alee-workpc.redhat.com:8280/ca/ee/ca
     Secure Agent Port   = https://alee-workpc.redhat.com:8283/ca/agent/ca
     Secure EE Port      = https://alee-workpc.redhat.com:8283/ca/ee/ca
     Secure Admin Port   = https://alee-workpc.redhat.com:8283/ca/services
     EE Client Auth Port = https://alee-workpc.redhat.com:8283/ca/eeca/ca
     PKI Console Port    = pkiconsole https://alee-workpc.redhat.com:8283/ca
     Tomcat Port         = 8285 (for shutdown)
     Unsecure Port       = http://alee-workpc.redhat.com:8280/kra/ee/kra
     Secure Agent Port   = https://alee-workpc.redhat.com:8283/kra/agent/kra
     Secure EE Port      = https://alee-workpc.redhat.com:8283/kra/ee/kra
     Secure Admin Port   = https://alee-workpc.redhat.com:8283/kra/services
     PKI Console Port    = pkiconsole https://alee-workpc.redhat.com:8283/kra
     Tomcat Port         = 8285 (for shutdown)

     [OCSP Status Definitions]
     Unsecure Port       = http://alee-workpc.redhat.com:8280/ocsp/ee/ocsp
     Secure Agent Port   = https://alee-workpc.redhat.com:8283/ocsp/agent/ocsp
     Secure EE Port      = https://alee-workpc.redhat.com:8283/ocsp/ee/ocsp
     Secure Admin Port   = https://alee-workpc.redhat.com:8283/ocsp/services
     PKI Console Port    = pkiconsole https://alee-workpc.redhat.com:8283/ocsp
     Tomcat Port         = 8285 (for shutdown)

Looks like you are not parsing the server.conf correctly.


On Wed, 2012-12-19 at 12:29 -0500, Ade Lee wrote:
I found the following issues:

Issue 1:

Lets say I have the following setup:
instance A with subsystems CA, KRA, OCSP
instance B with subsystem CA, KRA

Then for instance B, I see the following error message:

grep: /var/lib/pki/pki-tomcat27/conf/ocsp/CS.cfg: No such file or directory
pki-tomcat27 Configuration Definitions not found for ocsp

It appears that if any instance has a subsystem, then it is assumed that
all instances have that subsystem because you use a global list of
subsystems.

Issue 2:

This may be a pkidestroy problem.  I did a pkidestroy of the OCSP on
instance A.  Now I see the following:

     [CA Status Definitions]
     Unsecure Port       = http://alee-workpc.redhat.com:8220/ca/ee/ca
     Secure Agent Port   = https://alee-workpc.redhat.com:8223/ca/agent/ca
     Secure EE Port      = https://alee-workpc.redhat.com:8223/ca/ee/ca
     Secure Admin Port   = https://alee-workpc.redhat.com:8223/ca/services
     EE Client Auth Port = https://alee-workpc.redhat.com:8223/ca/eeca/ca
     PKI Console Port    = pkiconsole https://alee-workpc.redhat.com:8223/ca
     Tomcat Port         = 8225 (for shutdown)

     [DRM Status Definitions]
     Unsecure Port       = http://alee-workpc.redhat.com:8220/kra/ee/kra
     Secure Agent Port   = https://alee-workpc.redhat.com:8223/kra/agent/kra
     Secure EE Port      = https://alee-workpc.redhat.com:8223/kra/ee/kra
     Secure Admin Port   = https://alee-workpc.redhat.com:8223/kra/services
     PKI Console Port    = pkiconsole https://alee-workpc.redhat.com:8223/kra
     Tomcat Port         = 8225 (for shutdown)
     Unsecure Port       = http://alee-workpc.redhat.com:8220/ocsp/ee/ocsp
     Secure Agent Port   = https://alee-workpc.redhat.com:8223/ocsp/agent/ocsp
     Secure EE Port      = https://alee-workpc.redhat.com:8223/ocsp/ee/ocsp
     Secure Admin Port   = https://alee-workpc.redhat.com:8223/ocsp/services
     PKI Console Port    = pkiconsole https://alee-workpc.redhat.com:8223/ocsp
     Tomcat Port         = 8225 (for shutdown)

That is -- I still see definitions from the removed OCSP.  Ditto if I
remove the KRA.

Maybe this is a weird instance.  Still testing ..



On Tue, 2012-12-18 at 19:36 -0800, Matthew Harmsen wrote:
The attached patch addresses the following PKI issue:
       * TRAC Ticket #271 - Dogtag 10: Fix 'status' command in
         'pkidaemon' . . .

_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel 




_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel