Re: [Pki-devel] [PATCH] 178, 179 - changes to allow debian to start Dogtag CA

New patch attached addressing the problems below. Also fixed "status" on debian to print out the config details when the process is running. See more details below: On Fri, 2014-01-03 at 19:21 -0800, Matthew Harmsen wrote: > On 01/03/14 13:09, Ade Lee wrote: > >> These two patches have changes on the dogtag side to allow debian to >> start up a dogtag CA. Along with some debian specific patches which >> will be kept with the debian repo, we can now pkispawn and run a Dogtag >> 10 CA on debian! >> >> Please review, >> Ade >> >> Patch 179: >> >> Debian: add init script functionality >> >> The addtions in this patch will add start/stop/restart >> functionality to operations, so that Debian systems can perform >> these operations by calling these functions from an init script. >> >> We also introduce a parameter in the configuration scripts that >> can be used to determine if the system is a debian system. This >> parameter is used to specify a system V init script instead of >> a systemd script on a debian system, when the configuration >> scriptlets start and stop a system. >> >> Also source apparently does not work by default in debian. Used >> dot (.) instead. >> >> Patch 178: >> >> Debian - replace arch specification >> >> uname -i returns "unknown" on a debian system. "arch" on the other >> hand works for fedora, rhel and debian. Replacing these for all >> packages except for the migration ones which will not be built on >> debian in any case. >> >> >> >> _______________________________________________ >> Pki-devel mailing list >> Pki-devel(a)redhat.com >> https://www.redhat.com/mailman/listinfo/pki-devel > (1) While I was unable to configure a Debian machine appropriate to > check out these fixes, I did successfully install the patches and > successfully build from source on a Fedora 20 x86_64 machine. > > However, when I attempted to install a CA instance using 'pkispawn -s > CA -f /tmp/pki/ca.cfg', I received the following error: > ... > pkispawn : INFO ....... executing 'certutil -N > -d /root/.dogtag/pki-tomcat/ca/alias > -f /root/.dogtag/pki-tomcat/ca/password.conf' > pkispawn : INFO ....... executing 'systemctl start > pki-tomcatd(a)pki-tomcat.service' > Job for pki-tomcatd(a)pki-tomcat.service failed. See 'systemctl > status pki-tomcatd(a)pki-tomcat.service' and 'journalctl -xn' > for details. > pkispawn : ERROR ....... subprocess.CalledProcessError: > Command '['systemctl', 'start', > 'pki-tomcatd(a)pki-tomcat.service']' returned non-zero exit > status 1! > pkispawn : DEBUG ....... Error Type: CalledProcessError > pkispawn : DEBUG ....... Error Message: Command > '['systemctl', 'start', 'pki-tomcatd(a)pki-tomcat.service']' > returned non-zero exit status 1 > pkispawn : DEBUG ....... File "/sbin/pkispawn", line > 463, in main > rv = instance.spawn(deployer) > File > "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py", line 97, in spawn > deployer.systemd.start() > File > "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py", line 3088, in start > subprocess.check_call(command) > File "/usr/lib64/python2.7/subprocess.py", line 542, in > check_call > raise CalledProcessError(retcode, cmd) > > > Installation failed. > > > # systemctl status -l pki-tomcatd(a)pki-tomcat.service > pki-tomcatd(a)pki-tomcat.service - PKI Tomcat Server pki-tomcat > Loaded: loaded > (/usr/lib/systemd/system/pki-tomcatd@.service; enabled) > Active: failed (Result: exit-code) since Fri 2014-01-03 > 18:59:42 PST; 6min ago > Process: 21904 ExecStartPre=/usr/bin/pkidaemon start tomcat > %i (code=exited, status=1/FAILURE) > > Jan 03 18:59:40 dogtag20.example.com systemd[1]: Starting PKI > Tomcat Server pki-tomcat... > Jan 03 18:59:42 dogtag20.example.com pkidaemon[21904]: > WARNING: Attempting to change symbolic link > '/var/lib/pki/pki-tomcat/bin' to point to target > '/usr/share/tomcat7/bin' INSTEAD of current target > '/usr/share/tomcat/bin'! > Jan 03 18:59:42 dogtag20.example.com systemd[1]: > pki-tomcatd(a)pki-tomcat.service: control process exited, > code=exited status=1 > Jan 03 18:59:42 dogtag20.example.com systemd[1]: Failed to > start PKI Tomcat Server pki-tomcat. > Jan 03 18:59:42 dogtag20.example.com systemd[1]: Unit > pki-tomcatd(a)pki-tomcat.service entered failed state. > > > # journalctl -xn > -- Logs begin at Wed 2013-07-10 14:02:40 PDT, end at Fri > 2014-01-03 19:08:02 PST > Jan 03 19:06:01 dogtag20.example.com systemd[1]: Starting > Session 21094 o > -- Subject: Unit session-21094.scope has begun with start-up > -- Defined-By: systemd > -- Support: > http://lists.freedesktop.org/mailman/listinfo/systemd-devel > -- > -- Unit session-21094.scope has begun starting up. > Jan 03 19:06:01 dogtag20.example.com systemd[1]: Started > Session 21094 of > -- Subject: Unit session-21094.scope has finished start-up > -- Defined-By: systemd > -- Support: > http://lists.freedesktop.org/mailman/listinfo/systemd-devel > -- > -- Unit session-21094.scope has finished starting up. > -- > -- The start-up result is done. > Jan 03 19:06:03 dogtag20.example.com CROND[21984]: (root) CMD > (/usr/bin/r > Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]: > dbus[493]: [system > Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system] > Activating via s > Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system] > Activation via s > Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]: > dbus[493]: [system > Jan 03 19:08:01 dogtag20.example.com systemd[1]: Starting > Session 21095 o > -- Subject: Unit session-21095.scope has begun with start-up > -- Defined-By: systemd > -- Support: > http://lists.freedesktop.org/mailman/listinfo/systemd-devel > -- > -- Unit session-21095.scope has begun starting up. > Jan 03 19:08:01 dogtag20.example.com systemd[1]: Started > Session 21095 of > -- Subject: Unit session-21095.scope has finished start-up > -- Defined-By: systemd > -- Support: > http://lists.freedesktop.org/mailman/listinfo/systemd-devel > -- > -- Unit session-21095.scope has finished starting up. > -- > -- The start-up result is done. > Jan 03 19:08:02 dogtag20.example.com CROND[21995]: (root) CMD > (/usr/bin/r > Fixed this. The problem was partly that $debian was not defined as false by default, and partly because of using set -e, causing the script to exit unexpectedly. The set -e invocations have been removed. > (2) One concern that I can see from reviewing the code appears that > the 'stop' and 'restart' commands will still not work on Debian, as > the entry point which comes from 'pkidaemon' will utilize the '*' > option which will yield the following messages: > unknown action (stop) > Usage: /usr/bin/pkidaemon {start|stop|restart|status} > instance-type [instance-name] > ... > > unknown action (restart) > Usage: /usr/bin/pkidaemon {start|stop|restart|status} > instance-type [instance-name] > ... > > NOTE: These commands SHOULD yield this on Fedora systems, but > NOT on Debian systems. Actually, this did work on debian because in the init script, I did not invoke pkidaemon. Rather, I sourced operations directly. The check that you are referring to is in pkidaemon - and having not been sourced is never encountered. To be more consistent though, I have simply added the relevant logic to pkidaemon. > (3) Finally, the following white spaces were present in your patches > when they were applied: > # git am ../*.patch > Applying: Debian - replace arch specification > Applying: Debian: add init script functionality > /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:18: > trailing whitespace. > > /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:61: > trailing whitespace. > command = ["/etc/init.d/pki-tomcatd", "stop", > /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:76: > trailing whitespace. > command = ["/etc/init.d/pki-tomcatd", > "restart", > warning: 3 lines add whitespace errors. > Fixed.