Re: [Pki-devel] [PATCH] 178, 179 - changes to allow debian to start Dogtag CA

Friday, 3 January 2014

On 01/03/14 13:09, Ade Lee wrote:
...
 These two patches have changes on the dogtag side to allow debian to
 start up a dogtag CA.  Along with some debian specific patches which
 will be kept with the debian repo, we can now pkispawn and run a Dogtag
 10 CA on debian!

 Please review,
 Ade

 Patch 179:

      Debian: add init script functionality

      The addtions in this patch will add start/stop/restart
      functionality to operations, so that Debian systems can perform
      these operations by calling these functions from an init script.

      We also introduce a parameter in the configuration scripts that
      can be used to determine if the system is a debian system.  This
      parameter is used to specify a system V init script instead of
      a systemd script on a debian system, when the configuration
      scriptlets start and stop a system.

      Also source apparently does not work by default in debian.  Used
      dot (.) instead.

 Patch 178:

      Debian - replace arch specification

      uname -i returns "unknown" on a debian system. "arch" on the
other
      hand works for fedora, rhel and debian.  Replacing these for all
      packages except for the migration ones which will not be built on
      debian in any case.

 _______________________________________________
 Pki-devel mailing list
 Pki-devel(a)redhat.com
 https://www.redhat.com/mailman/listinfo/pki-devel (1) While I was unable to
configure a Debian machine appropriate to 
check out these fixes, I did successfully install the patches and 
successfully build from source on a Fedora 20 x86_64 machine.

However, when I attempted to install a CA instance using 'pkispawn -s CA 
-f /tmp/pki/ca.cfg', I received the following error:

    ...
    pkispawn    : INFO     ....... executing 'certutil -N -d
    /root/.dogtag/pki-tomcat/ca/alias -f
    /root/.dogtag/pki-tomcat/ca/password.conf'
    pkispawn    : INFO     ....... executing 'systemctl start
    pki-tomcatd(a)pki-tomcat.service&#39;
    Job for pki-tomcatd(a)pki-tomcat.service failed. See 'systemctl status
    pki-tomcatd(a)pki-tomcat.service&#39; and 'journalctl -xn' for details.
    pkispawn    : ERROR    ....... subprocess.CalledProcessError:
    Command '['systemctl', 'start',
&#39;pki-tomcatd(a)pki-tomcat.service&#39;]&#39;
    returned non-zero exit status 1!
    pkispawn    : DEBUG    ....... Error Type: CalledProcessError
    pkispawn    : DEBUG    ....... Error Message: Command '['systemctl',
    'start', &#39;pki-tomcatd(a)pki-tomcat.service&#39;]&#39; returned non-zero
exit
    status 1
    pkispawn    : DEBUG    .......   File "/sbin/pkispawn", line 463, in
    main
         rv = instance.spawn(deployer)
       File

"/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py",
    line 97, in spawn
         deployer.systemd.start()
       File
    "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py",
    line 3088, in start
         subprocess.check_call(command)
       File "/usr/lib64/python2.7/subprocess.py", line 542, in check_call
         raise CalledProcessError(retcode, cmd)

    Installation failed.

    # systemctl status -l pki-tomcatd(a)pki-tomcat.service
    pki-tomcatd(a)pki-tomcat.service - PKI Tomcat Server pki-tomcat
        Loaded: loaded (/usr/lib/systemd/system/pki-tomcatd@.service;
    enabled)
        Active: failed (Result: exit-code) since Fri 2014-01-03 18:59:42
    PST; 6min ago
       Process: 21904 ExecStartPre=/usr/bin/pkidaemon start tomcat %i
    (code=exited, status=1/FAILURE)

    Jan 03 18:59:40 dogtag20.example.com systemd[1]: Starting PKI Tomcat
    Server pki-tomcat...
    Jan 03 18:59:42 dogtag20.example.com pkidaemon[21904]: WARNING:
    Attempting to change symbolic link '/var/lib/pki/pki-tomcat/bin' to
    point to target '/usr/share/tomcat7/bin' INSTEAD of current target
    '/usr/share/tomcat/bin'!
    Jan 03 18:59:42 dogtag20.example.com systemd[1]:
    pki-tomcatd(a)pki-tomcat.service: control process exited, code=exited
    status=1
    Jan 03 18:59:42 dogtag20.example.com systemd[1]: Failed to start PKI
    Tomcat Server pki-tomcat.
    Jan 03 18:59:42 dogtag20.example.com systemd[1]: Unit
    pki-tomcatd(a)pki-tomcat.service entered failed state.

    # journalctl -xn
    -- Logs begin at Wed 2013-07-10 14:02:40 PDT, end at Fri 2014-01-03
    19:08:02 PST
    Jan 03 19:06:01 dogtag20.example.com systemd[1]: Starting Session
    21094 o
    -- Subject: Unit session-21094.scope has begun with start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    -- 
    -- Unit session-21094.scope has begun starting up.
    Jan 03 19:06:01 dogtag20.example.com systemd[1]: Started Session
    21094 of
    -- Subject: Unit session-21094.scope has finished start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    -- 
    -- Unit session-21094.scope has finished starting up.
    -- 
    -- The start-up result is done.
    Jan 03 19:06:03 dogtag20.example.com CROND[21984]: (root) CMD
    (/usr/bin/r
    Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]: dbus[493]:
    [system
    Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system] Activating
    via s
    Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system] Activation
    via s
    Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]: dbus[493]:
    [system
    Jan 03 19:08:01 dogtag20.example.com systemd[1]: Starting Session
    21095 o
    -- Subject: Unit session-21095.scope has begun with start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    -- 
    -- Unit session-21095.scope has begun starting up.
    Jan 03 19:08:01 dogtag20.example.com systemd[1]: Started Session
    21095 of
    -- Subject: Unit session-21095.scope has finished start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    -- 
    -- Unit session-21095.scope has finished starting up.
    -- 
    -- The start-up result is done.
    Jan 03 19:08:02 dogtag20.example.com CROND[21995]: (root) CMD
    (/usr/bin/r

(2) One concern that I can see from reviewing the code appears that the 
'stop' and 'restart' commands will still not work on Debian, as the 
entry point which comes from 'pkidaemon' will utilize the '*' option 
which will yield the following messages:

    unknown action (stop)
    Usage: /usr/bin/pkidaemon {start|stop|restart|status} instance-type
    [instance-name]
    ...

    unknown action (restart)
    Usage: /usr/bin/pkidaemon {start|stop|restart|status} instance-type
    [instance-name]
    ...

    NOTE:  These commands SHOULD yield this on Fedora systems, but NOT
    on Debian systems.

(3) Finally, the following white spaces were present in your patches 
when they were applied:

    # git am ../*.patch
    Applying: Debian - replace arch specification
    Applying: Debian: add init script functionality
    /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:18: trailing
    whitespace.

    /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:61: trailing
    whitespace.
                     command = ["/etc/init.d/pki-tomcatd", "stop",
    /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:76: trailing
    whitespace.
                     command = ["/etc/init.d/pki-tomcatd", "restart",
    warning: 3 lines add whitespace errors.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Re: [Pki-devel] [PATCH] 178, 179 - changes to allow debian to start Dogtag CA