Re: [Pki-devel] [PATCH] 178, 179 - changes to allow debian to start Dogtag CA

On 01/03/14 13:09, Ade Lee wrote: > These two patches have changes on the dogtag side to allow debian to > start up a dogtag CA. Along with some debian specific patches which > will be kept with the debian repo, we can now pkispawn and run a Dogtag > 10 CA on debian! > > Please review, > Ade > > Patch 179: > > Debian: add init script functionality > > The addtions in this patch will add start/stop/restart > functionality to operations, so that Debian systems can perform > these operations by calling these functions from an init script. > > We also introduce a parameter in the configuration scripts that > can be used to determine if the system is a debian system. This > parameter is used to specify a system V init script instead of > a systemd script on a debian system, when the configuration > scriptlets start and stop a system. > > Also source apparently does not work by default in debian. Used > dot (.) instead. > > Patch 178: > > Debian - replace arch specification > > uname -i returns "unknown" on a debian system. "arch" on the other > hand works for fedora, rhel and debian. Replacing these for all > packages except for the migration ones which will not be built on > debian in any case. > > > > _______________________________________________ > Pki-devel mailing list > Pki-devel(a)redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel (1) While I was unable to configure a Debian machine appropriate to check out these fixes, I did successfully install the patches and successfully build from source on a Fedora 20 x86_64 machine. However, when I attempted to install a CA instance using 'pkispawn -s CA -f /tmp/pki/ca.cfg', I received the following error: ... pkispawn : INFO ....... executing 'certutil -N -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogtag/pki-tomcat/ca/password.conf' pkispawn : INFO ....... executing 'systemctl start pki-tomcatd(a)pki-tomcat.service' Job for pki-tomcatd(a)pki-tomcat.service failed. See 'systemctl status pki-tomcatd(a)pki-tomcat.service' and 'journalctl -xn' for details. pkispawn : ERROR ....... subprocess.CalledProcessError: Command '['systemctl', 'start', 'pki-tomcatd(a)pki-tomcat.service']' returned non-zero exit status 1! pkispawn : DEBUG ....... Error Type: CalledProcessError pkispawn : DEBUG ....... Error Message: Command '['systemctl', 'start', 'pki-tomcatd(a)pki-tomcat.service']' returned non-zero exit status 1 pkispawn : DEBUG ....... File "/sbin/pkispawn", line 463, in main rv = instance.spawn(deployer) File "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py", line 97, in spawn deployer.systemd.start() File "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py", line 3088, in start subprocess.check_call(command) File "/usr/lib64/python2.7/subprocess.py", line 542, in check_call raise CalledProcessError(retcode, cmd) Installation failed. # systemctl status -l pki-tomcatd(a)pki-tomcat.service pki-tomcatd(a)pki-tomcat.service - PKI Tomcat Server pki-tomcat Loaded: loaded (/usr/lib/systemd/system/pki-tomcatd@.service; enabled) Active: failed (Result: exit-code) since Fri 2014-01-03 18:59:42 PST; 6min ago Process: 21904 ExecStartPre=/usr/bin/pkidaemon start tomcat %i (code=exited, status=1/FAILURE) Jan 03 18:59:40 dogtag20.example.com systemd[1]: Starting PKI Tomcat Server pki-tomcat... Jan 03 18:59:42 dogtag20.example.com pkidaemon[21904]: WARNING: Attempting to change symbolic link '/var/lib/pki/pki-tomcat/bin' to point to target '/usr/share/tomcat7/bin' INSTEAD of current target '/usr/share/tomcat/bin'! Jan 03 18:59:42 dogtag20.example.com systemd[1]: pki-tomcatd(a)pki-tomcat.service: control process exited, code=exited status=1 Jan 03 18:59:42 dogtag20.example.com systemd[1]: Failed to start PKI Tomcat Server pki-tomcat. Jan 03 18:59:42 dogtag20.example.com systemd[1]: Unit pki-tomcatd(a)pki-tomcat.service entered failed state. # journalctl -xn -- Logs begin at Wed 2013-07-10 14:02:40 PDT, end at Fri 2014-01-03 19:08:02 PST Jan 03 19:06:01 dogtag20.example.com systemd[1]: Starting Session 21094 o -- Subject: Unit session-21094.scope has begun with start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit session-21094.scope has begun starting up. Jan 03 19:06:01 dogtag20.example.com systemd[1]: Started Session 21094 of -- Subject: Unit session-21094.scope has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit session-21094.scope has finished starting up. -- -- The start-up result is done. Jan 03 19:06:03 dogtag20.example.com CROND[21984]: (root) CMD (/usr/bin/r Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]: dbus[493]: [system Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system] Activating via s Jan 03 19:06:25 dogtag20.example.com dbus[493]: [system] Activation via s Jan 03 19:06:25 dogtag20.example.com dbus-daemon[493]: dbus[493]: [system Jan 03 19:08:01 dogtag20.example.com systemd[1]: Starting Session 21095 o -- Subject: Unit session-21095.scope has begun with start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit session-21095.scope has begun starting up. Jan 03 19:08:01 dogtag20.example.com systemd[1]: Started Session 21095 of -- Subject: Unit session-21095.scope has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit session-21095.scope has finished starting up. -- -- The start-up result is done. Jan 03 19:08:02 dogtag20.example.com CROND[21995]: (root) CMD (/usr/bin/r

(2) One concern that I can see from reviewing the code appears that the 'stop' and 'restart' commands will still not work on Debian, as the entry point which comes from 'pkidaemon' will utilize the '*' option which will yield the following messages: unknown action (stop) Usage: /usr/bin/pkidaemon {start|stop|restart|status} instance-type [instance-name] ... unknown action (restart) Usage: /usr/bin/pkidaemon {start|stop|restart|status} instance-type [instance-name] ... NOTE: These commands SHOULD yield this on Fedora systems, but NOT on Debian systems.

(3) Finally, the following white spaces were present in your patches when they were applied: # git am ../*.patch Applying: Debian - replace arch specification Applying: Debian: add init script functionality /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:18: trailing whitespace. /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:61: trailing whitespace. command = ["/etc/init.d/pki-tomcatd", "stop", /home/mharmsen/DOGTAG/test/pki/.git/rebase-apply/patch:76: trailing whitespace. command = ["/etc/init.d/pki-tomcatd", "restart", warning: 3 lines add whitespace errors.