Bug 1644769

Summary: pkispawn fails due to name collision with /var/log/pki/<instance>
Product: Red Hat Enterprise Linux 7 Reporter: Dinesh Prasanth <dmoluguw>
Component: pki-coreAssignee: Dinesh Prasanth <dmoluguw>
Status: CLOSED ERRATA QA Contact: Asha Akkiangady <aakkiang>
Severity: high Docs Contact: Marc Muehlfeld <mmuehlfe>
Priority: high    
Version: 7.7CC: cpelland, mharmsen, msauton, sumenon
Target Milestone: rcKeywords: TestCaseProvided, ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: pki-core-10.5.16-2.el7 Doc Type: Enhancement
Doc Text:
.Certificate System now preserves the logs of previous installations when reinstalling the service Previously, the `pkispawn` utility reported a name collision error when installing a Certificate System subsystem on a server with an existing Certificate System log directory structure. With this enhancement, Certificate System reuses the existing log directory structure to preserve logs of previous installations.
 Story Points: ---
Clone Of:
: 1645429 (view as bug list) Environment:
Last Closed: 2019-08-06 13:07:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1372056, 1645429    

Comment 2 Dinesh Prasanth 2018-11-01 22:38:12 UTC 
The changes have been backported (to 10.5) through PR: https://github.com/dogtagpki/pki/pull/93

10_5 branch:
============
The commit that fixes this specific bug: https://github.com/dogtagpki/pki/commit/c6c6757b4c566d10d25fe220fa9f59539c7a55ee


This commit ensures that pkispawn reuses the same log dir (if exist) instead of throwing name space collision error
Comment 3 Dinesh Prasanth 2018-11-01 22:45:50 UTC 
This bug can be verified while testing: https://bugzilla.redhat.com/show_bug.cgi?id=1372056

Verification steps provided for QE:
1. Install a subsystem using pkispawn
2. `tree /var/log/pki/` # note the tree structure
3. Run `pkidestroy -s <subsystem> -i <instance>`
4. `tree /var/log/pki/` # the tree should match #2
5. Install the subsystem again

No error should be thrown.

Also, you can do `tail -f /var/log/pki/<instance>/<subsystem>/<corresponding debug file>` while executing the above steps to see that new logs are appended to existing log files.
Comment 6 Sudhir Menon 2019-06-12 08:58:30 UTC 
1. namespace collision error is not displayed when pkispawn is run.
2. Reinstall using pkispawn appends the existing log file.

Verified on RHEL7.7
[root@pki1 pki]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.7 Beta (Maipo)
pki-ca-10.5.16-2.el7.noarch
pki-kra-10.5.16-2.el7.noarch
pki-base-10.5.16-2.el7.noarch
389-ds-base-1.3.9.1-8.el7.x86_64

#pkispawn -s CA -f /root/config2/ca.cfg
[root@pki1 ~]# pkidaemon status
Status for topology-01-CA: topology-01-CA is running ..

    [CA Status Definitions]
    Unsecure URL        = http://pki1.example.com:8080/ca/ee/ca
    Secure Agent URL    = https://pki1.example.com:8443/ca/agent/ca
    Secure EE URL       = https://pki1.example.com:8443/ca/ee/ca
    Secure Admin URL    = https://pki1.example.com:8443/ca/services
    PKI Console Command = pkiconsole https://pki1.example.com:8443/ca
    Tomcat Port         = 8005 (for shutdown)

[root@pki1 ~]# tree /var/log/pki/
/var/log/pki/
8 directories, 39 files

[root@pki1 ~]# pkidestroy -s CA -i topology-01-CA
Log file: /var/log/pki/pki-ca-destroy.20190612044525.log
Loading deployment configuration from /var/lib/pki/topology-01-CA/ca/registry/ca/deployment.cfg.
WARNING: The 'pki_pin' in [DEFAULT] has been deprecated. Use 'pki_server_database_password' instead.
Uninstalling CA from /var/lib/pki/topology-01-CA.
pkidestroy  : WARNING  ....... Directory '/etc/pki/topology-01-CA/alias' is either missing or is NOT a directory!
Uninstallation complete.

[root@pki1 ~]# tree /var/log/pki/
8 directories, 44 files

[root@pki1 ~]# pkispawn -s CA -f /root/config2/ca.cfg 
Log file: /var/log/pki/pki-ca-spawn.20190612044614.log
Loading deployment configuration from /root/config2/ca.cfg.
Installing CA into /var/lib/pki/topology-01-CA.
Storing deployment configuration into /etc/sysconfig/pki/tomcat/topology-01-CA/ca/deployment.cfg.
Notice: Trust flag u is set automatically if the private key is present.
    ==========================================================================
                                INSTALLATION SUMMARY
    ==========================================================================
      Administrator's username:             caadmin
      Administrator's PKCS #12 file:
            /opt/topology-01-CA/ca_admin_cert.p12
      To check the status of the subsystem:
           systemctl status pki-tomcatd
      To restart the subsystem:
           systemctl restart pki-tomcatd
      The URL for the subsystem is:
            https://pki1.example.com:8443/ca
      PKI instances will be enabled upon system boot
Comment 8 errata-xmlrpc 2019-08-06 13:07:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2228