Bug 504030

Summary: pkisilent not setting security domain properties when creating a clone
Product: [Retired] Dogtag Certificate System Reporter: Rob Crittenden <rcritten>
Component: Installation WizardAssignee: Ade Lee <alee>
Status: CLOSED CURRENTRELEASE QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.1CC: aakkiang, alee, benl, jgalipea, jmagne, mharmsen
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-04 20:31:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 431020, 431022, 445047    
Attachments:
Description Flags
pkisilent invocation and output
none
patch to 8.1 branch to fix 510774, 531162, 504030, 493418
none
patch to tip to fix 510774, 531162, 504030, 493418 none

Description Rob Crittenden 2009-06-03 21:03:20 UTC 
Description of problem:

I'm doing a silent installation from within IPA. catest is the existing CA, replica4 is the clone.

sdomainName is not being populated and the security domain URL is not being parsed properly resulting in null for the port.

Version-Release number of selected component (if applicable):

SVN revision 543
Comment 1 Rob Crittenden 2009-06-03 21:03:55 UTC 
Created attachment 346458 [details]
pkisilent invocation and output
Comment 2 Rob Crittenden 2009-11-06 17:14:28 UTC 
We determined that this was caused by one of my machines being behind a NAT and the hostname and IP address not lining up.

This case should either be handled gracefully (e.g. allowed, why does CS care what the IP address is) or a proper error message disclosed.
Comment 3 Ade Lee 2009-12-01 17:32:32 UTC 
On looking at the log, the problem is actually that the port was not passed in as expected from the command line.

We expect the port to be passed in as -sd_admin_port.  It isn't passed in and so the port is <null>.

Maybe it makes sense to add better error handling for command line parameter parsing.
Comment 4 Ade Lee 2009-12-03 15:53:33 UTC 
Created attachment 375817 [details]
patch to 8.1 branch to fix 510774, 531162, 504030, 493418
Comment 5 Ade Lee 2009-12-03 15:54:28 UTC 
Created attachment 375819 [details]
patch to tip to fix 510774, 531162, 504030, 493418
Comment 6 Jack Magne 2009-12-03 20:57:49 UTC 
Attachments id=375817 id=375819 jmagne+

With caveat of checking for an empty string in the function:
checkRequireArgs.
Comment 7 Ade Lee 2009-12-03 21:25:46 UTC 
Checked into tip:
[builder@dhcp231-70 silent]$  svn ci -m "fixes for BZ 510774,531162,504030, 493418"  
Sending        silent/scripts/pkisilent
Sending        silent/src/argparser/ArgParser.java
Sending        silent/src/ca/ConfigureCA.java
Sending        silent/src/common/ComCrypto.java
Sending        silent/src/drm/ConfigureDRM.java
Sending        silent/src/ocsp/ConfigureOCSP.java
Sending        silent/src/subca/ConfigureSubCA.java
Sending        silent/src/tks/ConfigureTKS.java
Sending        silent/src/tps/ConfigureTPS.java
Transmitting file data .........
Committed revision 877.

Checked into 8.1
[builder@oliver silent]$ svn ci -m "fixes for BZ 510774,531162, 504030, 493418"
Sending        silent/scripts/pkisilent
Sending        silent/src/argparser/ArgParser.java
Sending        silent/src/ca/ConfigureCA.java
Sending        silent/src/drm/ConfigureDRM.java
Sending        silent/src/ocsp/ConfigureOCSP.java
Sending        silent/src/subca/ConfigureSubCA.java
Sending        silent/src/tks/ConfigureTKS.java
Sending        silent/src/tps/ConfigureTPS.java
Transmitting file data ........
Committed revision 878.
Comment 8 Ade Lee 2009-12-03 21:42:58 UTC 
Note to QE/ Docs:

The problem here was that Rob forgot to include the required parameter:
-sd_admin_port.

The fix introduced here is as follows:
1. After pkisilent has parsed its command line arguments, it will check to see if any required arguments are missing.  If so, it will specify which one (the first one it encounters) is missing and exit.

2. You can always view the parameters that are required by doing
   pkisilent -help

   The parameters that are optional (in general) have the string (optional ...)
   in the description. In fact, this is the tag I look for to see if the  
   parameter is optional or not.  All parameters without this tag are required. 
   Docs should make a note of this.

So, QE should confirm that this does not break their current scripts - and that the optional parameters are in fact correct.
Comment 9 Asha Akkiangady 2010-05-17 13:52:17 UTC 
The current QE scripts works fine with the pkisilent fixes. The 'pkisilent -help' specify the required and optional parameters.


Marking the bug verified.