Bug 680984
Summary: | DRM cloning results in DS server crash | ||
---|---|---|---|
Product: | [Retired] Dogtag Certificate System | Reporter: | Ade Lee <alee> |
Component: | Cloning | Assignee: | Deon Ballard <dlackey> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Chandrasekar Kannan <ckannan> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 9.0 | CC: | aakkiang, awnuk, benl, ksiddiqu |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-06-04 20:14:35 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 445047, 530474 |
Description
Ade Lee
2011-02-28 17:23:32 UTC
This is in the 8.1 docs as step #11: http://documentation-stage.bne.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Deploy_and_Install_Guide/cloning-other-subsystems.html Verified. RHEL Version: [root@nocp5 kaleem]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 5.7 (Tikanga) RHCS Version: [root@cs81box kal]# rpm -qa *pki*|sort pki-ca-8.1.0-9.el5pki pki-common-8.1.0-18.el5pki pki-common-javadoc-8.1.0-18.el5pki pki-console-8.1.0-4.el5pki pki-java-tools-8.1.0-6.el5pki pki-java-tools-javadoc-8.1.0-6.el5pki pki-kra-8.1.0-10.el5pki pki-migrate-8.1.0-9.el5pki pki-native-tools-8.1.0-6.el5pki pkinit-nss-0.7.6-1.el5 pki-ocsp-8.1.0-7.el5pki pki-ra-8.1.0-7.el5pki pki-selinux-8.1.0-2.el5pki pki-setup-8.1.0-4.el5pki pki-silent-8.1.0-2.el5pki pki-tks-8.1.0-8.el5pki pki-tps-8.1.0-16.el5pki pki-util-8.1.0-6.el5pki pki-util-javadoc-8.1.0-6.el5pki redhat-pki-ca-ui-8.1.0-7.el5pki redhat-pki-common-ui-8.1.0-2.el5pki redhat-pki-console-ui-8.1.0-2.el5pki redhat-pki-kra-ui-8.1.0-6.el5pki redhat-pki-ocsp-ui-8.1.0-5.el5pki redhat-pki-ra-ui-8.1.0-4.el5pki redhat-pki-tks-ui-8.1.0-4.el5pki redhat-pki-tps-ui-8.1.0-7.el5pki [root@cs81box kal]# Steps Used to verify: (1)Create and Configure Master DRM (2)Create Clone DRM (followed instructions given in http://documentation-stage.bne.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Deploy_and_Install_Guide/cloning-other-subsystems.html) Starting pki-clonekra: Using Java Security Manager Constructing 'pki-clonekra.policy' Security Policy Starting pki-clonekra: [ OK ] pki-clonekra (pid 22590) is running ... 'pki-clonekra' must still be CONFIGURED! (see /var/log/pki-clonekra-install.log) Before proceeding with the configuration, make sure the firewall settings of this machine permit proper access to this subsystem. Please start the configuration by accessing: https://cs81box.pnq.redhat.com:21445/kra/admin/console/config/login?pin=SP8XoP4RIH96ZRdw2Nbv After configuration, the server can be operated by the command: /sbin/service pki-clonekra start | stop | restart (3)Copy Master instance's keys into clone DRM's alias directory and change ownership, selinux context [root@cs81box alias]# chown pkiuser: master.p12 [root@cs81box alias]# chcon "system_u:object_r:pki_kra_var_lib_t:s0" master.p12 [root@cs81box alias]# ls -lZ -rw------- pkiuser pkiuser system_u:object_r:pki_kra_var_lib_t cert8.db -rw------- pkiuser pkiuser system_u:object_r:pki_kra_var_lib_t key3.db -rw-r--r-- pkiuser pkiuser system_u:object_r:pki_kra_var_lib_t master.p12 -rw------- pkiuser pkiuser system_u:object_r:pki_kra_var_lib_t secmod.db (4)Now configure the Instance as given in http://documentation-stage.bne.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Deploy_and_Install_Guide/cloning-other-subsystems.html. (5)Now restart the clone KRA subsystem. [root@cs81box alias]# service pki-clonekra restart Stopping pki-clonekra: ............................... [ OK ] Starting pki-clonekra: Using Java Security Manager Constructing 'pki-clonekra.policy' Security Policy Starting pki-clonekra: [ OK ] pki-clonekra (pid 23748) is running ... Unsecure Port = http://cs81box.pnq.redhat.com:21180/kra/ee/kra Secure Agent Port = https://cs81box.pnq.redhat.com:21443/kra/agent/kra Secure EE Port = https://cs81box.pnq.redhat.com:21444/kra/ee/kra Secure Admin Port = https://cs81box.pnq.redhat.com:21445/kra/services PKI Console Port = pkiconsole https://cs81box.pnq.redhat.com:21445/kra Tomcat Port = 21701 (for shutdown) PKI Instance Name: pki-clonekra PKI Subsystem Type: DRM Clone Registered PKI Security Domain Information: ========================================================================== Name: PnqRedhat Domain URL: https://cs81box.pnq.redhat.com:9445 ========================================================================== [root@cs81box alias]# Result: Restart of cloned DRM is successful, without restart of DS instance.Agents interface is accessible successfully. Also restart of cloned DRM is successful, after restart of DS instance. |