Bug 1305622 - Rename DRMTool --> KRATool
Rename DRMTool --> KRATool
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pki-core (Show other bugs)
7.3
Unspecified Unspecified
high Severity unspecified
: rc
: 7.3
Assigned To: Matthew Harmsen
Asha Akkiangady
Aneta Šteflová Petrová
:
Depends On:
Blocks: 1373536
  Show dependency treegraph
 
Reported: 2016-02-08 13:31 EST by Matthew Harmsen
Modified: 2016-11-04 01:22 EDT (History)
3 users (show)

See Also:
Fixed In Version: pki-core-10.3.1-1.el7
Doc Type: Release Note
Doc Text:
DRMTool renamed to KRATool The Data Recovery Manager (DRM) component of Certificate System (CS) is now called Key Recovery Authority (KRA). For consistency with this change, this update renames the DRMTool utility to KRATool. Note that to ease the transition, compatibility symbolic links are provided. The links help ensure that, for example, scripts referencing DRMTool continue working.
Story Points: ---
Clone Of:
: 1373536 (view as bug list)
Environment:
Last Closed: 2016-11-04 01:22:56 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Matthew Harmsen 2016-02-08 13:31:30 EST
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/pki/ticket/1850

Per discussions documented in [https://fedorahosted.org/pki/ticket/1099 PKI TRAC Ticket #1099 Rename "DRM/Drm/drm/Data Recovery Manager" ==> "KRA/Kra/kra/Key Recovery Authority"] regarding breaking it up into smaller tickets, this ticket is specific to renaming the '''DRMTool''' to '''KRATool'''.

This particular enhancement needs to be addressed sooner rather than later to coincide with documentation changes which have already been made and released:

* [https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/9/html/Command-Line_Tools_Guide/index.html RHCS 9 Command-Line Tools Guide]
Comment 2 Matthew Harmsen 2016-02-11 20:44:04 EST
Checked into 'master':

commit 0278fe33e3d49b2a994eeec4b9b18a0c4353f69e Author: Matthew Harmsen <​mharmsen@redhat.com> Date: Thu Feb 11 15:01:07 2016 -0700

    PKI TRAC Ticket #1850 - Rename DRMTool --> KRATool (spec file)

commit 0ea3afcca4d214a4054ef10ee76e4e97365928dc Author: Matthew Harmsen <​mharmsen@redhat.com> Date: Thu Feb 11 14:59:50 2016 -0700

    PKI TRAC Ticket #1850 - Rename DRMTool --> KRATool
Comment 3 Mike McCune 2016-03-28 19:05:20 EDT
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions
Comment 8 Roshni 2016-08-18 11:24:18 EDT
[root@ipaqavmf pki]# rpm -qi pki-kra
Name        : pki-kra
Version     : 10.3.3
Release     : 5.el7
Architecture: noarch
Install Date: Sun 14 Aug 2016 05:10:44 PM EDT
Group       : System Environment/Daemons
Size        : 548279
License     : GPLv2
Signature   : RSA/SHA256, Thu 11 Aug 2016 02:01:16 AM EDT, Key ID 938a80caf21541eb
Source RPM  : pki-core-10.3.3-5.el7.src.rpm
Build Date  : Tue 09 Aug 2016 07:47:56 AM EDT
Build Host  : ppc-021.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - Key Recovery Authority

Verification steps:

Scenario 1:

1. 2 CA and KRA were instances configured with CS 9.1 packages
2. certutil -L -d /var/lib/pki/pki-kra1/alias/ -n "storageCert cert-pki-kra1 KRA" -a > /export/drmtooltestdata/pki1/kra1-storage.cert
3. /usr/lib64/dirsrv/slapd-dir1/db2ldif -n "pki-kra1-KRA" -a /export/drmtooltestdata/pki1/kra1-dbconfig.ldif
4. cp /var/lib/pki-kra1-sep6/alias/*.db /export/drmtooltestdata/pki1
5. certutil -L -d /var/lib/pki/pki-kra2/alias/ -n "storageCert cert-pki-kra2 KRA" -a > /export/drmtooltestdata/pki2/kra2-storage.cert
6. cp /export/drmtooltestdata/pki2/kra2-storage.cert /export/drmtooltestdata/pki1
7. KRATool                                                                      \
    -drmtool_config_file "/usr/share/pki/java-tools/KRATool.cfg"                      \
    -source_ldif_file "/export/drmtooltestdata/pki1/kra1-dbconfig.ldif"               \
    -target_ldif_file "/export/drmtooltestdata/pki1/kra1tokra2-combined.ldif"         \
    -log_file "/export/drmtooltestdata//drmtool.log"                                  \
    -source_pki_security_database_path "/export/drmtooltestdata/pki1/"                \
    -source_storage_token_name "Internal Key Storage Token"                           \
    -source_storage_certificate_nickname "storageCert cert-pki-kra1 KRA"             \
    -target_storage_certificate_file "/export/drmtooltestdata/pki1/kra2-storage.cert" \
    -append_id_offset 100000000000                                                    \
    -source_drm_naming_context "pki-kra1-KRA"           \
    -target_drm_naming_context "pki-kra2-KRA"           \
    -process_requests_and_key_records_only

8. /usr/lib64/dirsrv/slapd-dir2/db2ldif -n pki-kra2-KRA -a /export/drmtooltestdata/pki2/kra2-dbconfig.ldif

9. cat kra2-storage.cert ../pki1/kra1tokra2-combined.ldif > kra2.ldif 

10. shutdown pki and dirsrv instances

11. /usr/lib64/dirsrv/slapd-dir2/ldif2db -n pki-kra2-KRA -i /export/drmtooltestdata/pki2/kra2.ldif 

KRA 2 should have key archival requests from KRA1 and KRA2 combined.

Scenario 2:

1. CS 9.1 machine had CA and KRA instances created with the following configs

[root@ipaqavmf ~]# cat ca.cfg 
[DEFAULT]
pki_instance_name = topology-CA
pki_token_password = Secret123
pki_admin_password = Secret123
pki_hostname = ipaqavmf.idmqe.lab.eng.bos.redhat.com
pki_security_domain_password = Secret123
pki_client_dir = /opt/topology-CA
pki_client_pkcs12_password = Secret123
pki_backup_keys = True
pki_backup_password = Secret123
pki_ds_password = Secret123
pki_ds_ldap_port = 389

[CA]
pki_import_admin_cert = False
pki_ds_hostname = ipaqavmf.idmqe.lab.eng.bos.redhat.com
pki_admin_nickname = PKI CA Administrator for Example.Org
pki_ds_base_dn=dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-ca
pki_ds_database=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-ca
[root@ipaqavmf ~]# cat kra.cfg 
[DEFAULT]
pki_instance_name = topology-KRA
pki_https_port = 21443
pki_http_port = 21080
pki_token_password = Secret123
pki_admin_password = Secret123
pki_hostname = ipaqavmf.idmqe.lab.eng.bos.redhat.com
pki_security_domain_hostname = ipaqavmf.idmqe.lab.eng.bos.redhat.com
pki_security_domain_https_port = 8443
pki_security_domain_password = Secret123
pki_client_dir = /opt/topology-KRA
pki_client_pkcs12_password = Secret123
pki_backup_keys = True
pki_backup_password = Secret123
pki_ds_password = Secret123
pki_ds_ldap_port = 5389
pki_client_database_password = Secret123

[Tomcat]
pki_ajp_port = 21009
pki_tomcat_server_port = 21005

[KRA]
pki_import_admin_cert = False
pki_ds_hostname = ipaqavmf.idmqe.lab.eng.bos.redhat.com
pki_admin_nickname = PKI KRA Administrator for Example.Org
pki_ds_base_dn=dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra
pki_ds_database=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra

2. Copied the KRA storage cert (omega.cert) to the CS 8.1.6 machine.

Machine with CS 8.1.6 had the following steps done

1. CA, DRM, TKS and TPS were installed.
2. Enrolled 2 token with server-side key generation enabled, the keys of the encryption cert were archived.

3.  cd /var/lib/pki-kra/alias
cp -p cert8.db /export/pki
    cp -p key3.db /export/pki    
    cp -p secmod.db /export/pki

4. service dirsrv stop
 /usr/lib64/dirsrv/slapd-<kra-db-instance>/db2ldif -n <kra-pki-instance>-KRA -a /export/pki/beta.ldif

5. Copied the ldif of KRA (omega.cert) from the CS 9.1 machine to the CS 8.1 machine

6. DRMTool                                                         \
    -drmtool_config_file "/usr/share/pki/java-tools/DRMTool.cfg"    \
    -source_ldif_file "`pwd`/beta.ldif"                             \
    -target_ldif_file "`pwd`/beta2omega.ldif"                       \
    -log_file "`pwd`/drmtool.log"                                   \
    -source_pki_security_database_path "`pwd`"                      \
    -source_storage_token_name "Internal Key Storage Token"         \
    -source_storage_certificate_nickname "storageCert cert-pki-kra" \
    -target_storage_certificate_file "`pwd`/omega.cert"             \
    -append_id_offset 110000000000                                  \
    -source_drm_naming_context "ipaqa64vmd.idmqe.lab.eng.bos.redhat.com-pki-kra"           \
    -target_drm_naming_context "ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra"          \
    -process_requests_and_key_records_only

7. Copied the ldif created after the above command (beta2omega.ldif) to the CS9.1 machine

8. Concatenated the CS 8.1 ldif and CS 9.1 ldif files to one file omega_beta.ldif

9. /usr/lib64/dirsrv/slapd-<kra-db-instance>/ldif2db -n ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra -i /export/pki/omega_beta.ldif

10. copied omega_beta.ldif to the CS 9.1 machine

Did the following on CS 9.1 machine

[root@ipaqavmf pki]# /usr/lib64/dirsrv/slapd-pki-kra/ldif2db -n ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra -i /export/pki/omega_beta.ldif 
importing data ...
[18/Aug/2016:10:24:23.399401449 -0400] ldbm_usn_init - backend: ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra
[18/Aug/2016:10:24:23.403638591 -0400] ldbm_usn_init - backend: userRoot
[18/Aug/2016:10:24:23.405448668 -0400] All database threads now stopped
[18/Aug/2016:10:24:23.411916711 -0400] WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database
[18/Aug/2016:10:24:23.414429492 -0400] check_and_set_import_cache: pagesize: 4096, pages: 458629, procpages: 3381
[18/Aug/2016:10:24:23.416459150 -0400] Import allocates 195332KB import cache.
[18/Aug/2016:10:24:23.480704361 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.482684009 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.484825406 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.487376488 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.489318001 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.492731082 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.495071467 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.497175816 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.499415532 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.501654159 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.503440781 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.505327349 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.507252669 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.509168179 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.510942769 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.513041329 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.515166048 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.517307568 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.519226402 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.521165969 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.523079307 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.525044690 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.526993442 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.528987614 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.531017608 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.533052163 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.534894484 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.536852965 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.538808458 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.540689856 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.542564222 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.544403347 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.546274480 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.548167791 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.550095952 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.552073969 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.553930730 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.555855516 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.557987889 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.561910924 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Beginning import job...
[18/Aug/2016:10:24:23.564055051 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Index buffering enabled with bucket size 65
[18/Aug/2016:10:24:23.766284818 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Processing file "/export/pki/omega_beta.ldif"
[18/Aug/2016:10:24:23.775832383 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Finished scanning file "/export/pki/omega_beta.ldif" (27 entries)
[18/Aug/2016:10:24:24.275820794 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Workers finished; cleaning up...
[18/Aug/2016:10:24:24.478373355 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Workers cleaned up.
[18/Aug/2016:10:24:24.480555844 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Cleaning up producer thread...
[18/Aug/2016:10:24:24.482403663 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Indexing complete.  Post-processing...
[18/Aug/2016:10:24:24.484147392 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Generating numsubordinates (this may take several minutes to complete)...
[18/Aug/2016:10:24:24.490274245 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Generating numSubordinates complete.
[18/Aug/2016:10:24:24.492770941 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Gathering ancestorid non-leaf IDs...
[18/Aug/2016:10:24:24.495011356 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Finished gathering ancestorid non-leaf IDs.
[18/Aug/2016:10:24:24.501206789 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Creating ancestorid index (new idl)...
[18/Aug/2016:10:24:24.503626623 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Created ancestorid index (new idl).
[18/Aug/2016:10:24:24.505604398 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Flushing caches...
[18/Aug/2016:10:24:24.507513839 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Closing files...
[18/Aug/2016:10:24:24.590512614 -0400] All database threads now stopped
[18/Aug/2016:10:24:24.592840947 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Import complete.  Processed 27 entries in 1 seconds. (27.00 entries/sec)

KRA on the CS9.1 machine had the information of the key archival requests from the CS 8.1.6 KRA instance.
Comment 12 errata-xmlrpc 2016-11-04 01:22:56 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2396.html

Note You need to log in before you can comment on or make changes to this bug.