1305622 – Rename DRMTool --> KRATool

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1305622 - Rename DRMTool --> KRATool

Summary: Rename DRMTool --> KRATool

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	pki-core
Sub Component:
Version:	7.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	unspecified
Target Milestone:	rc
Target Release:	7.3
Assignee:	Matthew Harmsen
QA Contact:	Asha Akkiangady
Docs Contact:	Aneta Šteflová Petrová
URL:
Whiteboard:
Depends On:
Blocks:	1373536
TreeView+	depends on / blocked

Reported:	2016-02-08 18:31 UTC by Matthew Harmsen
Modified:	2020-10-04 21:05 UTC (History)
CC List:	3 users (show)
Fixed In Version:	pki-core-10.3.1-1.el7
Doc Type:	Release Note
Doc Text:	DRMTool renamed to KRATool The Data Recovery Manager (DRM) component of Certificate System (CS) is now called Key Recovery Authority (KRA). For consistency with this change, this update renames the DRMTool utility to KRATool. Note that to ease the transition, compatibility symbolic links are provided. The links help ensure that, for example, scripts referencing DRMTool continue working.
Clone Of:
Clones:	1373536 (view as bug list)
Environment:
Last Closed:	2016-11-04 05:22:56 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	dogtagpki pki issues 2314	0	None	None	None	2020-10-04 21:05:24 UTC
Red Hat Product Errata	RHBA-2016:2396	0	normal	SHIPPED_LIVE	pki-core bug fix and enhancement update	2016-11-03 13:55:03 UTC

Description Matthew Harmsen 2016-02-08 18:31:30 UTC

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/pki/ticket/1850

Per discussions documented in [https://fedorahosted.org/pki/ticket/1099 PKI TRAC Ticket #1099 Rename "DRM/Drm/drm/Data Recovery Manager" ==> "KRA/Kra/kra/Key Recovery Authority"] regarding breaking it up into smaller tickets, this ticket is specific to renaming the '''DRMTool''' to '''KRATool'''.

This particular enhancement needs to be addressed sooner rather than later to coincide with documentation changes which have already been made and released:

* [https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/9/html/Command-Line_Tools_Guide/index.html RHCS 9 Command-Line Tools Guide]

Comment 2 Matthew Harmsen 2016-02-12 01:44:04 UTC

Checked into 'master':

commit 0278fe33e3d49b2a994eeec4b9b18a0c4353f69e Author: Matthew Harmsen <mharmsen> Date: Thu Feb 11 15:01:07 2016 -0700

    PKI TRAC Ticket #1850 - Rename DRMTool --> KRATool (spec file)

commit 0ea3afcca4d214a4054ef10ee76e4e97365928dc Author: Matthew Harmsen <mharmsen> Date: Thu Feb 11 14:59:50 2016 -0700

    PKI TRAC Ticket #1850 - Rename DRMTool --> KRATool

Comment 3 Mike McCune 2016-03-28 23:05:20 UTC

This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions

Comment 8 Roshni 2016-08-18 15:24:18 UTC

[root@ipaqavmf pki]# rpm -qi pki-kra
Name        : pki-kra
Version     : 10.3.3
Release     : 5.el7
Architecture: noarch
Install Date: Sun 14 Aug 2016 05:10:44 PM EDT
Group       : System Environment/Daemons
Size        : 548279
License     : GPLv2
Signature   : RSA/SHA256, Thu 11 Aug 2016 02:01:16 AM EDT, Key ID 938a80caf21541eb
Source RPM  : pki-core-10.3.3-5.el7.src.rpm
Build Date  : Tue 09 Aug 2016 07:47:56 AM EDT
Build Host  : ppc-021.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - Key Recovery Authority

Verification steps:

Scenario 1:

1. 2 CA and KRA were instances configured with CS 9.1 packages
2. certutil -L -d /var/lib/pki/pki-kra1/alias/ -n "storageCert cert-pki-kra1 KRA" -a > /export/drmtooltestdata/pki1/kra1-storage.cert
3. /usr/lib64/dirsrv/slapd-dir1/db2ldif -n "pki-kra1-KRA" -a /export/drmtooltestdata/pki1/kra1-dbconfig.ldif
4. cp /var/lib/pki-kra1-sep6/alias/*.db /export/drmtooltestdata/pki1
5. certutil -L -d /var/lib/pki/pki-kra2/alias/ -n "storageCert cert-pki-kra2 KRA" -a > /export/drmtooltestdata/pki2/kra2-storage.cert
6. cp /export/drmtooltestdata/pki2/kra2-storage.cert /export/drmtooltestdata/pki1
7. KRATool                                                                      \
    -drmtool_config_file "/usr/share/pki/java-tools/KRATool.cfg"                      \
    -source_ldif_file "/export/drmtooltestdata/pki1/kra1-dbconfig.ldif"               \
    -target_ldif_file "/export/drmtooltestdata/pki1/kra1tokra2-combined.ldif"         \
    -log_file "/export/drmtooltestdata//drmtool.log"                                  \
    -source_pki_security_database_path "/export/drmtooltestdata/pki1/"                \
    -source_storage_token_name "Internal Key Storage Token"                           \
    -source_storage_certificate_nickname "storageCert cert-pki-kra1 KRA"             \
    -target_storage_certificate_file "/export/drmtooltestdata/pki1/kra2-storage.cert" \
    -append_id_offset 100000000000                                                    \
    -source_drm_naming_context "pki-kra1-KRA"           \
    -target_drm_naming_context "pki-kra2-KRA"           \
    -process_requests_and_key_records_only

8. /usr/lib64/dirsrv/slapd-dir2/db2ldif -n pki-kra2-KRA -a /export/drmtooltestdata/pki2/kra2-dbconfig.ldif

9. cat kra2-storage.cert ../pki1/kra1tokra2-combined.ldif > kra2.ldif 

10. shutdown pki and dirsrv instances

11. /usr/lib64/dirsrv/slapd-dir2/ldif2db -n pki-kra2-KRA -i /export/drmtooltestdata/pki2/kra2.ldif 

KRA 2 should have key archival requests from KRA1 and KRA2 combined.

Scenario 2:

1. CS 9.1 machine had CA and KRA instances created with the following configs

[root@ipaqavmf ~]# cat ca.cfg 
[DEFAULT]
pki_instance_name = topology-CA
pki_token_password = Secret123
pki_admin_password = Secret123
pki_hostname = ipaqavmf.idmqe.lab.eng.bos.redhat.com
pki_security_domain_password = Secret123
pki_client_dir = /opt/topology-CA
pki_client_pkcs12_password = Secret123
pki_backup_keys = True
pki_backup_password = Secret123
pki_ds_password = Secret123
pki_ds_ldap_port = 389

[CA]
pki_import_admin_cert = False
pki_ds_hostname = ipaqavmf.idmqe.lab.eng.bos.redhat.com
pki_admin_nickname = PKI CA Administrator for Example.Org
pki_ds_base_dn=dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-ca
pki_ds_database=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-ca
[root@ipaqavmf ~]# cat kra.cfg 
[DEFAULT]
pki_instance_name = topology-KRA
pki_https_port = 21443
pki_http_port = 21080
pki_token_password = Secret123
pki_admin_password = Secret123
pki_hostname = ipaqavmf.idmqe.lab.eng.bos.redhat.com
pki_security_domain_hostname = ipaqavmf.idmqe.lab.eng.bos.redhat.com
pki_security_domain_https_port = 8443
pki_security_domain_password = Secret123
pki_client_dir = /opt/topology-KRA
pki_client_pkcs12_password = Secret123
pki_backup_keys = True
pki_backup_password = Secret123
pki_ds_password = Secret123
pki_ds_ldap_port = 5389
pki_client_database_password = Secret123

[Tomcat]
pki_ajp_port = 21009
pki_tomcat_server_port = 21005

[KRA]
pki_import_admin_cert = False
pki_ds_hostname = ipaqavmf.idmqe.lab.eng.bos.redhat.com
pki_admin_nickname = PKI KRA Administrator for Example.Org
pki_ds_base_dn=dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra
pki_ds_database=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra

2. Copied the KRA storage cert (omega.cert) to the CS 8.1.6 machine.

Machine with CS 8.1.6 had the following steps done

1. CA, DRM, TKS and TPS were installed.
2. Enrolled 2 token with server-side key generation enabled, the keys of the encryption cert were archived.

3.  cd /var/lib/pki-kra/alias
cp -p cert8.db /export/pki
    cp -p key3.db /export/pki    
    cp -p secmod.db /export/pki

4. service dirsrv stop
 /usr/lib64/dirsrv/slapd-<kra-db-instance>/db2ldif -n <kra-pki-instance>-KRA -a /export/pki/beta.ldif

5. Copied the ldif of KRA (omega.cert) from the CS 9.1 machine to the CS 8.1 machine

6. DRMTool                                                         \
    -drmtool_config_file "/usr/share/pki/java-tools/DRMTool.cfg"    \
    -source_ldif_file "`pwd`/beta.ldif"                             \
    -target_ldif_file "`pwd`/beta2omega.ldif"                       \
    -log_file "`pwd`/drmtool.log"                                   \
    -source_pki_security_database_path "`pwd`"                      \
    -source_storage_token_name "Internal Key Storage Token"         \
    -source_storage_certificate_nickname "storageCert cert-pki-kra" \
    -target_storage_certificate_file "`pwd`/omega.cert"             \
    -append_id_offset 110000000000                                  \
    -source_drm_naming_context "ipaqa64vmd.idmqe.lab.eng.bos.redhat.com-pki-kra"           \
    -target_drm_naming_context "ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra"          \
    -process_requests_and_key_records_only

7. Copied the ldif created after the above command (beta2omega.ldif) to the CS9.1 machine

8. Concatenated the CS 8.1 ldif and CS 9.1 ldif files to one file omega_beta.ldif

9. /usr/lib64/dirsrv/slapd-<kra-db-instance>/ldif2db -n ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra -i /export/pki/omega_beta.ldif

10. copied omega_beta.ldif to the CS 9.1 machine

Did the following on CS 9.1 machine

[root@ipaqavmf pki]# /usr/lib64/dirsrv/slapd-pki-kra/ldif2db -n ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra -i /export/pki/omega_beta.ldif 
importing data ...
[18/Aug/2016:10:24:23.399401449 -0400] ldbm_usn_init - backend: ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra
[18/Aug/2016:10:24:23.403638591 -0400] ldbm_usn_init - backend: userRoot
[18/Aug/2016:10:24:23.405448668 -0400] All database threads now stopped
[18/Aug/2016:10:24:23.411916711 -0400] WARNING: Import is running with nsslapd-db-private-import-mem on; No other process is allowed to access the database
[18/Aug/2016:10:24:23.414429492 -0400] check_and_set_import_cache: pagesize: 4096, pages: 458629, procpages: 3381
[18/Aug/2016:10:24:23.416459150 -0400] Import allocates 195332KB import cache.
[18/Aug/2016:10:24:23.480704361 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.482684009 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.484825406 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.487376488 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.489318001 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.492731082 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.495071467 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.497175816 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.499415532 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.501654159 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.503440781 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.505327349 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.507252669 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.509168179 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.510942769 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.513041329 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.515166048 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.517307568 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.519226402 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.521165969 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.523079307 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.525044690 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.526993442 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.528987614 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.531017608 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.533052163 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.534894484 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.536852965 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.538808458 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.540689856 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.542564222 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.544403347 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.546274480 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.548167791 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.550095952 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.552073969 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.553930730 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.555855516 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.557987889 -0400] entryrdn-index - _entryrdn_index_read: Suffix "dc=ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra" not found: BDB0073 DB_NOTFOUND: No matching key/data pair found(-30988)
[18/Aug/2016:10:24:23.561910924 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Beginning import job...
[18/Aug/2016:10:24:23.564055051 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Index buffering enabled with bucket size 65
[18/Aug/2016:10:24:23.766284818 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Processing file "/export/pki/omega_beta.ldif"
[18/Aug/2016:10:24:23.775832383 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Finished scanning file "/export/pki/omega_beta.ldif" (27 entries)
[18/Aug/2016:10:24:24.275820794 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Workers finished; cleaning up...
[18/Aug/2016:10:24:24.478373355 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Workers cleaned up.
[18/Aug/2016:10:24:24.480555844 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Cleaning up producer thread...
[18/Aug/2016:10:24:24.482403663 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Indexing complete.  Post-processing...
[18/Aug/2016:10:24:24.484147392 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Generating numsubordinates (this may take several minutes to complete)...
[18/Aug/2016:10:24:24.490274245 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Generating numSubordinates complete.
[18/Aug/2016:10:24:24.492770941 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Gathering ancestorid non-leaf IDs...
[18/Aug/2016:10:24:24.495011356 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Finished gathering ancestorid non-leaf IDs.
[18/Aug/2016:10:24:24.501206789 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Creating ancestorid index (new idl)...
[18/Aug/2016:10:24:24.503626623 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Created ancestorid index (new idl).
[18/Aug/2016:10:24:24.505604398 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Flushing caches...
[18/Aug/2016:10:24:24.507513839 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Closing files...
[18/Aug/2016:10:24:24.590512614 -0400] All database threads now stopped
[18/Aug/2016:10:24:24.592840947 -0400] import ipaqavmf.idmqe.lab.eng.bos.redhat.com-pki-kra: Import complete.  Processed 27 entries in 1 seconds. (27.00 entries/sec)

KRA on the CS9.1 machine had the information of the key archival requests from the CS 8.1.6 KRA instance.

Comment 12 errata-xmlrpc 2016-11-04 05:22:56 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2396.html

Note You need to log in before you can comment on or make changes to this bug.