Bug 1644769 - pkispawn fails due to name collision with /var/log/pki/<instance>
Summary: pkispawn fails due to name collision with /var/log/pki/<instance>
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pki-core
Version: 7.7
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Dinesh Prasanth
QA Contact: Asha Akkiangady
Marc Muehlfeld
Depends On:
Blocks: 1372056 1645429
TreeView+ depends on / blocked
Reported: 2018-10-31 14:52 UTC by Dinesh Prasanth
Modified: 2019-08-06 13:07 UTC (History)
4 users (show)

Fixed In Version: pki-core-10.5.16-2.el7
Doc Type: Enhancement
Doc Text:
.Certificate System now preserves the logs of previous installations when reinstalling the service Previously, the `pkispawn` utility reported a name collision error when installing a Certificate System subsystem on a server with an existing Certificate System log directory structure. With this enhancement, Certificate System reuses the existing log directory structure to preserve logs of previous installations.
Clone Of:
: 1645429 (view as bug list)
Last Closed: 2019-08-06 13:07:19 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:2228 0 None None None 2019-08-06 13:07:40 UTC

Comment 2 Dinesh Prasanth 2018-11-01 22:38:12 UTC
The changes have been backported (to 10.5) through PR: https://github.com/dogtagpki/pki/pull/93

10_5 branch:
The commit that fixes this specific bug: https://github.com/dogtagpki/pki/commit/c6c6757b4c566d10d25fe220fa9f59539c7a55ee

This commit ensures that pkispawn reuses the same log dir (if exist) instead of throwing name space collision error

Comment 3 Dinesh Prasanth 2018-11-01 22:45:50 UTC
This bug can be verified while testing: https://bugzilla.redhat.com/show_bug.cgi?id=1372056

Verification steps provided for QE:
1. Install a subsystem using pkispawn
2. `tree /var/log/pki/` # note the tree structure
3. Run `pkidestroy -s <subsystem> -i <instance>`
4. `tree /var/log/pki/` # the tree should match #2
5. Install the subsystem again

No error should be thrown.

Also, you can do `tail -f /var/log/pki/<instance>/<subsystem>/<corresponding debug file>` while executing the above steps to see that new logs are appended to existing log files.

Comment 6 Sudhir Menon 2019-06-12 08:58:30 UTC
1. namespace collision error is not displayed when pkispawn is run.
2. Reinstall using pkispawn appends the existing log file.

Verified on RHEL7.7
[root@pki1 pki]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.7 Beta (Maipo)

#pkispawn -s CA -f /root/config2/ca.cfg
[root@pki1 ~]# pkidaemon status
Status for topology-01-CA: topology-01-CA is running ..

    [CA Status Definitions]
    Unsecure URL        = http://pki1.example.com:8080/ca/ee/ca
    Secure Agent URL    = https://pki1.example.com:8443/ca/agent/ca
    Secure EE URL       = https://pki1.example.com:8443/ca/ee/ca
    Secure Admin URL    = https://pki1.example.com:8443/ca/services
    PKI Console Command = pkiconsole https://pki1.example.com:8443/ca
    Tomcat Port         = 8005 (for shutdown)

[root@pki1 ~]# tree /var/log/pki/
8 directories, 39 files

[root@pki1 ~]# pkidestroy -s CA -i topology-01-CA
Log file: /var/log/pki/pki-ca-destroy.20190612044525.log
Loading deployment configuration from /var/lib/pki/topology-01-CA/ca/registry/ca/deployment.cfg.
WARNING: The 'pki_pin' in [DEFAULT] has been deprecated. Use 'pki_server_database_password' instead.
Uninstalling CA from /var/lib/pki/topology-01-CA.
pkidestroy  : WARNING  ....... Directory '/etc/pki/topology-01-CA/alias' is either missing or is NOT a directory!
Uninstallation complete.

[root@pki1 ~]# tree /var/log/pki/
8 directories, 44 files

[root@pki1 ~]# pkispawn -s CA -f /root/config2/ca.cfg 
Log file: /var/log/pki/pki-ca-spawn.20190612044614.log
Loading deployment configuration from /root/config2/ca.cfg.
Installing CA into /var/lib/pki/topology-01-CA.
Storing deployment configuration into /etc/sysconfig/pki/tomcat/topology-01-CA/ca/deployment.cfg.
Notice: Trust flag u is set automatically if the private key is present.
                                INSTALLATION SUMMARY
      Administrator's username:             caadmin
      Administrator's PKCS #12 file:
      To check the status of the subsystem:
           systemctl status pki-tomcatd@topology-01-CA.service
      To restart the subsystem:
           systemctl restart pki-tomcatd@topology-01-CA.service
      The URL for the subsystem is:
      PKI instances will be enabled upon system boot

Comment 8 errata-xmlrpc 2019-08-06 13:07:19 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.