Hide Forgot
The changes have been backported (to 10.5) through PR: https://github.com/dogtagpki/pki/pull/93 10_5 branch: ============ The commit that fixes this specific bug: https://github.com/dogtagpki/pki/commit/c6c6757b4c566d10d25fe220fa9f59539c7a55ee This commit ensures that pkispawn reuses the same log dir (if exist) instead of throwing name space collision error
This bug can be verified while testing: https://bugzilla.redhat.com/show_bug.cgi?id=1372056 Verification steps provided for QE: 1. Install a subsystem using pkispawn 2. `tree /var/log/pki/` # note the tree structure 3. Run `pkidestroy -s <subsystem> -i <instance>` 4. `tree /var/log/pki/` # the tree should match #2 5. Install the subsystem again No error should be thrown. Also, you can do `tail -f /var/log/pki/<instance>/<subsystem>/<corresponding debug file>` while executing the above steps to see that new logs are appended to existing log files.
1. namespace collision error is not displayed when pkispawn is run. 2. Reinstall using pkispawn appends the existing log file. Verified on RHEL7.7 [root@pki1 pki]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.7 Beta (Maipo) pki-ca-10.5.16-2.el7.noarch pki-kra-10.5.16-2.el7.noarch pki-base-10.5.16-2.el7.noarch 389-ds-base-1.3.9.1-8.el7.x86_64 #pkispawn -s CA -f /root/config2/ca.cfg [root@pki1 ~]# pkidaemon status Status for topology-01-CA: topology-01-CA is running .. [CA Status Definitions] Unsecure URL = http://pki1.example.com:8080/ca/ee/ca Secure Agent URL = https://pki1.example.com:8443/ca/agent/ca Secure EE URL = https://pki1.example.com:8443/ca/ee/ca Secure Admin URL = https://pki1.example.com:8443/ca/services PKI Console Command = pkiconsole https://pki1.example.com:8443/ca Tomcat Port = 8005 (for shutdown) [root@pki1 ~]# tree /var/log/pki/ /var/log/pki/ 8 directories, 39 files [root@pki1 ~]# pkidestroy -s CA -i topology-01-CA Log file: /var/log/pki/pki-ca-destroy.20190612044525.log Loading deployment configuration from /var/lib/pki/topology-01-CA/ca/registry/ca/deployment.cfg. WARNING: The 'pki_pin' in [DEFAULT] has been deprecated. Use 'pki_server_database_password' instead. Uninstalling CA from /var/lib/pki/topology-01-CA. pkidestroy : WARNING ....... Directory '/etc/pki/topology-01-CA/alias' is either missing or is NOT a directory! Uninstallation complete. [root@pki1 ~]# tree /var/log/pki/ 8 directories, 44 files [root@pki1 ~]# pkispawn -s CA -f /root/config2/ca.cfg Log file: /var/log/pki/pki-ca-spawn.20190612044614.log Loading deployment configuration from /root/config2/ca.cfg. Installing CA into /var/lib/pki/topology-01-CA. Storing deployment configuration into /etc/sysconfig/pki/tomcat/topology-01-CA/ca/deployment.cfg. Notice: Trust flag u is set automatically if the private key is present. ========================================================================== INSTALLATION SUMMARY ========================================================================== Administrator's username: caadmin Administrator's PKCS #12 file: /opt/topology-01-CA/ca_admin_cert.p12 To check the status of the subsystem: systemctl status pki-tomcatd@topology-01-CA.service To restart the subsystem: systemctl restart pki-tomcatd@topology-01-CA.service The URL for the subsystem is: https://pki1.example.com:8443/ca PKI instances will be enabled upon system boot
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2228