Bug 440344 - Installation page should tell admins to use "service", not "/etc/init.d" on Linux
Summary: Installation page should tell admins to use "service", not "/etc/init.d" on L...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Dogtag Certificate System
Classification: Retired
Component: Installation Wizard
Version: unspecified
Hardware: All
OS: Linux
high
low
Target Milestone: ---
Assignee: Matthew Harmsen
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 443788
TreeView+ depends on / blocked
 
Reported: 2008-04-02 23:12 UTC by Bob Lord
Modified: 2015-01-04 23:31 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2009-07-22 23:28:07 UTC
Embargoed:


Attachments (Terms of Use)
pki/base changes (4.22 KB, patch)
2009-03-03 19:59 UTC, Matthew Harmsen
no flags Details | Diff
pki/dogtag changes (4.84 KB, patch)
2009-03-03 20:00 UTC, Matthew Harmsen
no flags Details | Diff
pkiremove diffs (892 bytes, patch)
2009-03-04 18:35 UTC, Matthew Harmsen
no flags Details | Diff
dogtag spec files (6.96 KB, patch)
2009-03-04 18:35 UTC, Matthew Harmsen
no flags Details | Diff

Description Bob Lord 2008-04-02 23:12:10 UTC
Description of problem:
When you install a new server instance, and configure it using the web-based UI,
the system finishes by printing this message in the browser window:
   Restart the server on the command line by 
   typing "/etc/init.d/pki-ca restart". After 
   performing this restart, the server should 
   become operational. 

It should probably ask the user to type:
   /sbin/service pki-ca restart

Version-Release number of selected component (if applicable):
1.0.0

How reproducible:
Always

Comment 1 Matthew Harmsen 2008-04-03 17:44:31 UTC
Before this gets changed, we must be sure that "service" exists on Solaris as well.

Comment 2 Matthew Harmsen 2008-04-11 21:29:05 UTC
Actually, the change will be to fix the velocity template to encode the proper
command.

Comment 4 Matthew Harmsen 2009-02-27 02:16:21 UTC
Raising priority of this for the following reason:

Since the introduction of "SELinux", it is no longer possible to perform a command-line start of Apache modules (e. g. - TPS & RA) if the user attempts to execute these from a non-root directory.

For example:

cd /home/larry (running as root)
/etc/init.d/pki-tps restart
Stopping pki-tps:                                          [  OK  ]
Starting pki-tps:                                          [FAILED]


The log states that the process was unable to change to the "/home/larry" directory at the end, and therefore, the process did not start.

However, performing the following succeeds:

cd /home/larry (running as root)
/sbin/service pki-tps restart
Stopping pki-tps:                                          [  OK  ]
Starting pki-tps:                                          [  OK  ]

PKI service(s) are available at https://glyph.dsdev.sjc.redhat.com:7889


NOTE:  "cd /etc/init.d" first prior to running this command will succeed
       because "/etc/init.d" is owned by root.

Since "service" does not exist on Solaris 9, the velocity templates will need
to be "changeable" programmatically.

Comment 5 Matthew Harmsen 2009-03-03 19:59:37 UTC
Created attachment 333917 [details]
pki/base changes

Comment 6 Matthew Harmsen 2009-03-03 20:00:14 UTC
Created attachment 333919 [details]
pki/dogtag changes

Comment 8 Andrew Wnuk 2009-03-03 22:00:52 UTC
attachment (id=333917)
attachment (id=333919)
+ awnuk

Comment 10 Matthew Harmsen 2009-03-03 22:09:18 UTC
% svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
M      dogtag/tps-ui/shared/docroot/tps/admin/console/config/donepanel.vm
M      dogtag/common-ui/shared/admin/console/config/donepanel.vm
M      dogtag/ra-ui/shared/docroot/ra/admin/console/config/donepanel.vm
M      base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
M      base/setup/pkicreate
M      base/ra/lib/perl/PKI/RA/DonePanel.pm
M      base/tps/lib/perl/PKI/TPS/DonePanel.pm

%svn commit
Sending        base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
Sending        base/ra/lib/perl/PKI/RA/DonePanel.pm
Sending        base/setup/pkicreate
Sending        base/tps/lib/perl/PKI/TPS/DonePanel.pm
Sending        dogtag/common-ui/shared/admin/console/config/donepanel.vm
Sending        dogtag/ra-ui/shared/docroot/ra/admin/console/config/donepanel.vm
Sending        dogtag/tps-ui/shared/docroot/tps/admin/console/config/donepanel.vm
Transmitting file data .......
Committed revision 270.

Comment 12 Matthew Harmsen 2009-03-03 22:20:11 UTC
FYI:

When not run as 'root', the following messages appear:

    /sbin/service pki-ca restart
    pki-ca: unrecognized service

    /etc/init.d/pki-ca restart
    bash: /etc/init.d/pki-ca: Permission denied

The old-style "/etc/init.d/<instance>" name was clear about the problem,
while the new "/sbin/service" is unclear.  Therefore, the "DonePanel" of
each subsystem was further enhanced with the following text:

    "As 'root', restart the server on the command line . . ."

Comment 13 Matthew Harmsen 2009-03-04 18:35:20 UTC
Created attachment 334025 [details]
pkiremove diffs

Comment 14 Matthew Harmsen 2009-03-04 18:35:55 UTC
Created attachment 334026 [details]
dogtag spec files

Comment 17 Andrew Wnuk 2009-03-04 19:01:09 UTC
attachment (id=334025)
attachment (id=334026)
+awnuk

Comment 19 Matthew Harmsen 2009-03-04 19:13:00 UTC
% svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
M      dogtag/tps-ui/dogtag-pki-tps-ui.spec
M      dogtag/common/pki-common.spec
M      dogtag/setup/pki-setup.spec
M      dogtag/ra/pki-ra.spec
M      dogtag/common-ui/dogtag-pki-common-ui.spec
M      dogtag/tps/pki-tps.spec
M      dogtag/ra-ui/dogtag-pki-ra-ui.spec
M      base/setup/pkiremove

% svn commit
Sending        base/setup/pkiremove
Sending        dogtag/common/pki-common.spec
Sending        dogtag/common-ui/dogtag-pki-common-ui.spec
Sending        dogtag/ra/pki-ra.spec
Sending        dogtag/ra-ui/dogtag-pki-ra-ui.spec
Sending        dogtag/setup/pki-setup.spec
Sending        dogtag/tps/pki-tps.spec
Sending        dogtag/tps-ui/dogtag-pki-tps-ui.spec
Transmitting file data ........
Committed revision 274.

Comment 21 Jenny Severance 2009-06-11 20:32:53 UTC
Verified.  After configuration of all subsystems:

/sbin/service pki-ca restart
/sbin/service pki-ra restart
/sbin/service pki-tks restart
/sbin/service pki-tps restart
/sbin/service pki-ocsp restart
/sbin/service pki-kra restart


Note You need to log in before you can comment on or make changes to this bug.