Bug 504030 - pkisilent not setting security domain properties when creating a clone
pkisilent not setting security domain properties when creating a clone
Status: CLOSED CURRENTRELEASE
Product: Dogtag Certificate System
Classification: Community
Component: Installation Wizard (Show other bugs)
1.1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ade Lee
Chandrasekar Kannan
:
Depends On:
Blocks: 431020 freeipa20 445047
  Show dependency treegraph
 
Reported: 2009-06-03 17:03 EDT by Rob Crittenden
Modified: 2015-01-04 18:38 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-04 16:31:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
pkisilent invocation and output (12.27 KB, text/plain)
2009-06-03 17:03 EDT, Rob Crittenden
no flags Details
patch to 8.1 branch to fix 510774, 531162, 504030, 493418 (17.86 KB, patch)
2009-12-03 10:53 EST, Ade Lee
no flags Details | Diff
patch to tip to fix 510774, 531162, 504030, 493418 (25.14 KB, patch)
2009-12-03 10:54 EST, Ade Lee
no flags Details | Diff

  None (edit)
Description Rob Crittenden 2009-06-03 17:03:20 EDT
Description of problem:

I'm doing a silent installation from within IPA. catest is the existing CA, replica4 is the clone.

sdomainName is not being populated and the security domain URL is not being parsed properly resulting in null for the port.

Version-Release number of selected component (if applicable):

SVN revision 543
Comment 1 Rob Crittenden 2009-06-03 17:03:55 EDT
Created attachment 346458 [details]
pkisilent invocation and output
Comment 2 Rob Crittenden 2009-11-06 12:14:28 EST
We determined that this was caused by one of my machines being behind a NAT and the hostname and IP address not lining up.

This case should either be handled gracefully (e.g. allowed, why does CS care what the IP address is) or a proper error message disclosed.
Comment 3 Ade Lee 2009-12-01 12:32:32 EST
On looking at the log, the problem is actually that the port was not passed in as expected from the command line.

We expect the port to be passed in as -sd_admin_port.  It isn't passed in and so the port is <null>.

Maybe it makes sense to add better error handling for command line parameter parsing.
Comment 4 Ade Lee 2009-12-03 10:53:33 EST
Created attachment 375817 [details]
patch to 8.1 branch to fix 510774, 531162, 504030, 493418
Comment 5 Ade Lee 2009-12-03 10:54:28 EST
Created attachment 375819 [details]
patch to tip to fix 510774, 531162, 504030, 493418
Comment 6 Jack Magne 2009-12-03 15:57:49 EST
Attachments id=375817 id=375819 jmagne+

With caveat of checking for an empty string in the function:
checkRequireArgs.
Comment 7 Ade Lee 2009-12-03 16:25:46 EST
Checked into tip:
[builder@dhcp231-70 silent]$  svn ci -m "fixes for BZ 510774,531162,504030, 493418"  
Sending        silent/scripts/pkisilent
Sending        silent/src/argparser/ArgParser.java
Sending        silent/src/ca/ConfigureCA.java
Sending        silent/src/common/ComCrypto.java
Sending        silent/src/drm/ConfigureDRM.java
Sending        silent/src/ocsp/ConfigureOCSP.java
Sending        silent/src/subca/ConfigureSubCA.java
Sending        silent/src/tks/ConfigureTKS.java
Sending        silent/src/tps/ConfigureTPS.java
Transmitting file data .........
Committed revision 877.

Checked into 8.1
[builder@oliver silent]$ svn ci -m "fixes for BZ 510774,531162, 504030, 493418"
Sending        silent/scripts/pkisilent
Sending        silent/src/argparser/ArgParser.java
Sending        silent/src/ca/ConfigureCA.java
Sending        silent/src/drm/ConfigureDRM.java
Sending        silent/src/ocsp/ConfigureOCSP.java
Sending        silent/src/subca/ConfigureSubCA.java
Sending        silent/src/tks/ConfigureTKS.java
Sending        silent/src/tps/ConfigureTPS.java
Transmitting file data ........
Committed revision 878.
Comment 8 Ade Lee 2009-12-03 16:42:58 EST
Note to QE/ Docs:

The problem here was that Rob forgot to include the required parameter:
-sd_admin_port.

The fix introduced here is as follows:
1. After pkisilent has parsed its command line arguments, it will check to see if any required arguments are missing.  If so, it will specify which one (the first one it encounters) is missing and exit.

2. You can always view the parameters that are required by doing
   pkisilent -help

   The parameters that are optional (in general) have the string (optional ...)
   in the description. In fact, this is the tag I look for to see if the  
   parameter is optional or not.  All parameters without this tag are required. 
   Docs should make a note of this.

So, QE should confirm that this does not break their current scripts - and that the optional parameters are in fact correct.
Comment 9 Asha Akkiangady 2010-05-17 09:52:17 EDT
The current QE scripts works fine with the pkisilent fixes. The 'pkisilent -help' specify the required and optional parameters.


Marking the bug verified.

Note You need to log in before you can comment on or make changes to this bug.