Clone CA: pkispawn does not throw an error when master CA has serialCloneTransferNumber=0 set
Steps to Reproduce:
1. pkispawn master CA 2. Edit the CS.cfg beginSerialNumber=1 endSerialNumber=100000 cloneTansferNumber=0
Actual results:
pkispawn does not throw any error Debug log has the following error message [05/Aug/2015:16:53:36][localhost-startStop-1]: masterConn is connected: true [05/Aug/2015:16:53:36][localhost-startStop-1]: getConn: conn is connected true [05/Aug/2015:16:53:36][localhost-startStop-1]: getConn: mNumConns now 2 [05/Aug/2015:16:53:36][localhost-startStop-1]: DBSubsystem: getNextRange Next range has been added: 10000001 - 20000000 [05/Aug/2015:16:53:36][localhost-startStop-1]: Releasing ldap connection [05/Aug/2015:16:53:36][localhost-startStop-1]: returnConn: mNumConns now 3 [05/Aug/2015:16:53:36][localhost-startStop-1]: nNextMinSerialNo has been set to 10000001 [05/Aug/2015:16:53:36][localhost-startStop-1]: DBSubsystem: Setting next min requests number: 10000001 [05/Aug/2015:16:53:36][localhost-startStop-1]: DBSubsystem: Setting next max requests number: 20000000 [05/Aug/2015:16:53:36][localhost-startStop-1]: Checking for a range conflict [05/Aug/2015:16:53:36][localhost-startStop-1]: In LdapBoundConnFactory::getConn() [05/Aug/2015:16:53:36][localhost-startStop-1]: masterConn is connected: true [05/Aug/2015:16:53:36][localhost-startStop-1]: getConn: conn is connected true [05/Aug/2015:16:53:36][localhost-startStop-1]: getConn: mNumConns now 2 [05/Aug/2015:16:53:36][localhost-startStop-1]: Releasing ldap connection [05/Aug/2015:16:53:36][localhost-startStop-1]: returnConn: mNumConns now 3 [05/Aug/2015:16:53:36][localhost-startStop-1]: CMSEngine: checking certificate serial number ranges [05/Aug/2015:16:53:36][localhost-startStop-1]: In LdapBoundConnFactory::getConn() [05/Aug/2015:16:53:36][localhost-startStop-1]: masterConn is connected: true [05/Aug/2015:16:53:36][localhost-startStop-1]: getConn: conn is connected true [05/Aug/2015:16:53:36][localhost-startStop-1]: getConn: mNumConns now 2 [05/Aug/2015:16:53:36][localhost-startStop-1]: Repository: getSerialNumber() [05/Aug/2015:16:53:37][localhost-startStop-1]: returnConn: mNumConns now 3 [05/Aug/2015:16:53:37][localhost-startStop-1]: Repository: getSerialNumber serial=1 [05/Aug/2015:16:53:37][localhost-startStop-1]: Repository:setSerialNumber 2 [05/Aug/2015:16:53:37][localhost-startStop-1]: Repository: in InitCache [05/Aug/2015:16:53:37][localhost-startStop-1]: Repository: Instance of Certificate Repository. [05/Aug/2015:16:53:37][localhost-startStop-1]: Repository: minSerial:101 maxSerial: 100 [05/Aug/2015:16:53:37][localhost-startStop-1]: Repository: nextMinSerial: nextMaxSerial: [05/Aug/2015:16:53:37][localhost-startStop-1]: Repository: increment:10000000 lowWaterMark: 2000000 [05/Aug/2015:16:53:37][localhost-startStop-1]: CertificateRepository: in getLastSerialNumberInRange: low 257 high 256 Error in obtaining the last serial number in the repository! at com.netscape.cmscore.dbs.Repository.initCache(Repository.java:323) at com.netscape.cmscore.dbs.Repository.checkRanges(Repository.java:475) at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1272) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1197) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1087) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardConte xt.java:5210) at org.apache.catalina.core.StandardContext.startInternal(StandardConte xt.java:5493) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(Contai nerBase.java:156) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(Contai nerBase.java:145) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:632) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:672) at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConf ig.java:1862) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) at java.util.concurrent.FutureTask.run(FutureTask.java:262) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) [05/Aug/2015:16:53:37][localhost-startStop-1]: CMSEngine.shutdown() [05/Aug/2015:16:53:37][localhost-startStop-1]: Destroying LdapBoundConnFactory(DirAclAuthz) [05/Aug/2015:16:53:37][localhost-startStop-1]: Destroying LdapBoundConnFactory(PasswdUserDBAuthentication) [05/Aug/2015:16:53:37][localhost-startStop-1]: Destroying LdapAnonConnFactory(PasswdUserDBAuthentication) [05/Aug/2015:16:53:37][localhost-startStop-1]: disconnecting connection 0
Expected results:
pkispawn should throw an error
Per CS/DS meeting of 08/10/2015 - 10.3 is zero a valid value?
Bugzilla Bug #1252173 was filed to document this as a known issue in the release notes.
Per Bug Triage of 05/05/2016: 10.4
NOTE: (corner case)
Per Offline Triage of 11/30/2016-12/01/2016: FUTURE - minor
Metadata Update from @mharmsen: - Issue set to the milestone: FUTURE
Metadata Update from @mharmsen: - Custom field feature adjusted to None - Custom field lowhangingfruit adjusted to vakwetu: X - Custom field proposedmilestone adjusted to None - Custom field proposedpriority adjusted to None - Custom field reviewer adjusted to None - Custom field version adjusted to None - Issue close_status updated to: None
Per 10.5.x/10.6 Triage: FUTURE
RHBZ: CLOSED UPSTREAM
Metadata Update from @mharmsen: - Custom field rhbz reset (from https://bugzilla.redhat.com/show_bug.cgi?id=1250741)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2104
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.