#1545 Clone CA: pkispawn does not throw an error when master CA has serialCloneTransferNumber=0 set
Closed: migrated 3 years ago by dmoluguw. Opened 8 years ago by mharmsen.

Clone CA: pkispawn does not throw an error when master CA has
serialCloneTransferNumber=0 set

Steps to Reproduce:

1. pkispawn master CA
2. Edit the CS.cfg

beginSerialNumber=1
endSerialNumber=100000

cloneTansferNumber=0

Actual results:

pkispawn does not throw any error

Debug log has the following error message

[05/Aug/2015:16:53:36][localhost-startStop-1]: masterConn is connected: true
[05/Aug/2015:16:53:36][localhost-startStop-1]: getConn: conn is connected true
[05/Aug/2015:16:53:36][localhost-startStop-1]: getConn: mNumConns now 2
[05/Aug/2015:16:53:36][localhost-startStop-1]: DBSubsystem: getNextRange  Next
range has been added: 10000001 - 20000000
[05/Aug/2015:16:53:36][localhost-startStop-1]: Releasing ldap connection
[05/Aug/2015:16:53:36][localhost-startStop-1]: returnConn: mNumConns now 3
[05/Aug/2015:16:53:36][localhost-startStop-1]: nNextMinSerialNo has been set to
10000001
[05/Aug/2015:16:53:36][localhost-startStop-1]: DBSubsystem: Setting next min
requests number: 10000001
[05/Aug/2015:16:53:36][localhost-startStop-1]: DBSubsystem: Setting next max
requests number: 20000000
[05/Aug/2015:16:53:36][localhost-startStop-1]: Checking for a range conflict
[05/Aug/2015:16:53:36][localhost-startStop-1]: In
LdapBoundConnFactory::getConn()
[05/Aug/2015:16:53:36][localhost-startStop-1]: masterConn is connected: true
[05/Aug/2015:16:53:36][localhost-startStop-1]: getConn: conn is connected true
[05/Aug/2015:16:53:36][localhost-startStop-1]: getConn: mNumConns now 2
[05/Aug/2015:16:53:36][localhost-startStop-1]: Releasing ldap connection
[05/Aug/2015:16:53:36][localhost-startStop-1]: returnConn: mNumConns now 3
[05/Aug/2015:16:53:36][localhost-startStop-1]: CMSEngine: checking certificate
serial number ranges
[05/Aug/2015:16:53:36][localhost-startStop-1]: In
LdapBoundConnFactory::getConn()
[05/Aug/2015:16:53:36][localhost-startStop-1]: masterConn is connected: true
[05/Aug/2015:16:53:36][localhost-startStop-1]: getConn: conn is connected true
[05/Aug/2015:16:53:36][localhost-startStop-1]: getConn: mNumConns now 2
[05/Aug/2015:16:53:36][localhost-startStop-1]: Repository: getSerialNumber()
[05/Aug/2015:16:53:37][localhost-startStop-1]: returnConn: mNumConns now 3
[05/Aug/2015:16:53:37][localhost-startStop-1]: Repository: getSerialNumber
serial=1
[05/Aug/2015:16:53:37][localhost-startStop-1]: Repository:setSerialNumber 2
[05/Aug/2015:16:53:37][localhost-startStop-1]: Repository: in InitCache
[05/Aug/2015:16:53:37][localhost-startStop-1]: Repository: Instance of
Certificate Repository.
[05/Aug/2015:16:53:37][localhost-startStop-1]: Repository: minSerial:101
maxSerial: 100
[05/Aug/2015:16:53:37][localhost-startStop-1]: Repository: nextMinSerial:
nextMaxSerial:
[05/Aug/2015:16:53:37][localhost-startStop-1]: Repository: increment:10000000
lowWaterMark: 2000000
[05/Aug/2015:16:53:37][localhost-startStop-1]: CertificateRepository:  in
getLastSerialNumberInRange: low 257 high 256
Error in obtaining the last serial number in the repository!
        at com.netscape.cmscore.dbs.Repository.initCache(Repository.java:323)
        at com.netscape.cmscore.dbs.Repository.checkRanges(Repository.java:475)
        at
org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1272)
        at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1197)
        at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1087)
        at org.apache.catalina.core.StandardContext.loadOnStartup(StandardConte
xt.java:5210)
        at org.apache.catalina.core.StandardContext.startInternal(StandardConte
xt.java:5493)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
        at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
        at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133)
        at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(Contai
nerBase.java:156)
        at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(Contai
nerBase.java:145)
        at java.security.AccessController.doPrivileged(Native Method)
        at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875)
        at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:632)
        at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:672)
        at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConf
ig.java:1862)
        at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
        at java.util.concurrent.FutureTask.run(FutureTask.java:262)
        at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)
[05/Aug/2015:16:53:37][localhost-startStop-1]: CMSEngine.shutdown()
[05/Aug/2015:16:53:37][localhost-startStop-1]: Destroying
LdapBoundConnFactory(DirAclAuthz)
[05/Aug/2015:16:53:37][localhost-startStop-1]: Destroying
LdapBoundConnFactory(PasswdUserDBAuthentication)
[05/Aug/2015:16:53:37][localhost-startStop-1]: Destroying
LdapAnonConnFactory(PasswdUserDBAuthentication)
[05/Aug/2015:16:53:37][localhost-startStop-1]: disconnecting connection 0

Expected results:

pkispawn should throw an error

Per CS/DS meeting of 08/10/2015 - 10.3
is zero a valid value?

Bugzilla Bug #1252173 was filed to document this as a known issue in the release notes.

Per Bug Triage of 05/05/2016: 10.4

NOTE: (corner case)

Per Offline Triage of 11/30/2016-12/01/2016: FUTURE - minor

Metadata Update from @mharmsen:
- Issue set to the milestone: FUTURE

7 years ago

Metadata Update from @mharmsen:
- Custom field feature adjusted to None
- Custom field lowhangingfruit adjusted to vakwetu: X
- Custom field proposedmilestone adjusted to None
- Custom field proposedpriority adjusted to None
- Custom field reviewer adjusted to None
- Custom field version adjusted to None
- Issue close_status updated to: None

6 years ago

Per 10.5.x/10.6 Triage: FUTURE

RHBZ: CLOSED UPSTREAM

Metadata Update from @mharmsen:
- Custom field rhbz reset (from https://bugzilla.redhat.com/show_bug.cgi?id=1250741)

5 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2104

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.

Metadata