#2313 Deletion and again creation of client directory by subsystems.
Closed: migrated 3 years ago by dmoluguw. Opened 7 years ago by akahat@redhat.com.

If pki_clien_dir=/opt/rhqa_pki is specified in two subsystem's configuration
files consider CA and KRA, then it CA installation will create it and stores
certificates in it. Again KRA installation on same system then it delete
directory and again create it.

Result is subsystem installer does not found directory and certificate.

Error generated at the time of OCSP installation :

Error Message: [Errno 2] No such file or directory:
'/opt/rhqa_pki/ca_admin.cert'

Steps to Reproduce:

1. Insert "pki_clien_dir=/opt/rhqa_pki" in ca.inf file and run it.
2. /opt/rhqa_pki directory will be crated and certificates are stored in this
directory.
3. Insert "pki_clien_dir=/opt/rhqa_pki" in kra.inf file and run it. It remove
the previously created directory and again create it. Result loss of CA
certificates.

Actual results:

CA installation creates it and KRA installation delete it and again create it.

Expected results:

Expected that two subsystem share same directory without deletion.

Per Bug Triage of 05/03/2016: 10.3.2

PKI TRAC Ticket #2313 - Deletion and again creation of client directory by subsystems. has been marked as a duplicate of this ticket.

I attempted this and had no issues. Looking at the code, I'm not sure how an issue would occur because the directory is only deleted when the instance is destroyed. Also, subsystem specific files are installed in subsystem specific sub directories.

Here is what I used for my config file (for both ca and kra):

[DEFAULT]
pki_admin_password=redhat123
pki_client_pkcs12_password=redhat123
pki_ds_password=redhat123
pki_instance_name=pki-tomcat51
pki_https_port=8513
pki_http_port=8510
pki_ds_ldap_port=55389
pki_ajp_port=8519
pki_tomcat_server_port=8515
pki_security_domain_password=redhat123
pki_ca_port=8513
pki_issuing_ca_https_port=8513
pki_security_domain_https_port=8513
pki_client_dir=/opt/test_pki
pki_client_database_password=redhat123

Please provide config files which shows this bug.

Replying to [ticket:2313 akahat@…]:

If pki_clien_dir=/opt/rhqa_pki is specified in two subsystem's configuration
files consider CA and KRA, then it CA installation will create it and stores
certificates in it. Again KRA installation on same system then it delete
directory and again create it.

Result is subsystem installer does not found directory and certificate.

Error generated at the time of OCSP installation :

Error Message: [Errno 2] No such file or directory:
'/opt/rhqa_pki/ca_admin.cert'

Steps to Reproduce:
1. Insert "pki_clien_dir=/opt/rhqa_pki" in ca.inf file and run it. 2. /opt/rhqa_pki directory will be crated and certificates are stored in this directory. 3. Insert "pki_clien_dir=/opt/rhqa_pki" in kra.inf file and run it. It remove the previously created directory and again create it. Result loss of CA certificates.

Actual results:
CA installation creates it and KRA installation delete it and again create it.

Expected results:
Expected that two subsystem share same directory without deletion.

Your problem wasn't a "typo" was it? I noticed that you used "pki_clien_dir" instead of "pki_client_dir" and want to make sure that it is not just a typo in the bug/ticket?

Per Offline Triage of 11/30/2016-12/01/2016: 10.4 - major

NOTE: This bug was downgraded from critical as it could not be reproduced -- possible typo?

Metadata Update from @akahat@redhat.com:
- Issue set to the milestone: 10.4

7 years ago

Per CS/DS Meeting of August 7, 2017, it was determined to move this issue from 10.4 ==> FUTURE.

Metadata Update from @mharmsen:
- Custom field feature adjusted to None
- Custom field proposedmilestone adjusted to None
- Custom field proposedpriority adjusted to None
- Custom field reviewer adjusted to None
- Custom field version adjusted to None
- Issue close_status updated to: None
- Issue set to the milestone: FUTURE (was: 10.4)

6 years ago

Metadata Update from @mharmsen:
- Issue set to the milestone: 10.5 (was: FUTURE)

6 years ago

[20171025] - Offline Triage ==> 10.6

Metadata Update from @mharmsen:
- Issue set to the milestone: 10.6 (was: 10.5)

6 years ago

Per 10.5.x/10.6 Triage: 10.6

mharmsen: according to the bug, akahat saw this on earlier versions, but vakwetu could not reproduce

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2433

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.

Metadata