After performing the following tasks, the process restart seemed to have wiped the content of the CS.cfg:
1) cp /etc/pki/pki-district/server.xml /etc/pki/pki-district/server.xml.orig 2) modify the content with the following data: ORIGINAL <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> MODIFIED
<Realm className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldap://OURSERVER:389" userPattern="uid={0},o=ca" roleBase="ou=groups,o=ca" roleName="cn" roleSearch="(uniqueMember={0})" />
3) cp /var/lib/pki/pki-district/webapps/ca/WEB-INF/web.xml /var/lib/pki/pki-district/webapps/ca/WEB-INF/web.xml.orig 4) modify the content with the following data: ORIGINAL <login-config> <realm-name>Certificate Authority</realm-name> </login-config>
<security-role> <role-name>*</role-name> </security-role>
MODIFIED
<login-config> <auth-method>BASIC</auth-method> <realm-name>PKI Certificate Authority</realm-name> </login-config>
<security-constraint> <web-resource-collection> <web-resource-name>EE Services</web-resource-name> <url-pattern>/ee/ca/</url-pattern> </web-resource-collection> <auth-constraint> <role-name></role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
5) Restarted the service: systemctl restart pki-tomcatd.target & systemctl restart pki-tomcatd@pki-district.services
After performing the restarted, I started getting an HTTP 500 within the subsystem's admin and EE pages.
Turns out, the CS.cfg was wiped, it is completely empty. I'm attaching the catalina.out FYI.
The original catalina.out, prior to a clean restart of dir and ca services, and the new catalina.out created after performing a dir and ca services restart. catalina.out.zip
Applied patch to not write to CS.cfg on startup/shutdown:
To ssh://vakwetu@git.fedorahosted.org/git/pki.git 9d70b93..05ff18e master -> master
To ssh://vakwetu@git.fedorahosted.org/git/pki.git 0beaa10..265f790 DOGTAG_10_0_BRANCH -> DOGTAG_10_0_BRANCH
Metadata Update from @pbbunny: - Issue assigned to vakwetu - Issue set to the milestone: 10.0.5
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1283
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.