summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2012-10-17 16:17:54 -0400
committerAde Lee <alee@redhat.com>2012-10-18 17:30:01 -0400
commit643c089887db3369363e2b88dde19ef3a97029a2 (patch)
treebf83cb714fcf35190d8108fd71a6ae8671add303
parent8973480558c6b87c4aa6e1fdcd48b6d98c05a042 (diff)
downloadpki-643c089887db3369363e2b88dde19ef3a97029a2.tar.gz
pki-643c089887db3369363e2b88dde19ef3a97029a2.tar.xz
pki-643c089887db3369363e2b88dde19ef3a97029a2.zip
Fixes to get TPS to configure correctly
1. Reorder http.conf to actually read worker config 2. Change functions so that the TPS would restart. Before restarts would fail because the tus link already exists 3. Modify system verification test to return correctly when tests are successful
-rw-r--r--base/ra/apache/conf/httpd.conf8
-rw-r--r--base/setup/scripts/functions22
-rw-r--r--base/tps/apache/conf/httpd.conf8
-rw-r--r--base/tps/src/engine/RA.cpp2
4 files changed, 22 insertions, 18 deletions
diff --git a/base/ra/apache/conf/httpd.conf b/base/ra/apache/conf/httpd.conf
index 180c08de0..754dcebee 100644
--- a/base/ra/apache/conf/httpd.conf
+++ b/base/ra/apache/conf/httpd.conf
@@ -130,6 +130,11 @@ MaxRequestsPerChild 0
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
+
+# MPM worker module is a loadable module as of 2.4
+# Module must be loaded before the configuration stanza
+LoadModule mpm_worker_module /etc/httpd/modules/mod_mpm_worker.so
+
<IfModule worker.c>
ServerLimit 1
StartServers 1
@@ -232,9 +237,6 @@ Listen [PORT]
# LoadModule foo_module modules/mod_foo.so
#
-# MPM worker module is a loadable module as of 2.4
-LoadModule mpm_worker_module /etc/httpd/modules/mod_mpm_worker.so
-
LoadModule authz_core_module /etc/httpd/modules/mod_authz_core.so
[FORTITUDE_AUTH_MODULES]
# Module for User and Group
diff --git a/base/setup/scripts/functions b/base/setup/scripts/functions
index 308f2ca80..058022efc 100644
--- a/base/setup/scripts/functions
+++ b/base/setup/scripts/functions
@@ -897,6 +897,7 @@ verify_symlinks()
declare -A common_jar_symlinks
declare -A webapps_jar_symlinks
declare -A systemd_symlinks
+ declare -A tus_symlinks
# Dogtag 9 Conditional Variables
if [ ${ARCHITECTURE} == "x86_64" ]; then
@@ -949,6 +950,9 @@ verify_symlinks()
# '${PKI_INSTANCE_PATH}/lib' symlinks
perl_symlinks[perl]=/usr/share/pki/${PKI_SUBSYSTEM_TYPE}/lib/perl
+ # '${PKI_INSTANCE_PATH}/docroot' symlinks
+ tus_symlinks[tus]="${PKI_INSTANCE_PATH}/docroot/tokendb"
+
# '${pki_common_jar_dir}' symlinks
common_jar_symlinks=(
[apache-commons-logging.jar]=/usr/share/java/apache-commons-logging.jar
@@ -1017,20 +1021,16 @@ verify_symlinks()
fi
if [ "${PKI_SUBSYSTEM_TYPE}" == "tps" ]; then
- # ALWAYS recreate this "convenience" link and 'chown' it
- # NOTE: Ignore 'chown' errors.
- cd ${PKI_INSTANCE_PATH}/docroot ;
- ln -s tokendb tus ;
+ # Detect and correct 'tus_symlinks'
+ tus_symlinks_string=$(declare -p tus_symlinks)
+ eval "declare -A symlinks=${tus_symlinks_string#*=}"
+ check_symlinks ${PKI_INSTANCE_PATH}/docroot ${PKI_USER} ${PKI_GROUP}
rv=$?
- if [ $rv -eq 0 ]; then
- chown -h ${PKI_USER}:${PKI_GROUP} tus
- # echo "SUCCESS: Created 'tus' -> 'tokendb'"
- else
- echo "ERROR: Failed to create 'tus' -> 'tokendb' convenience"
- echo " symbolic link for '${PKI_INSTANCE_ID}'!"
- return 1
+ if [ $rv -ne 0 ]; then
+ return $rv
fi
fi
+
elif [ "${PKI_SUBSYSTEM_TYPE}" == "ca" ] ||
[ "${PKI_SUBSYSTEM_TYPE}" == "kra" ] ||
[ "${PKI_SUBSYSTEM_TYPE}" == "ocsp" ] ||
diff --git a/base/tps/apache/conf/httpd.conf b/base/tps/apache/conf/httpd.conf
index a9410849c..bf5864174 100644
--- a/base/tps/apache/conf/httpd.conf
+++ b/base/tps/apache/conf/httpd.conf
@@ -130,6 +130,11 @@ MaxRequestsPerChild 0
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
+
+# MPM worker module is a loadable module as of 2.4
+# Module must be loaded before the configuration stanza
+LoadModule mpm_worker_module /etc/httpd/modules/mod_mpm_worker.so
+
<IfModule worker.c>
ServerLimit 1
StartServers 1
@@ -232,9 +237,6 @@ Listen [PORT]
# LoadModule foo_module modules/mod_foo.so
#
-# MPM worker module is a loadable module as of 2.4
-LoadModule mpm_worker_module /etc/httpd/modules/mod_mpm_worker.so
-
LoadModule authz_core_module /etc/httpd/modules/mod_authz_core.so
[FORTITUDE_AUTH_MODULES]
# Module for User and Group
diff --git a/base/tps/src/engine/RA.cpp b/base/tps/src/engine/RA.cpp
index 436225045..82f53c161 100644
--- a/base/tps/src/engine/RA.cpp
+++ b/base/tps/src/engine/RA.cpp
@@ -3483,7 +3483,7 @@ TPS_PUBLIC bool RA::verifySystemCertByNickname(const char *nickname, const char
*/
TPS_PUBLIC bool RA::verifySystemCerts() {
bool verifyResult = false;
- bool rv = false; /* final return value */
+ bool rv = true; /* final return value */
char configname[256];
char configname_nn[256];
char configname_cu[256];