diff options
| author | Christina Fu <cfu@redhat.com> | 2015-09-30 13:55:05 +0200 |
|---|---|---|
| committer | Matthew Harmsen <mharmsen@redhat.com> | 2015-10-01 14:58:58 -0600 |
| commit | 6f971cb664dc639398ae3c9c83f8c152883c365d (patch) | |
| tree | c42f26737a92c07f094fac87dc23ff96cf870c45 /base/common/src | |
| parent | 175805ab7e115bc9b031af9b4f23d2520d33275a (diff) | |
| download | pki-6f971cb664dc639398ae3c9c83f8c152883c365d.tar.gz pki-6f971cb664dc639398ae3c9c83f8c152883c365d.tar.xz pki-6f971cb664dc639398ae3c9c83f8c152883c365d.zip | |
Ticket #1593 auto-shutdown - for HSM failover support
This is an interim solution for supporting HSM failover by automatically
shutting down the server when signing key becomes inaccessible.
At auto-shutdown, a crumb fiile will be left in the instance directory
for an external daemon to detect and restart, if necessary.
Due to limitation of the watch dog (nuxwdog) at present time,
the restart option currently only works if started with watch dog (nuxwdog),
and it will prompt for passwords on the terminals.
The restart counter is to prevent the server from going into an infinite restart
loop. Administrator will have to reset autoShutdown.restart.count to 0 when max
is reached.
(cherry picked from commit 5a9ecad9172f76ca1b94b40aedcdd49d009aceb1)
Diffstat (limited to 'base/common/src')
3 files changed, 17 insertions, 1 deletions
diff --git a/base/common/src/com/netscape/certsrv/apps/CMS.java b/base/common/src/com/netscape/certsrv/apps/CMS.java index 3ba6d7577..187b1028a 100644 --- a/base/common/src/com/netscape/certsrv/apps/CMS.java +++ b/base/common/src/com/netscape/certsrv/apps/CMS.java @@ -237,12 +237,19 @@ public final class CMS { * Shuts down subsystems in backwards order * exceptions are ignored. process exists at end to force exit. */ - public static void forceShutdown() { _engine.forceShutdown(); } + public static void autoShutdown() { + _engine.autoShutdown(); + } + + public static void checkForAndAutoShutdown() { + _engine.checkForAndAutoShutdown(); + } + /** * mode = 0 (pre-operational) * mode = 1 (running) diff --git a/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java b/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java index 57c2b6cb0..bf1d3ff61 100644 --- a/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java +++ b/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java @@ -1131,6 +1131,13 @@ public interface ICMSEngine extends ISubsystem { */ public void forceShutdown(); + /** + * graceful shutdown, same as forceShutdown, but allowing + * option to restart + */ + public void autoShutdown(); + public void checkForAndAutoShutdown(); + public IPasswordStore getPasswordStore() throws EBaseException; public ISecurityDomainSessionTable getSecurityDomainSessionTable(); diff --git a/base/common/src/com/netscape/certsrv/kra/ProofOfArchival.java b/base/common/src/com/netscape/certsrv/kra/ProofOfArchival.java index 7774ca400..3146240e7 100644 --- a/base/common/src/com/netscape/certsrv/kra/ProofOfArchival.java +++ b/base/common/src/com/netscape/certsrv/kra/ProofOfArchival.java @@ -341,6 +341,8 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { } catch (InvalidKeyException e) { throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_ENCODE_FAILED_1", e.toString())); } catch (SignatureException e) { + CMS.debug("ProofOfArchival.encodeAndSign: " + e.toString()); + CMS.checkForAndAutoShutdown(); throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_ENCODE_FAILED_1", e.toString())); } catch (IOException e) { throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_ENCODE_FAILED_1", e.toString())); |