| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2196 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
| |
|
|
|
|
| |
server to come up when selinux disabled
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2148 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
| |
|
|
|
|
| |
server to come up when selinux disabled
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2146 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
| |
|
|
| |
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2127 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
| |
|
|
| |
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1861 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
| |
|
|
|
|
|
| |
Bugzilla Bug #675179 - ipactl restart : an annoy output line
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1821 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
| |
|
|
|
|
|
| |
instances
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1816 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
| |
|
|
| |
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1809 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
| |
|
|
| |
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1807 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During testing with Ade several issues were discovered which needed
fixing, these included:
Remove connectionTimeout on JSS connectors in the server.xml files due
to JSS bug. We will reenable the timeouts when JSS is fixed.
pki_apache_initscript had chmod & chown wrapped in an echo command
which prevented them from executing, an artifact inadverantly left in
the file during a debug session. The role parameter to runcon which
had been added to facilitate test/debug was removed.
The logfile variables shared between pkicommon, pkicreate and
pkiremove were awkward and resulted in warnings about the use of
uninitialized variables in some circumstances. Some functions were
tweaked and some variables removed to enforce better data hiding and
eliminate the warnings with respect to the logfile.
If the pkicreate script aborted before it completed it would fail to
write the installation manifest which made it impossible to remove the
partial installation via pkiremove. A hander was added so it would run
if Perl executed a "die" (e.g. aborted). The handler writes the
manifest before final exit. The subroutine used to write the manifest
was bullet proofed to avoid referencing uninitialized variables in the
case of non-normal exit.
The copy_directory() subroutine failed to preserve symbolic links in
the source, instead it traversed the source link and copied the target
of the link. copy_directory() and it's support routines were enhanced
to preserve symbolic links. A new subrotine copy_symlink() was added.
pkicreate failed to create a symbolic link to the symkey.jar file, it
now creates the link to symkey.jar.
The passwords written into the two password files were not terminated
with a newline character, now they are.
pkiremove would enter an infinate loop if the -force option was
specified, this is now fixed.
The tomcat6.conf file had been inadvertantly omitted from the tks
subsystem.
References to the deprecated apachectl file were expunged.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1577 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
| |
|
|
| |
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1575 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Earlier in the patch series a change was introduced with respect to
the initscripts. A per instance initscript was created in /etc/init.d
for each instance. This was simply a symlink to the tomcat6 initscript
(using the instance name). The uber initscript, pki-cad, would iterate over
the installed instances and invoke the per instance initscript.
However during the review process it was pointed out that when
removing (erasing) an rpm the per instance initscripts would not be
removed because they are not in the rpm file manifest. This would
leave dangling initscripts. Also it was felt the per instance
initscript in /etc/init.d was confusing when combined with the uber
initscript.
This patch moves the per instance initscript from /etc/init.d to the
instance directory. It retains the same name (i.e. the instance
name). Now instead of the the uber initscript invoking the per
instance initscript in /etc/init.d via the service command it instead
directly invokes initscript in the instance directory.
This patch also fixes a bug discovered from reading the shell code
invoked by the uber initscript (in the pki "functions" library). The
test to determine if a supplied instance name was vaid was
incorrect. The code did this:
if [ "${PKI_REGISTRY}/${pki_instance}" != "${PKI_REGISTRY_ENTRIES}" ]
however $PKI_REGISTRY_ENTRIES is a space separated list of all
registry instance files, thus the test only succeeds if there is a
single instance. The test was modified to iterate over the all the
entries in $PKI_REGISTRY_ENTRIES.
This patch also fixed the list_intances() function to list only the
instance name, not the full path the to instance configuration
file. We also replaced the use of /bin/ls with a shell glob.
This patch also moves some variables which had been identically
defined in both pkicreate and pkiremove into the pkicommon library for
consistency and maintenance sake.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1572 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
| |
|
|
|
|
|
|
| |
The pkicomplete script is no longer needed, remove all vestiges of
it's existence.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1551 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The initscripts for pki-* were significantly simplified. All logic
related to managing the tomcat instance was completely eliminated!
This is because we now use the unmodified tomcat6 initscript which
ships with the tomcat6 package completely freeing us of having to know
how to manage a tomcat instance. We simply defer to the definitive
source, the tomcat6 package.
This eliminated half the code in script, reducing it from 1831 lines
to 885 lines!
What remained was essentially the "pki registry" management, how we
record what pki instances have been created on the system. There was
also code to extract information from config files, this is used when
reporting instance status.
The registry management logic had been almost identically copied into
the other KRC, OCSP & TKS initscrips. Copying complex code into
multiple places is not good software engineering, rather the code
should be defined in one location and then referenced. To this end the
common shell code for the shared initscripts was isolated in a common
file, pki/base/common/scripts/functions in our source tree and
installed as /usr/share/pki/scripts/functions. The functions file is
now 812 lines of code and shared amongst pki components. The shell
code in functions was also made more robust, formerly it would try to
extract string data out of files by using exact strings and string
character counts, this varied slightly by each component. Now it just
uses sed and regular expressions and won't break if someone adds a
character to line in one of the files.
With the pki registry logic isolated in a common file and by using the
installed tomcat initscript we've now reduced the size of the
initscript from 1,831 lines to a mere 73 lines! Just 4% of it's former
size and in the process greatly increased robustness and
maintainability.
Each instance in the pki registry is defined by a configuration
file. Formerly that file was created by the function
construct_pki_instance_registry() in pkicreate. Although the purpose
of construct_pki_instance_registry() is to write out a simple shell
script it's implmentation was completly incomprehensible and
unreadable. Since the resulting file is basically the same for
different instances and subsytems and varies only by a minor amount of
parametrization it a perfect candidate for a template file. We've now
added a new template file base/*/setup/registry_instance which is easy
to read and is processed by the exact same templating system which
many of the other files are processed by. Also, formerly the registry
instance file had shell logic it which is no longer necessary and has
been removed. What we've ended up with is essentially just a set of
shell variables (e.g. key/value pairs).
Now the pki-* initscripts essentially just iterate over the instances
located in the registry and invoke the initscript for the instance
(which is ultimately just the standard tomcat6 initscript). This gives
us yet another significant advantage. You can now control an instance
using the normal "service" commands, there is no need to use the pki-*
uber initscript to control instances. You can still do that if you
wish, but now you can do the more obvious and natural service command
on anything appearing in /etc/init.d. You can still use the pki-* uber
initscripts to manage all instances of a subsystem if that makes more
sense, but given there is likely to only be one instance of a
subsystem installed on a machine being able to manage it directly and
not needing to use an uber initscript to iterate a single instance
yields something which is easier and more obvious to system
administrators.
The previous patch, "tomcat6_initscript", which updated the initscript
logic discussed how a tomcat instance configuration file is installed
in /etc/sysconfig under the instance name. Unfortunately that patch
omitted the generation of that file which is generated using our
templating facility. The source file
pki/base/*/shared/conf/tomcat6.conf and replaces the previous
tomcat5.conf file. For example if we are creating a pki-ca instance
the file /usr/share/pki/ca/conf/tomcat6.conf will have substitutions
performed on it and then it will be installed as
/etc/sysconfig/pki-ca, which will be "sourced" by the standard tomcat6
initscript to parametrize the tomcat instance. This logically belonged
in the previous "tomcat6_initscript" patch, but since this patch is
also about initscript modifications it seems reasonable to include in
the patch instead.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1549 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
| |
|
|
| |
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@812 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
|
|
System (RHCS) 7.3.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
|
