504030 – pkisilent not setting security domain properties when creating a clone

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 504030 - pkisilent not setting security domain properties when creating a clone

Summary: pkisilent not setting security domain properties when creating a clone

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Dogtag Certificate System
Classification:	Retired
Component:	Installation Wizard
Sub Component:
Version:	1.1
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Ade Lee
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	431020 freeipa20 445047
TreeView+	depends on / blocked

Reported:	2009-06-03 21:03 UTC by Rob Crittenden
Modified:	2015-01-04 23:38 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2012-06-04 20:31:15 UTC
Embargoed:

Attachments	(Terms of Use)
pkisilent invocation and output (deleted) 2009-06-03 21:03 UTC, Rob Crittenden	no flags	Details
patch to 8.1 branch to fix 510774, 531162, 504030, 493418 (deleted) 2009-12-03 15:53 UTC, Ade Lee	no flags	Details \| Diff
patch to tip to fix 510774, 531162, 504030, 493418 (deleted) 2009-12-03 15:54 UTC, Ade Lee	no flags	Details \| Diff
View All

Description Rob Crittenden 2009-06-03 21:03:20 UTC

Description of problem:

I'm doing a silent installation from within IPA. catest is the existing CA, replica4 is the clone.

sdomainName is not being populated and the security domain URL is not being parsed properly resulting in null for the port.

Version-Release number of selected component (if applicable):

SVN revision 543

Comment 1 Rob Crittenden 2009-06-03 21:03:55 UTC

Created attachment 346458 [details]
pkisilent invocation and output

Comment 2 Rob Crittenden 2009-11-06 17:14:28 UTC

We determined that this was caused by one of my machines being behind a NAT and the hostname and IP address not lining up.

This case should either be handled gracefully (e.g. allowed, why does CS care what the IP address is) or a proper error message disclosed.

Comment 3 Ade Lee 2009-12-01 17:32:32 UTC

On looking at the log, the problem is actually that the port was not passed in as expected from the command line.

We expect the port to be passed in as -sd_admin_port.  It isn't passed in and so the port is <null>.

Maybe it makes sense to add better error handling for command line parameter parsing.

Comment 4 Ade Lee 2009-12-03 15:53:33 UTC

Created attachment 375817 [details]
patch to 8.1 branch to fix 510774, 531162, 504030, 493418

Comment 5 Ade Lee 2009-12-03 15:54:28 UTC

Created attachment 375819 [details]
patch to tip to fix 510774, 531162, 504030, 493418

Comment 6 Jack Magne 2009-12-03 20:57:49 UTC

Attachments id=375817 id=375819 jmagne+

With caveat of checking for an empty string in the function:
checkRequireArgs.

Comment 7 Ade Lee 2009-12-03 21:25:46 UTC

Checked into tip:
[builder@dhcp231-70 silent]$  svn ci -m "fixes for BZ 510774,531162,504030, 493418"  
Sending        silent/scripts/pkisilent
Sending        silent/src/argparser/ArgParser.java
Sending        silent/src/ca/ConfigureCA.java
Sending        silent/src/common/ComCrypto.java
Sending        silent/src/drm/ConfigureDRM.java
Sending        silent/src/ocsp/ConfigureOCSP.java
Sending        silent/src/subca/ConfigureSubCA.java
Sending        silent/src/tks/ConfigureTKS.java
Sending        silent/src/tps/ConfigureTPS.java
Transmitting file data .........
Committed revision 877.

Checked into 8.1
[builder@oliver silent]$ svn ci -m "fixes for BZ 510774,531162, 504030, 493418"
Sending        silent/scripts/pkisilent
Sending        silent/src/argparser/ArgParser.java
Sending        silent/src/ca/ConfigureCA.java
Sending        silent/src/drm/ConfigureDRM.java
Sending        silent/src/ocsp/ConfigureOCSP.java
Sending        silent/src/subca/ConfigureSubCA.java
Sending        silent/src/tks/ConfigureTKS.java
Sending        silent/src/tps/ConfigureTPS.java
Transmitting file data ........
Committed revision 878.

Comment 8 Ade Lee 2009-12-03 21:42:58 UTC

Note to QE/ Docs:

The problem here was that Rob forgot to include the required parameter:
-sd_admin_port.

The fix introduced here is as follows:
1. After pkisilent has parsed its command line arguments, it will check to see if any required arguments are missing.  If so, it will specify which one (the first one it encounters) is missing and exit.

2. You can always view the parameters that are required by doing
   pkisilent -help

   The parameters that are optional (in general) have the string (optional ...)
   in the description. In fact, this is the tag I look for to see if the  
   parameter is optional or not.  All parameters without this tag are required. 
   Docs should make a note of this.

So, QE should confirm that this does not break their current scripts - and that the optional parameters are in fact correct.

Comment 9 Asha Akkiangady 2010-05-17 13:52:17 UTC

The current QE scripts works fine with the pkisilent fixes. The 'pkisilent -help' specify the required and optional parameters.


Marking the bug verified.

Note You need to log in before you can comment on or make changes to this bug.