Deletion and again creation of client directory by subsystems.

[pki-bot]

This issue was migrated from Pagure Issue #2313. Originally filed by akahat@redhat.com (@amolkahat) on 2016-05-04 19:41:45:

• Assigned to nobody
• Associated bugzillas
  • https://bugzilla.redhat.com/show_bug.cgi?id=1329643

---

If pki_clien_dir=/opt/rhqa_pki is specified in two subsystem's configuration
files consider CA and KRA, then it CA installation will create it and stores
certificates in it. Again KRA installation on same system then it delete
directory and again create it.

Result is subsystem installer does not found directory and certificate.

Error generated at the time of OCSP installation :

Error Message: [Errno 2] No such file or directory:
'/opt/rhqa_pki/ca_admin.cert'

Steps to Reproduce:

1. Insert "pki_clien_dir=/opt/rhqa_pki" in ca.inf file and run it.
2. /opt/rhqa_pki directory will be crated and certificates are stored in this
directory.
3. Insert "pki_clien_dir=/opt/rhqa_pki" in kra.inf file and run it. It remove
the previously created directory and again create it. Result loss of CA
certificates.

Actual results:

CA installation creates it and KRA installation delete it and again create it.

Expected results:

Expected that two subsystem share same directory without deletion.

[pki-bot]

Comment from mharmsen (@mharmsen) at 2016-05-04 19:43:18

Per Bug Triage of 05/03/2016: 10.3.2

[pki-bot]

Comment from mharmsen (@mharmsen) at 2016-06-15 08:34:09

PKI TRAC Ticket 2313 - Deletion and again creation of client directory by subsystems. has been marked as a duplicate of this ticket.

[pki-bot]

Comment from vakwetu (@vakwetu) at 2016-06-20 11:51:00

I attempted this and had no issues. Looking at the code, I'm not sure how an issue would occur because the directory is only deleted when the instance is destroyed. Also, subsystem specific files are installed in subsystem specific sub directories.

Here is what I used for my config file (for both ca and kra):

[DEFAULT]
pki_admin_password=redhat123
pki_client_pkcs12_password=redhat123
pki_ds_password=redhat123
pki_instance_name=pki-tomcat51
pki_https_port=8513
pki_http_port=8510
pki_ds_ldap_port=55389
pki_ajp_port=8519
pki_tomcat_server_port=8515
pki_security_domain_password=redhat123
pki_ca_port=8513
pki_issuing_ca_https_port=8513
pki_security_domain_https_port=8513
pki_client_dir=/opt/test_pki
pki_client_database_password=redhat123

Please provide config files which shows this bug.

[pki-bot]

Comment from mharmsen (@mharmsen) at 2016-12-01 01:53:19

Replying to [ticket:2313 akahat@…]:

If pki_clien_dir=/opt/rhqa_pki is specified in two subsystem's configuration
files consider CA and KRA, then it CA installation will create it and stores
certificates in it. Again KRA installation on same system then it delete
directory and again create it.

Result is subsystem installer does not found directory and certificate.

Error generated at the time of OCSP installation :

Error Message: [Errno 2] No such file or directory:
'/opt/rhqa_pki/ca_admin.cert'

Steps to Reproduce:

1. Insert "pki_clien_dir=/opt/rhqa_pki" in ca.inf file and run it.
2. /opt/rhqa_pki directory will be crated and certificates are stored in this
directory.
3. Insert "pki_clien_dir=/opt/rhqa_pki" in kra.inf file and run it. It remove
the previously created directory and again create it. Result loss of CA
certificates.

Actual results:

CA installation creates it and KRA installation delete it and again create it.

Expected results:

Expected that two subsystem share same directory without deletion.

Your problem wcryptomilk't a "typo" was it? I noticed that you used "pki_clien_dir" instead of "pki_client_dir" and want to make sure that it is not just a typo in the bug/ticket?

[pki-bot]

Comment from mharmsen (@mharmsen) at 2016-12-01 20:40:34

Per Offline Triage of 11/30/2016-12/01/2016: 10.4 - major

NOTE: This bug was downgraded from critical as it could not be reproduced -- possible typo?

[pki-bot]

Comment from akahat@redhat.com (@amolkahat) at 2017-02-27 14:05:31

Metadata Update from @amolkahat:

• Issue set to the milestone: 10.4

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-08-09 12:45:26

Per CS/DS Meeting of August 7, 2017, it was determined to move this issue from 10.4 ==> FUTURE.

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-08-09 12:45:28

Metadata Update from @mharmsen:

• Custom field feature adjusted to None
• Custom field proposedmilestone adjusted to None
• Custom field proposedpriority adjusted to None
• Custom field reviewer adjusted to None
• Custom field version adjusted to None
• Issue close_status updated to: None
• Issue set to the milestone: FUTURE (was: 10.4)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-08-30 22:49:57

Metadata Update from @mharmsen:

• Issue set to the milestone: 10.5 (was: FUTURE)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-10-25 17:52:35

[20171025] - Offline Triage ==> 10.6

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-10-25 17:52:35

Metadata Update from @mharmsen:

• Issue set to the milestone: 10.6 (was: 10.5)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2018-04-13 18:57:09

Per 10.5.x/10.6 Triage: 10.6

mharmsen: according to the bug, akahat saw this on earlier versions, but vakwetu could not reproduce