To test if we try to do find with KRA's CS.cfg it shows "selftests.container.instance" as KRAPresence and SystemCertsVerification but this is not shown when we do a kra-selftest-find.
Also, in KRA selftest.log it says selftests.container.instance.KRAPresence does not exist which is actually there in CS.cfg .Please refer below cli output's.
[root@pki1 alias]# pki -d /opt/rhqa_pki/certdb -c Secret123 -h pki1.example.com -p 21080 -n "PKI KRA Administrator for Example.Org" kra-selftest-find
SelfTest ID: KRAPresence Enabled at startup: false Enabled on demand: true Critical on demand: true
[root@pki1 alias]# pki -d /opt/rhqa_pki/certdb -c Secret123 -h pki1.example.com -p 21080 -n "PKI KRA Administrator for Example.Org" kra-selftest-run Selftest ID: KRAPresence Status: PASSED
Steps to Reproduce:
Setup: ----- 1. stop the KRA services using systemctl stop pki-tomcatd@topology-02-KRA.service 2. Make changes in CS.cfg auths.revocationChecking.enabled=true auths.revocationChecking.kra=kra auths.revocationChecking.bufferSize=50 auths.revocationChecking.unknownStateInterval=0 auths.revocationChecking.validityInterval=120 auths.revocationChecking.url=http://pki1.example.com:20080/ca/ocsp 3. Make changes in server.xml @ /etc/pki/topology-02-KRA/server.xml 4. Import cert to KRA alias dir using: [root@pki1 ~]# certutil -L -d /var/lib/pki/topology-02-CA/alias -n "ocspSigningCert cert-topology-02-CA CA" -a > ocsp_signing.crt [root@pki1 ~]# certutil -A -d /var/lib/pki/topology-02-KRA/alias/ -n "ocspSigningCert cert-topology-02-CA CA" -t "C,," -i ocsp_signing.crt 5. Restart the KRA services using systemctl start pki-tomcatd@topology-02-KRA.service. ==============================================================================
Actual results:
selftest.log: 0.http-bio-21443-exec-17 - [22/Jul/2016:05:02:49 EDT] [20] [1] SelfTestSubsystem: the self test property name selftests.container.instance.KRAPresence does not exist 0.http-bio-21443-exec-14 - [22/Jul/2016:05:03:00 EDT] [20] [1] KRAPresence: KRA is present CS.cfg : [root@pki1 alias]# grep "selftests.container.instance" /etc/pki/topology-02-KRA/kra/CS.cfg selftests.container.instance.KRAPresence=com.netscape.cms.selftests.kra.KRAPres ence selftests.container.instance.SystemCertsVerification=com.netscape.cms.selftests .common.SystemCertsVerification [root@pki1 alias]# grep "selftests.container.instance.KRAPresence" /etc/pki/topology-02-KRA/kra/CS.cfg selftests.container.instance.KRAPresence=com.netscape.cms.selftests.kra.KRAPres ence
Expected results:
with KRA's CS.cfg it shows " selftests.container.instance" as KRAPresence and SystemCertsVerification but this is not shown when we do a kra-selftest-find. Also, in KRA selftest.log it says selftests.container.instance.KRAPresence does not exist which is actually there in CS.cfg
Per CS/DS Meeting of 08/08/2016: 10.3.6
Fixed in master (10.4):
The following were checked in to DOGTAG_10_3_BRANCH:
commit e860276fc5889aae40beda33ea523358fbe76911 Author: Endi S. Dewata <edewata@redhat.com> Date: Tue Aug 16 01:43:36 2016 +0200 Fixed SelfTestService.findSelfTests(). The SelfTestService.findSelfTests() has been modified to return all selftests defined in the CS.cfg. https://fedorahosted.org/pki/ticket/2432 (cherry picked from commit 4001335ed5105112c64c433a26272286ecf66196) commit 422fc92597d80aa115efa59a592fbaf8851b243e Author: Endi S. Dewata <edewata@redhat.com> Date: Tue Aug 16 00:15:15 2016 +0200 Removed misleading log in SelfTestSubsystem. To avoid confusion, the isSelfTestCriticalAtStartup() and isSelfTestCriticalOnDemand() in SelfTestSubsystem have been modified to no longer log an error message if the selftest being checked does not exist in the corresponding property in CS.cfg. https://fedorahosted.org/pki/ticket/2432 (cherry picked from commit 6bfee0e46aee93e1255ecb5652d46348557664d5)
Metadata Update from @gkapoor: - Issue assigned to edewata - Issue set to the milestone: 10.3.6
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2552
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.