#2439 Outdated deployment descriptors in upgraded server
Closed: Fixed None Opened 7 years ago by edewata.

There's a case where the deployment descriptors in /etc/pki/pki-tomcat/Catalina/localhost were not updated properly during server upgrade:

  • ROOT.xml points to non-existent /var/lib/pki/pki-tomcat/common/webapps/ROOT
  • pki.xml points to non-existent /var/lib/pki/pki-tomcat/common/webapps/pki
  • pki#admin.xml is missing
  • pki#js.xml is missing
  • ca.xml points to outdated /var/lib/pki/pki-tomcat/ca/webapps/ca

The fix is to copy the new deployment descriptors from the following locations and overwrite the old files:

  • /usr/share/pki/server/conf/Catalina/localhost/ROOT.xml
  • /usr/share/pki/server/conf/Catalina/localhost/pki.xml
  • /usr/share/pki/server/conf/Catalina/localhost/pki#admin.xml
  • /usr/share/pki/server/conf/Catalina/localhost/pki#js.xml
  • /usr/share/pki/ca/conf/Catalina/localhost/ca.xml

There should be an upgrade script to perform the above operations automatically.

If the /var/lib/pki/pki-tomcat/ca/webapps/ca contains customized webapp, the ca.xml can be edited manually afterwards to point back to the old webapp. However, there's no guarantee the old webapp will work properly with the new code.


[08/17/2016] PKI Bug Council: 10.3.6

After much discussion, it was determined that this bug would be marked "critical" and moved to the 10.3.6 Milestone.

Fixed in master (10.4):

  • b8094e82c46f8d5f18d362404582304ad28407da
  • 1df2d06c0950a4dfc3c149ff87b16ed224a37065

For now the /usr/share/pki/ca/conf/Catalina/localhost/ca.xml will not be changed to avoid issues during upgrade.

Cherry-picked in to DOGTAG_10_3_BRANCH:

commit b6a038a81c6f69e636822d7615e97d591c244aa1
Author: Endi S. Dewata <edewata@redhat.com>
Date:   Wed Aug 24 18:42:05 2016 +0200

    Added upgrade script to fix deployment descriptors.

    An upgrade script has been added to fix missing deployment
    descriptors or deployment descriptors that are pointing to
    non-existent or empty folders.

    https://fedorahosted.org/pki/ticket/2439
    (cherry picked from commit b8094e82c46f8d5f18d362404582304ad28407da)

and

commit a98282328a75110775641158830e38ec524e763f
Author: Endi S. Dewata <edewata@redhat.com>
Date:   Thu Aug 25 16:41:51 2016 +0200

    Updated RPM spec for RHEL.

    The RPM spec has been modified to move the upgrade script into
    the correct folder for RHEL.

    https://fedorahosted.org/pki/ticket/2439
    (cherry picked from commit 1df2d06c0950a4dfc3c149ff87b16ed224a37065)

Cherry-picked in to DOGTAG_10_3_RHEL_BRANCH:

  • a4ebeb1fa880e53d87c39757c8c2dd40aef0a7ce

Spec file changes copied in to DOGTAG_10_3_RHEL_BRANCH:

  • 93fd3b8f25a64aae765680f10de233013944eed5

Metadata Update from @edewata:
- Issue assigned to edewata
- Issue set to the milestone: 10.3.6

7 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2559

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata