dogtagpki

Clone
Source Code
GIT

#3096 PKI's systemd service files are brittle.
Closed: migrated 3 years ago by dmoluguw. Opened 5 years ago by cipherboy.

Closed: migrated
Reopen Issue

Sometimes I don't want PKI to start on boot, so I do what I'm most familiar with:

systemctl disable pki-tomcatd@pki-tomcat

However, this is a very bad idea: it leaves the system in an unworkable state. Attempting to start the service manually gives:

-- Unit pki-tomcatd@pki-tomcat.service has begun starting up.
Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com pki-server[1489]: ----------------------------
Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com pki-server[1489]: pki-tomcat instance migrated
Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com pki-server[1489]: ----------------------------
Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com pkidaemon[1516]: WARNING:  Symbolic link '/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service' does NOT exist!
Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com pkidaemon[1516]: INFO:  Attempting to create '/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service' -> '/lib/systemd/system/pki-tomcatd@.service' . . .
Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com pkidaemon[1516]: ln: failed to create symbolic link '/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service': No such file or directory
Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com pkidaemon[1516]: ERROR:  Failed to create '/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service' -> '/lib/systemd/system/pki-tomcatd@.service'!
Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com systemd[1]: pki-tomcatd@pki-tomcat.service: Control process exited, code=exited status=1
Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com systemd[1]: pki-tomcatd@pki-tomcat.service: Failed with result 'exit-code'.
Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com systemd[1]: Failed to start PKI Tomcat Server pki-tomcat.
-- Subject: Unit pki-tomcatd@pki-tomcat.service has failed
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit pki-tomcatd@pki-tomcat.service has failed.
-- 
-- The result is failed.

And enabling the service again fails. If you try a pkidestroy and a new spawn, you get:

[root@vm-171-084 ~]# pkispawn -f CA-ecc.cfg            
Subsystem (CA/KRA/OCSP/TKS/TPS) [CA]: CA                           

Begin installation (Yes/No/Quit)? Yes                                                       

Log file: /var/log/pki/pki-ca-spawn.20190327224642.log
Loading deployment configuration from CA-ecc.cfg.                                            
Installing CA into /var/lib/pki/pki-tomcat.                                                                     
Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
pkihelper     : ERROR    OSError:  [Errno 2] No such file or directory: '/lib/systemd/system/pki-tomcatd@.service' -> '/etc/systemd/system/pki-tomcatd.target
.wants/pki-tomcatd@pki-tomcat.service'!                                                                           
pkispawn      : ERROR    FileNotFoundError: [Errno 2] No such file or directory: '/lib/systemd/system/pki-tomcatd@.service' -> '/etc/systemd/system/pki-tomca
td.target.wants/pki-tomcatd@pki-tomcat.service'                                                       
  File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 547, in main
    scriptlet.spawn(deployer)                                                                                            
  File "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/instance_layout.py", line 231, in spawn
    deployer.mdict['pki_systemd_service_link'])
  File "/usr/lib/python3.6/site-packages/pki/server/deployment/pkihelper.py", line 1711, in create
    os.symlink(name, link)                                                                 


Installation failed: [Errno 2] No such file or directory: '/lib/systemd/system/pki-tomcatd@.service' -> '/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service'

So I think we need to figure out what exactly gets removed during disable, and how to allow enable / start to function properly again.

(I think part of it is that /etc/systemd/system/pki-tomcatd.target.wants gets removed, and so that directory needs to be created) again.

Metadata Update from @cipherboy:
- Custom field component adjusted to None
- Custom field feature adjusted to None
- Custom field origin adjusted to None
- Custom field proposedmilestone adjusted to None
- Custom field proposedpriority adjusted to None
- Custom field reviewer adjusted to None
- Custom field type adjusted to None
- Custom field version adjusted to None
5 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/3213

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.