Sometimes I don't want PKI to start on boot, so I do what I'm most familiar with:
systemctl disable pki-tomcatd@pki-tomcat
However, this is a very bad idea: it leaves the system in an unworkable state. Attempting to start the service manually gives:
-- Unit pki-tomcatd@pki-tomcat.service has begun starting up. Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com pki-server[1489]: ---------------------------- Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com pki-server[1489]: pki-tomcat instance migrated Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com pki-server[1489]: ---------------------------- Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com pkidaemon[1516]: WARNING: Symbolic link '/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service' does NOT exist! Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com pkidaemon[1516]: INFO: Attempting to create '/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service' -> '/lib/systemd/system/pki-tomcatd@.service' . . . Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com pkidaemon[1516]: ln: failed to create symbolic link '/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service': No such file or directory Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com pkidaemon[1516]: ERROR: Failed to create '/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service' -> '/lib/systemd/system/pki-tomcatd@.service'! Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com systemd[1]: pki-tomcatd@pki-tomcat.service: Control process exited, code=exited status=1 Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com systemd[1]: pki-tomcatd@pki-tomcat.service: Failed with result 'exit-code'. Mar 27 22:42:58 vm-171-084.abc.idm.lab.eng.brq.redhat.com systemd[1]: Failed to start PKI Tomcat Server pki-tomcat. -- Subject: Unit pki-tomcatd@pki-tomcat.service has failed -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit pki-tomcatd@pki-tomcat.service has failed. -- -- The result is failed.
And enabling the service again fails. If you try a pkidestroy and a new spawn, you get:
pkidestroy
[root@vm-171-084 ~]# pkispawn -f CA-ecc.cfg Subsystem (CA/KRA/OCSP/TKS/TPS) [CA]: CA Begin installation (Yes/No/Quit)? Yes Log file: /var/log/pki/pki-ca-spawn.20190327224642.log Loading deployment configuration from CA-ecc.cfg. Installing CA into /var/lib/pki/pki-tomcat. Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg. pkihelper : ERROR OSError: [Errno 2] No such file or directory: '/lib/systemd/system/pki-tomcatd@.service' -> '/etc/systemd/system/pki-tomcatd.target .wants/pki-tomcatd@pki-tomcat.service'! pkispawn : ERROR FileNotFoundError: [Errno 2] No such file or directory: '/lib/systemd/system/pki-tomcatd@.service' -> '/etc/systemd/system/pki-tomca td.target.wants/pki-tomcatd@pki-tomcat.service' File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 547, in main scriptlet.spawn(deployer) File "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/instance_layout.py", line 231, in spawn deployer.mdict['pki_systemd_service_link']) File "/usr/lib/python3.6/site-packages/pki/server/deployment/pkihelper.py", line 1711, in create os.symlink(name, link) Installation failed: [Errno 2] No such file or directory: '/lib/systemd/system/pki-tomcatd@.service' -> '/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service'
So I think we need to figure out what exactly gets removed during disable, and how to allow enable / start to function properly again.
disable
enable
start
(I think part of it is that /etc/systemd/system/pki-tomcatd.target.wants gets removed, and so that directory needs to be created) again.
/etc/systemd/system/pki-tomcatd.target.wants
Metadata Update from @cipherboy: - Custom field component adjusted to None - Custom field feature adjusted to None - Custom field origin adjusted to None - Custom field proposedmilestone adjusted to None - Custom field proposedpriority adjusted to None - Custom field reviewer adjusted to None - Custom field type adjusted to None - Custom field version adjusted to None
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/3213
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.