[Pki-devel] [PATCH] 127 - add servlet to return 501 or d9 style instances

Ade Lee alee at redhat.com
Mon Apr 22 20:22:16 UTC 2013 

acked by Endi.  Pushed to master.

On Mon, 2013-04-22 at 12:18 -0400, Ade Lee wrote:
> Modified with changes based on comments in #irc.
> 
> 1. PKIException now takes instance and subsystem objects instead of
> names.
> 2. Changed __repr__ for PKIInstance
> 3. Fixed get_tracker
> 4. Redefine con_dir in terms of base_dir
> 
> Tested with d9 and d10 instances.  All still looks good.
> 
> On Mon, 2013-04-22 at 09:54 -0400, Ade Lee wrote:
> > On Fri, 2013-04-19 at 23:20 -0500, Endi Sukma Dewata wrote:
> > > On 4/19/2013 2:32 PM, Ade Lee wrote:
> > > >
> > > >      Added servlet to return 501 for rest operations for d9 instances
> > > >
> > > >      D9 instances run on tomcat6, which does not have support for the
> > > >      autheticator and realm.  We are not supporting the REST operations
> > > >      on D9 style instances.  They will need to be migrated.
> > > >
> > > >      The migration framework has been modified to process d9 or d10
> > > >      style instances, and a migration script has been added to add the new
> > > >      servlet to existing d9 instances.
> > > 
> > > Some comments (some of which have been discussed over IRC):
> > > 
> > > 1. To be consistent the pki_subsystem and pki_instance classes should be 
> > > called PKISubsystem and PKIInstance.
> > 
> > done
> > > 
> > > 2. In PKIUpgrader's constructor the instance/subsystem objects are only 
> > > created for validation then discarded. It might be better to move the 
> > > validation inside the instances() or subsystems() where the objects are 
> > > actually created and stored.
> > > 
> > done - we now have a validate() method which is called by the
> > constructor.
> > 
> > > 3. There seems to be a bug in these lines:
> > > 
> > >    inst = pki.pki_instance(instance, instance_type)
> > >    ...
> > >    subs = pki.pki_instance(instance, subsystem, instance_type)
> > > 
> > > The second line probably should have been calling pki.pki_subsystem() 
> > > and the parameter should have been inst (the instance object, not the name).
> > > 
> > 
> > Done. This is validation code that has been removed.
> > 
> > > 4. To improve clarity, the subsystem/instance name variable should be 
> > > called 'name' inside the corresponding class, and 'subsystemName' or 
> > > 'instanceName' outside the class.
> > > 
> > Done
> > 
> > > 5. The PKISubsystem constructor shouldn't need to take the type 
> > > parameter because it can be obtained from the instance.
> > > 
> > Done
> > 
> > > 6. The message in RESTServlet could be simplified into something like this:
> > > 
> > >    The REST services are not available because this server is a legacy
> > >    Dogtag 9 server. To access the REST services this server must be
> > >    migrated into a new Dogtag 10 server.
> > > 
> > Done
> > > 7. Instead of overriding doGet() and doPost() it's also possible to just 
> > > override service().
> > > 
> > Done
> > 
> > > 8. The --instance-type parameter works differently from the --instance 
> > > and --subsystem parameters. By default pki-upgrade will upgrade all 
> > > instances and subsystem on the system. If the --instance or --subsystem 
> > > is specified, it will narrow the scope to the specified 
> > > instance/subsystem only. The --instance-type, on the other hand, works 
> > > as an additional parameter to --instance and has a default value of 10.
> > > 
> > > Suppose there is a mix of Dogtag 9 and Dogtag 10 instances and some may 
> > > have the same names (e.g. D9 pki-ca and D10 pki-ca). The parameters will 
> > > work like this:
> > > 
> > >    pki-upgrade  ==> upgrade all instances
> > > 
> > >    pki-upgrade --instance pki-ca  ==> upgrade D10 pki-ca only
> > > 
> > >    pki-upgrade --instance pki-ca --instance-type 9
> > >      ==> upgrade D9 pki-ca only
> > > 
> > > To be consistent it should work like this:
> > > 
> > >    pki-upgrade --instance pki-ca  ==> upgrade both pki-ca instances
> > > 
> > >    pki-upgrade --instance pki-ca --instance-type 10
> > >      ==> upgrade D10 pki-ca only
> > > 
> > >    pki-upgrade --instance-type 9  ==> upgrade all D9 instances
> > > 
> > Done
> > 
> > > 9. We discussed about putting the context XML in 
> > > <instance>/conf/Catalina/localhost instead of META-INF. Is this going to 
> > > be handled by a separate upgrade script?
> > > 
> > To be handled as a separate upgrade script when we do the 10.1
> > customization work.
> > 
> > > 10. Document root could be obtained using self.doc.getroot() instead of 
> > > self.doc.find('.').
> > > 
> > Done
> > > 11. Element index could be obtained using self.root.index(mapping) 
> > > instead of list(self.root).index(mapping).
> > > 
> > Done
> > 
> > > 12. There are some trailing whitespaces.
> > > 
> > Fixed
> 
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

More information about the Pki-devel mailing list