Multiple database access via JSS

[pki-bot]

This issue was migrated from Pagure Issue #974. Originally filed by edewata (@edewata) on 2014-04-23 22:16:54:

• Assigned to nobody

---

The current JSS API is based on an old NSS API which can only access a single database for the whole duration of the JVM. It doesn't seem to be possible to access multiple databases, either concurrently or consecutively, without restarting the JVM.

NSS provided an explanation why this is a problem and provided a new API as a solution: https://wiki.mozilla.org/NSS_Library_Init. The JSS API would have to be updated to use the new NSS API.

The NSS problem described above doesn't necessarily apply to Dogtag, but there might be situations where it can be useful to support multiple databases:

• Using separate database for each subsystem in the same instance. Right now the solution is to use the same subsystem certificate for all subsystems, but requests from different subsystems may be indistinguishable.
• Deploying Dogtag and other Web applications that use NSS in the same instance.
• Building tools to manage multiple databases (e.g. transfer a cert/key from one database to another).
• Allowing an application to destroy the current database and create a new one without exiting to the system.

[pki-bot]

Comment from mharmsen (@mharmsen) at 2014-04-29 00:05:39

Per CS/DS meeting of 04/28/2014 - 10.4.

Additionally, it was discussed in this meeting to also move PKI TRAC Ticket 167 - Update Dogtag 10 to utilize the shared NSS database model to 10.4.

[pki-bot]

Comment from edewata (@edewata) at 2017-02-27 14:06:57

Metadata Update from @edewata:

• Issue set to the milestone: UNTRIAGED

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-07-06 14:50:11

cfu, jmagne, mharmsen not sure if you saw this but Kaie is proposing to switch the NSS to default to sqlite format in F-27. https://fedoraproject.org/wiki/Changes/NSSDefaultFileFormatSql rcrit: thanks -- we were not aware of this, but we do have a long-standing ticket for it -- https://pagure.io/dogtagpki/issue/167 yeah, I figure it'll up the timetable on these 389-ds has a similar ticket, https://pagure.io/389-ds-base/issue/48760 rcrit: also https://pagure.io/389-ds-base/issue/47681 Ok, I'll let Mark know so he can close one as a dup rcrit: yep rcrit: just scanned Kaie's doc, but will they have a flag to create the old NSS db format? you have to specify dbm:/path/to/nss/database

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-07-06 14:50:11

Metadata Update from @mharmsen:

• Custom field cc adjusted to mreynolds389@redhat.com,rcrit@redhat.com
• Custom field feature adjusted to ''
• Custom field proposedmilestone adjusted to ''
• Custom field proposedpriority adjusted to ''
• Custom field reviewer adjusted to ''
• Custom field version adjusted to ''
• Issue close_status updated to: None
• Issue priority set to: blocker (was: major)
• Issue set to the milestone: 0.0 NEEDS_TRIAGE (was: UNTRIAGED)

[pki-bot]

Comment from ftweedal (@frasertweedale) at 2017-07-10 17:32:34

This is the push we need to finally start using the new DB format.

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-08-04 17:30:32

Metadata Update from @mharmsen:

• Issue set to the milestone: 10.5 (was: 0.0 NEEDS_TRIAGE)

[pki-bot]

Comment from edewata (@edewata) at 2017-09-07 12:48:10

See also https://pagure.io/dogtagpki/issue/1176

[pki-bot]

Comment from edewata (@edewata) at 2017-09-07 13:53:34

Upstream JSS ticket: https://bugzilla.mozilla.org/show_bug.cgi?id=1397824

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-09-25 16:22:58

Metadata Update from @mharmsen:

• Issue priority set to: critical (was: blocker)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-09-25 17:18:45

Metadata Update from @mharmsen:

• Issue priority set to: major (was: critical)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-10-25 18:31:08

[20171025] - Offline Triage ==> 10.6

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-10-25 18:31:09

Metadata Update from @mharmsen:

• Issue set to the milestone: 10.6 (was: 10.5)