Does the CN component in the .pem need to be a fqdn? And the CN is koji (I thought it needed to be the auth user) Right now I am under the impression that the user in kojid.conf needs to be a fqdn and that the CN in the .pem file needs to match, is this correct? # /usr/sbin/kojid --force-lock --verbose --fg 2009-02-26 11:01:51,706 [INFO] {4098} koji.build:66 Starting up Traceback (most recent call last): File "/usr/sbin/kojid", line 2730, in ? main() File "/usr/sbin/kojid", line 67, in main tm = TaskManager() File "/usr/sbin/kojid", line 530, in __init__ self.host_id = session.host.getID() File "/usr/lib/python2.4/site-packages/koji/__init__.py", line 1133, in __call__ return self.__func(self.__name,args,opts) File "/usr/lib/python2.4/site-packages/koji/__init__.py", line 1378, in _callMethod raise err koji.AuthError: No host specified <div class="gmail_quote"> On Thu, Feb 26, 2009 at 10:59 AM, Mike Bonnet <<a href="mailto:mikeb@redhat.com">mikeb@redhat.com</a>> wrote: <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> <div class="Ih2E3d">Thomas Hatch wrote: > I keep having problems with it telling me the system is locked until I run a > restart, but service kojid status keeps returning the same error > > service kojid status > kojid dead but subsys locked > > kojid also seems to be dying but the logs yield no real data > > I think I have a problem in my configs: </div>What is the output of openssl x509 -noout -subject -in /etc/pki/koji/kojibuilder1.pem The CN component needs to match the hostname you added with "koji add-host", in your case <a href="http://koji.bcinfra.net" target="_blank">koji.bcinfra.net</a>. Also, that same certificate may not be used to authenticate any other services or users to the system. You can also run /usr/sbin/kojid --force-lock --verbose --fg as root to run kojid in the foreground and see what errors are reported. <div><div></div><div class="Wj3C7c"> > kojid.conf: > > [kojid] > ; The number of seconds to sleep between tasks > ; sleeptime=15 > > ; The maximum number of jobs that kojid will handle at a time > ; maxjobs=10 > > ; The minimum amount of free space (in MBs) required for each build root > ; minspace=8192 > > ; The directory root where work data can be found from the koji hub > ; topdir=/mnt/koji > > ; The directory root for temporary storage > workdir=/tmp/koji > > ; The directory root for mock > mockdir=/var/lib/mock > > ; The user to run as when doing builds > mockuser=kojibuilder > > ; The vendor to use in rpm headers > ; vendor=Koji > > ; The packager to use in rpm headers > ; packager=Koji > > ; The _host string to use in mock > ; mockhost=koji-linux-gnu > > ; The URL for the xmlrpc server > server=<a href="http://sunlight.pp.bcinfra.net/kojihub" target="_blank">http://sunlight.pp.bcinfra.net/kojihub</a> > > user=<a href="http://koji.bcinfra.net" target="_blank">koji.bcinfra.net</a> > > ; The URL for the packages tree > pkgurl=<a href="http://sunlight.pp.bcinfra.net/pkg/packages" target="_blank">http://sunlight.pp.bcinfra.net/pkg/packages</a> > > ; A space-separated list of hostname:repository[:use_common] tuples that > kojid is authorized to checkout from (no quotes). > ; Wildcards (as supported by fnmatch) are allowed. > ; If use_common is specified and is one of "false", "no", or "0" (without > quotes), then kojid will not attempt to checkout > ; a common/ dir when checking out sources from the source control system. > Otherwise, it will attempt to checkout a common/ > ; dir, and will raise an exception if it cannot. > ;allowed_scms=scm.example.com:/cvs/example git.example.org:/example > svn.example.org:/users/*:no > > ; The mail host to use for sending email notifications > smtphost=<a href="http://sunlight.pp.bcinfra.net" target="_blank">sunlight.pp.bcinfra.net</a> > > ; The From address used when sending email notifications > from_addr=Koji Build System <<a href="mailto:koji@koji.bcinfra.net">koji@koji.bcinfra.net</a>> > > ;configuration for SSL athentication > > ;client certificate > cert = /etc/pki/koji/kojibuilder1.pem > > ;certificate of the CA that issued the client certificate > ca = /etc/pki/koji/koji_ca_cert.crt > > ;certificate of the CA that issued the HTTP server certificate > serverca = /etc/pki/koji/koji_ca_cert.crt > > > > > > > On Thu, Feb 26, 2009 at 10:32 AM, Jeffrey Ollie <<a href="mailto:jeff@ocjtech.us">jeff@ocjtech.us</a>> wrote: > >> On Thu, Feb 26, 2009 at 11:29 AM, Thomas Hatch <<a href="mailto:thatch65@gmail.com">thatch65@gmail.com</a>> wrote: >>> I run "koji list-hosts --channel=createrepo" and get: >>> >>> Hostname Enb Rdy Load/Cap Arches Last >> Update >>> <a href="http://koji.bcinfra.net" target="_blank">koji.bcinfra.net</a> Y N 0.0/8.0 i386,x86_64 - >>> >>> Seems it is enabled and in the channel, but not ready? >> Is kojid running? That's the service that does the actual building... >> >> -- >> Jeff Ollie >> Marcus to Franklin in Babylon 5: "A Late Delivery from Avalon" >> >> -- >> Fedora-buildsys-list mailing list >> <a href="mailto:Fedora-buildsys-list@redhat.com">Fedora-buildsys-list@redhat.com</a> >> <a href="https://www.redhat.com/mailman/listinfo/fedora-buildsys-list" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-buildsys-list</a> >> > > </div></div>> ------------------------------------------------------------------------ <div><div></div><div class="Wj3C7c">> > -- > Fedora-buildsys-list mailing list > <a href="mailto:Fedora-buildsys-list@redhat.com">Fedora-buildsys-list@redhat.com</a> > <a href="https://www.redhat.com/mailman/listinfo/fedora-buildsys-list" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-buildsys-list</a> -- Fedora-buildsys-list mailing list <a href="mailto:Fedora-buildsys-list@redhat.com">Fedora-buildsys-list@redhat.com</a> <a href="https://www.redhat.com/mailman/listinfo/fedora-buildsys-list" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-buildsys-list</a> </div></div></blockquote></div>