[Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10?
Scott Ding
scott.ding at autodesk.com
Wed Sep 12 19:57:12 UTC 2007
The three certificate db files need to be read/write. After I changed them, the NSS initialization errors are gone. However, I now get server failed to start prompt on the console. The logs/errors does not show any specific errors. I used the truss on start-slapd. It seems complaining it could not find logs/startpid. Attached is the errors log file. The tail of truss output below.
----
4431: getrlimit(RLIMIT_STACK, 0xFFBFF740) = 0
4431: getpid() = 4431 [4388]
4431: setustack(0xFF3A2088)
4431: brk(0x000222F8) = 0
4431: brk(0x000242F8) = 0
4431: stat("/platform/SUNW,Sun-Fire-480R/lib/libc_psr.so.1", 0xFFBFECF8) = 0
4431: resolvepath("/platform/SUNW,Sun-Fire-480R/lib/libc_psr.so.1", "/platform/sun4u-us3/lib/libc_psr.so.1", 1023) = 37
4431: open("/platform/SUNW,Sun-Fire-480R/lib/libc_psr.so.1", O_RDONLY) = 3
4431: mmap(0x00010000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ALIGN, 3, 0) = 0xFF390000
4431: mmap(0x00000000, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xFF380000
4431: close(3) = 0
4431: stat("/usr/lib/locale/en_US/en_US.so.3", 0xFFBFEE80) Err#2 ENOENT
4431: open("/usr/lib/locale/en_US/LC_MESSAGES/SUNW_OST_SGS.mo", O_RDONLY) Err#2 ENOENT
4431: open("/usr/lib/locale/en_US/LC_MESSAGES/SUNW_OST_OSLIB.mo", O_RDONLY) Err#2 ENOENT
4431: sigaction(SIGALRM, 0xFFBFFAF0, 0xFFBFFB90) = 0
4388: waitid(P_PID, 4431, 0xFFBFF808, WEXITED|WTRAPPED|WNOWAIT) (sleeping...)
4431: nanosleep(0xFFBFFBC8, 0xFFBFFBC0) = 0
4431: _exit(0)
4388: waitid(P_PID, 4431, 0xFFBFF808, WEXITED|WTRAPPED|WNOWAIT) = 0
4388: ioctl(0, TIOCGPGRP, 0xFFBFF824) = 0
4388: ioctl(0, TCGETS, 0x00039178) = 0
4388: waitid(P_PID, 4431, 0xFFBFF808, WEXITED|WTRAPPED) = 0
4388: brk(0x0003AB20) = 0
4388: read(19, " t e s t ! - f $".., 128) = 128
4388: stat64("/home/dings/fds/slapd-lsctsol06/logs/startpid", 0xFFBFF7C0) Err#2 ENOENT
Server failed to start !!! Please check errors log for problems
4388: write(1, " S e r v e r f a i l e".., 64) = 64
4388: _exit(1)
-----Original Message-----
From: fedora-directory-users-bounces at redhat.com [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Rob Crittenden
Sent: Wednesday, September 12, 2007 11:06 AM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10?
Scott Ding wrote:
> Using the certutil-bin instructions given by Rob, I was able to generate slapd-lsctsol06-key3.db,slapd-lsctsol06-cert8.db, and secmod.db successfully under /home/dings/fds/alias. However, when I call start-slapd as root, I still get the same errors. Attached is the errors log file under logs.
>
Are the files readable by the user the server run as? You can find out what that is configured by by looking for nsslapd-localuser in config/dse.ldif.
I'm a glutton for punishment so I might run truss on the start script and look for where the NSS database is being opened and see if any errors are thrown (EPERM, etc). You'll need a flag to follow forks, I think it is -f.
rob
> -----Original Message-----
> From: fedora-directory-users-bounces at redhat.com
> [mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Rob
> Crittenden
> Sent: Wednesday, September 12, 2007 6:09 AM
> To: General discussion list for the Fedora Directory server project.
> Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on Solaris 10?
>
> Dave Augustus wrote:
>>
>> On Tue, 2007-09-11 at 19:56 -0700, Scott Ding wrote:
>>> /home/dings/fds/alias does exist. I am starting FDS by using
>>> start-slapd as root user. /home/dings/fds/alias is writable by the
>>> server. It looks like start-slapd is looking for some certificate
>>> under /home/dings/fds/alias. I checked the content under
>>> /home/dings/alias. It contains only one file: libnssckbi.so.
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: fedora-directory-users-bounces at redhat.com
>>> <mailto:fedora-directory-users-bounces at redhat.com>
>>> [mailto:fedora-directory-users-bounces at redhat.com
>>> <mailto:fedora-directory-users-bounces at redhat.com>] On Behalf Of
>>> Richard Megginson
>>> Sent: Tuesday, September 11, 2007 5:56 PM
>>> To: General discussion list for the Fedora Directory server project.
>>> Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on
>>> Solaris 10?
>>>
>>> Scott Ding wrote:
>>>> I got the FDS installed on Solaris 10 by calling ds_newinst.pl with
>>>> a inf file. However, when I tried to start the FDS, I got the
>>>> following error. It looks like I did not set up SSL correctly. Can anyone help?
>>>>
>>>> [11/Sep/2007:16:05:13 -0700] - SSL alert: Security Initialization:
>>>> NSS
>>>> initialization failed (Netscape Portable Runtime error -8174 -
>>>> security
>>>> library: bad database.): path: /home/dings/fds/alias/, certdb prefix:
>>>> slapd-lsctsol06-, keydb prefix: slapd-lsctsol06-.
>>>>
>>> Does the directory /home/dings/fds/alias exist? Is it owned by the
>>> server user? Is it writable by the server user?
>>>> [11/Sep/2007:16:05:13 -0700] - ERROR: NSS Initialization Failed.
>>>>
>>>> -----Original Message-----
>>>> From: Scott Ding
>>>> Sent: Tuesday, September 11, 2007 2:50 PM
>>>> To: General discussion list for the Fedora Directory server project.
>>>> Subject: RE: [Fedora-directory-users] Fedora DS 1.0.4 build on
>>>> Solaris 10?
>>>>
>>>> Rob,
>>>>
>>>> We got the FDS compiled on Solaris 10 with NET-SNMP 5.4.1. The
>>>> compiled result contains the following files:
>>>>
>>>> LICENSE.txt
>>>> README.txt
>>>> disktune
>>>> slapd.tar.gz
>>>>
>>>>
>>>> After I untar slapd.tar.gz, I got the following:
>>>>
>>>> alias
>>>> manual
>>>> shared
>>>> bin
>>>> - slapd
>>>> - admin
>>>> - server
>>>> - install
>>>> - property
>>>> -lib
>>>> lib
>>>> plugins
>>>>
>>>> I checked the Installation Guide. The instructions are based on
>>> RedHat.
>>>> Are there any installation instructions based on Solaris?
>>>>
>>>> Regards,
>>>> Scott
>>>>
>>>>
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: fedora-directory-users-bounces at redhat.com
>>>> <mailto:fedora-directory-users-bounces at redhat.com>
>>>> [mailto:fedora-directory-users-bounces at redhat.com
>>>> <mailto:fedora-directory-users-bounces at redhat.com>] On Behalf Of
>>>> Rob Crittenden
>>>> Sent: Tuesday, September 11, 2007 7:25 AM
>>>> To: General discussion list for the Fedora Directory server project.
>>>> Subject: Re: [Fedora-directory-users] Fedora DS 1.0.4 build on
>>>> Solaris 10?
>>>>
>>>> Scott Ding wrote:
>>>>
>>>>> Has anyone built Fedora DS 1.0.4 on Solaris 10 (SPARC 32bit)?
>>>>>
>>>>>
>>>> In theory this should work ok.
>>>>
>>>> I spent a little time many months ago to try to build it on Solaris
>>>> 10
>>>> x86 and nearly got there before running out of time and I never got
>>>> back to it because I needed to reclaim the disk space :-(
>>>>
>>>> I would recommend the manual build process defined at
>>>> http://directory.fedoraproject.org/wiki/Building . I would avoid
>>>> the "one-step build" because I suspect this is going to be very
>>>> iterative and while the auto-fetching is nice developing in that
>>>> environment just adds another layer of pain.
>>>>
>>>> It is possible to build on Solaris with gcc, the trick is figuring
>>>> out the magic to tell the various components to use it. I think
>>>> things like NSS, NSPR and FDS itself use the env variable
>>>> NS_USE_GCC. Set that to 1 and give it a go. There may be other
>>>> tweaks required.
>>>>
>>>> And note that the manual instructions just cover the server itself.
>>>> For console, the plugins, etc there is more to do.
>>>>
>>>> rob
>>>>
>>>>
>>>> --
>>>> Fedora-directory-users mailing list
>>>> Fedora-directory-users at redhat.com
>>>> <mailto:Fedora-directory-users at redhat.com>
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>>
>>>
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> <mailto:Fedora-directory-users at redhat.com>
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>> My guess is that you just need to create the cert files. Look for the
>> certutil-bin binary in /opt/fedora-ds/shared/bin (no clue where on
>> Solaris). Do certutil-bin -h . The cert db files will need to be
>> named appropriately and located in alias. Something like:
>> slapd-lsctsol06-key3.db
>> slapd-lsctsol06-cert8.db
>> Also, I think that secmod.db is needed but I don't know what it contains.
>
> Solaris should already have certutil. You need to run something like:
>
> # certutil -N -d /home/dings/fds/alias -P slapd-lsctsol06-
>
> Note that there is a trailing dash. This is important.
>
> You'll be prompted to set a security password. Enter one or just press ENTER twice to not set one.
>
> That should do the trick.
>
> rob
>
>
>
> ----------------------------------------------------------------------
> --
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: errors
Type: application/octet-stream
Size: 183 bytes
Desc: errors
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070912/be90b90e/attachment.obj>
More information about the Fedora-directory-users
mailing list