[Freeipa-devel] [PATCH] 0083 Remove internaldb pasword from password.conf

Jan Cholasta jcholast at redhat.com
Tue Sep 2 07:03:06 UTC 2014 

Also, Dogtag certificate renewal does not work with internaldb removed, 
I'm working on a patch to fix that.

Dne 1.9.2014 v 18:19 Petr Viktorin napsal(a):
> On 11/06/2013 01:41 PM, Ana Krivokapic wrote:
>> On 11/06/2013 01:34 PM, Ana Krivokapic wrote:
>>> Hello,
>>>
>>> This patch addresses tickethttps://fedorahosted.org/freeipa/ticket/4005.
>
> I tried installing a replica with this patch applied to the 4.1 branch,
> but ipa-ca-install fails with:
>
> 2014-09-01T16:12:58Z DEBUG stderr=pkispawn    : ERROR    .......
> Exception from Java Configuration Servlet: Failed to obtain
> configuration entries from the master for cloning
> org.xml.sax.SAXParseException; Premature end of file.
>
> The pkispawn log ends with:
>
> 2014-09-01 18:12:35 pkispawn    : INFO     ... configuring
> 'pki.server.deployment.scriptlets.configuration'
> 2014-09-01 18:12:35 pkispawn    : INFO     ....... mkdir -p
> /root/.dogtag/pki-tomcat/ca
> 2014-09-01 18:12:35 pkispawn    : DEBUG    ........... chmod 755
> /root/.dogtag/pki-tomcat/ca
> 2014-09-01 18:12:35 pkispawn    : DEBUG    ........... chown 0:0
> /root/.dogtag/pki-tomcat/ca
> 2014-09-01 18:12:35 pkispawn    : INFO     ....... generating
> '/root/.dogtag/pki-tomcat/ca/password.conf'
> 2014-09-01 18:12:35 pkispawn    : INFO     ....... modifying
> '/root/.dogtag/pki-tomcat/ca/password.conf'
> 2014-09-01 18:12:35 pkispawn    : DEBUG    ........... chmod 660
> /root/.dogtag/pki-tomcat/ca/password.conf
> 2014-09-01 18:12:35 pkispawn    : DEBUG    ........... chown 0:0
> /root/.dogtag/pki-tomcat/ca/password.conf
> 2014-09-01 18:12:35 pkispawn    : INFO     ....... generating
> '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf'
> 2014-09-01 18:12:35 pkispawn    : INFO     ....... modifying
> '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf'
> 2014-09-01 18:12:35 pkispawn    : DEBUG    ........... chmod 660
> /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf
> 2014-09-01 18:12:35 pkispawn    : DEBUG    ........... chown 498:498
> /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf
> 2014-09-01 18:12:35 pkispawn    : INFO     ....... executing 'certutil
> -N -d /tmp/tmp-yRUhk2 -f /root/.dogtag/pki-tomcat/ca/password.conf'
> 2014-09-01 18:12:35 pkispawn    : INFO     ....... executing 'systemctl
> daemon-reload'
> 2014-09-01 18:12:35 pkispawn    : INFO     ....... executing 'systemctl
> start pki-tomcatd at pki-tomcat.service'
> 2014-09-01 18:12:35 pkispawn    : DEBUG    ........... No connection -
> server may still be down
> 2014-09-01 18:12:35 pkispawn    : DEBUG    ........... No connection -
> exception thrown:
> HTTPSConnectionPool(host='vm-234.idm.lab.eng.brq.redhat.com',
> port=8443): Max retries exceeded with url: /ca/admin/ca/getStatus
> (Caused by <class 'socket.error'>: [Errno 111] Connection refused)
> 2014-09-01 18:12:36 pkispawn    : DEBUG    ........... No connection -
> server may still be down
> 2014-09-01 18:12:36 pkispawn    : DEBUG    ........... No connection -
> exception thrown:
> HTTPSConnectionPool(host='vm-234.idm.lab.eng.brq.redhat.com',
> port=8443): Max retries exceeded with url: /ca/admin/ca/getStatus
> (Caused by <class 'socket.error'>: [Errno 111] Connection refused)
> 2014-09-01 18:12:37 pkispawn    : DEBUG    ........... No connection -
> server may still be down
> 2014-09-01 18:12:37 pkispawn    : DEBUG    ........... No connection -
> exception thrown:
> HTTPSConnectionPool(host='vm-234.idm.lab.eng.brq.redhat.com',
> port=8443): Max retries exceeded with url: /ca/admin/ca/getStatus
> (Caused by <class 'socket.error'>: [Errno 111] Connection refused)
> 2014-09-01 18:12:38 pkispawn    : DEBUG    ........... No connection -
> server may still be down
> 2014-09-01 18:12:38 pkispawn    : DEBUG    ........... No connection -
> exception thrown:
> HTTPSConnectionPool(host='vm-234.idm.lab.eng.brq.redhat.com',
> port=8443): Max retries exceeded with url: /ca/admin/ca/getStatus
> (Caused by <class 'socket.error'>: [Errno 111] Connection refused)
> 2014-09-01 18:12:51 pkispawn    : DEBUG    ........... <?xml
> version="1.0" encoding="UTF-8"
> standalone="no"?><XMLResponse><State>0</State><Type>CA</Type><Status>running</Status><Version>10.1.1-1.fc20</Version></XMLResponse>
>
> 2014-09-01 18:12:52 pkispawn    : INFO     ....... constructing PKI
> configuration data.
> 2014-09-01 18:12:52 pkispawn    : INFO     ....... configuring PKI
> configuration data.
> 2014-09-01 18:12:58 pkispawn    : ERROR    ....... Exception from Java
> Configuration Servlet: Failed to obtain configuration entries from the
> master for cloning org.xml.sax.SAXParseException; Premature end of file.
> 2014-09-01 18:12:58 pkispawn    : DEBUG    ....... Error Type: HTTPError
> 2014-09-01 18:12:58 pkispawn    : DEBUG    ....... Error Message: 500
> Server Error: Internal Server Error
> 2014-09-01 18:12:58 pkispawn    : DEBUG    .......   File
> "/usr/sbin/pkispawn", line 463, in main
>      rv = instance.spawn(deployer)
>    File
> "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py",
> line 126, in spawn
>      json.dumps(data, cls=pki.encoder.CustomTypeEncoder))
>    File
> "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py",
> line 3194, in configure_pki_data
>      response = client.configure(data)
>    File "/usr/lib/python2.7/site-packages/pki/system.py", line 80, in
> configure
>      r = self.connection.post('/rest/installer/configure', data, headers)
>    File "/usr/lib/python2.7/site-packages/pki/client.py", line 64, in post
>      r.raise_for_status()
>    File "/usr/lib/python2.7/site-packages/requests/models.py", line 683,
> in raise_for_status
>      raise HTTPError(http_error_msg, response=self)
>
>
> Ade, do you have any idea what might be going wrong?
>
>


-- 
Jan Cholasta

More information about the Freeipa-devel mailing list