[Freeipa-devel] [PATCH] 0083 Remove internaldb pasword from password.conf
Jan Cholasta
jcholast at redhat.com
Tue Sep 2 09:37:46 UTC 2014
Patch attached.
Dne 2.9.2014 v 09:03 Jan Cholasta napsal(a):
> Also, Dogtag certificate renewal does not work with internaldb removed,
> I'm working on a patch to fix that.
>
> Dne 1.9.2014 v 18:19 Petr Viktorin napsal(a):
>> On 11/06/2013 01:41 PM, Ana Krivokapic wrote:
>>> On 11/06/2013 01:34 PM, Ana Krivokapic wrote:
>>>> Hello,
>>>>
>>>> This patch addresses
>>>> tickethttps://fedorahosted.org/freeipa/ticket/4005.
>>
>> I tried installing a replica with this patch applied to the 4.1 branch,
>> but ipa-ca-install fails with:
>>
>> 2014-09-01T16:12:58Z DEBUG stderr=pkispawn : ERROR .......
>> Exception from Java Configuration Servlet: Failed to obtain
>> configuration entries from the master for cloning
>> org.xml.sax.SAXParseException; Premature end of file.
>>
>> The pkispawn log ends with:
>>
>> 2014-09-01 18:12:35 pkispawn : INFO ... configuring
>> 'pki.server.deployment.scriptlets.configuration'
>> 2014-09-01 18:12:35 pkispawn : INFO ....... mkdir -p
>> /root/.dogtag/pki-tomcat/ca
>> 2014-09-01 18:12:35 pkispawn : DEBUG ........... chmod 755
>> /root/.dogtag/pki-tomcat/ca
>> 2014-09-01 18:12:35 pkispawn : DEBUG ........... chown 0:0
>> /root/.dogtag/pki-tomcat/ca
>> 2014-09-01 18:12:35 pkispawn : INFO ....... generating
>> '/root/.dogtag/pki-tomcat/ca/password.conf'
>> 2014-09-01 18:12:35 pkispawn : INFO ....... modifying
>> '/root/.dogtag/pki-tomcat/ca/password.conf'
>> 2014-09-01 18:12:35 pkispawn : DEBUG ........... chmod 660
>> /root/.dogtag/pki-tomcat/ca/password.conf
>> 2014-09-01 18:12:35 pkispawn : DEBUG ........... chown 0:0
>> /root/.dogtag/pki-tomcat/ca/password.conf
>> 2014-09-01 18:12:35 pkispawn : INFO ....... generating
>> '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf'
>> 2014-09-01 18:12:35 pkispawn : INFO ....... modifying
>> '/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf'
>> 2014-09-01 18:12:35 pkispawn : DEBUG ........... chmod 660
>> /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf
>> 2014-09-01 18:12:35 pkispawn : DEBUG ........... chown 498:498
>> /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf
>> 2014-09-01 18:12:35 pkispawn : INFO ....... executing 'certutil
>> -N -d /tmp/tmp-yRUhk2 -f /root/.dogtag/pki-tomcat/ca/password.conf'
>> 2014-09-01 18:12:35 pkispawn : INFO ....... executing 'systemctl
>> daemon-reload'
>> 2014-09-01 18:12:35 pkispawn : INFO ....... executing 'systemctl
>> start pki-tomcatd at pki-tomcat.service'
>> 2014-09-01 18:12:35 pkispawn : DEBUG ........... No connection -
>> server may still be down
>> 2014-09-01 18:12:35 pkispawn : DEBUG ........... No connection -
>> exception thrown:
>> HTTPSConnectionPool(host='vm-234.idm.lab.eng.brq.redhat.com',
>> port=8443): Max retries exceeded with url: /ca/admin/ca/getStatus
>> (Caused by <class 'socket.error'>: [Errno 111] Connection refused)
>> 2014-09-01 18:12:36 pkispawn : DEBUG ........... No connection -
>> server may still be down
>> 2014-09-01 18:12:36 pkispawn : DEBUG ........... No connection -
>> exception thrown:
>> HTTPSConnectionPool(host='vm-234.idm.lab.eng.brq.redhat.com',
>> port=8443): Max retries exceeded with url: /ca/admin/ca/getStatus
>> (Caused by <class 'socket.error'>: [Errno 111] Connection refused)
>> 2014-09-01 18:12:37 pkispawn : DEBUG ........... No connection -
>> server may still be down
>> 2014-09-01 18:12:37 pkispawn : DEBUG ........... No connection -
>> exception thrown:
>> HTTPSConnectionPool(host='vm-234.idm.lab.eng.brq.redhat.com',
>> port=8443): Max retries exceeded with url: /ca/admin/ca/getStatus
>> (Caused by <class 'socket.error'>: [Errno 111] Connection refused)
>> 2014-09-01 18:12:38 pkispawn : DEBUG ........... No connection -
>> server may still be down
>> 2014-09-01 18:12:38 pkispawn : DEBUG ........... No connection -
>> exception thrown:
>> HTTPSConnectionPool(host='vm-234.idm.lab.eng.brq.redhat.com',
>> port=8443): Max retries exceeded with url: /ca/admin/ca/getStatus
>> (Caused by <class 'socket.error'>: [Errno 111] Connection refused)
>> 2014-09-01 18:12:51 pkispawn : DEBUG ........... <?xml
>> version="1.0" encoding="UTF-8"
>> standalone="no"?><XMLResponse><State>0</State><Type>CA</Type><Status>running</Status><Version>10.1.1-1.fc20</Version></XMLResponse>
>>
>>
>> 2014-09-01 18:12:52 pkispawn : INFO ....... constructing PKI
>> configuration data.
>> 2014-09-01 18:12:52 pkispawn : INFO ....... configuring PKI
>> configuration data.
>> 2014-09-01 18:12:58 pkispawn : ERROR ....... Exception from Java
>> Configuration Servlet: Failed to obtain configuration entries from the
>> master for cloning org.xml.sax.SAXParseException; Premature end of file.
>> 2014-09-01 18:12:58 pkispawn : DEBUG ....... Error Type: HTTPError
>> 2014-09-01 18:12:58 pkispawn : DEBUG ....... Error Message: 500
>> Server Error: Internal Server Error
>> 2014-09-01 18:12:58 pkispawn : DEBUG ....... File
>> "/usr/sbin/pkispawn", line 463, in main
>> rv = instance.spawn(deployer)
>> File
>> "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py",
>>
>> line 126, in spawn
>> json.dumps(data, cls=pki.encoder.CustomTypeEncoder))
>> File
>> "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py",
>> line 3194, in configure_pki_data
>> response = client.configure(data)
>> File "/usr/lib/python2.7/site-packages/pki/system.py", line 80, in
>> configure
>> r = self.connection.post('/rest/installer/configure', data, headers)
>> File "/usr/lib/python2.7/site-packages/pki/client.py", line 64, in
>> post
>> r.raise_for_status()
>> File "/usr/lib/python2.7/site-packages/requests/models.py", line 683,
>> in raise_for_status
>> raise HTTPError(http_error_msg, response=self)
>>
>>
>> Ade, do you have any idea what might be going wrong?
>>
>>
>
>
--
Jan Cholasta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-317-Use-autobind-when-updating-CA-people-entries-during-.patch
Type: text/x-patch
Size: 2208 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140902/fea81cc6/attachment.bin>
More information about the Freeipa-devel
mailing list