[Freeipa-users] ipa host-del
Ade Lee
alee at redhat.com
Wed Sep 5 15:38:42 UTC 2012
weird. Can you try putting selinux in permissive mode, and then
restarting ipa?
On Wed, 2012-09-05 at 08:21 -0700, george he wrote:
> This is a newly installed system. It does most of the things, but I
> just cannot del the host that I have uninstalled ipa-client, which
> prvents me from re-installing ipa-client.
> Here are the versions:
>
> pki-ca.noarch 9.0.3-24.el6
> pki-common.noarch 9.0.3-24.el6
> jss.x86_64 4.2.6-22.el6
> nss.x86_64 3.13.5-1.el6_3
> tomcat6.noarch 6.0.24-45.el6
> java-1.5.0-gcj.x86_64 1.5.0.0-29.1.el6
> java-1.6.0-openjdk.x86_64 1:1.6.0.0-1.48.1.11.3.el6_2
> java_cup.x86_64 1:0.10k-5.el6
> Thanks for your help.
> George
>
>
> ______________________________________________________________
> From: Ade Lee <alee at redhat.com>
> To: george he <george_he7 at yahoo.com>
> Cc: Rob Crittenden <rcritten at redhat.com>;
> "freeipa-users at redhat.com" <freeipa-users at redhat.com>
> Sent: Wednesday, September 5, 2012 10:46 AM
> Subject: Re: [Freeipa-users] ipa host-del
>
>
> The logs seem to show that the CA cannot find JSS.
>
> What versions of the following are on your system?
> pki-ca, pki-common, jss, nss, tomcat6, tomcat, java
>
> Is this a system that was working and now fails to work? Or
> is this a
> new instance?
>
> Ade
> On Wed, 2012-09-05 at 06:41 -0700, george he wrote:
> > there are somethign like these:
> >
> > type=AVC msg=audit(1346710042.243:56): avc: denied
> { execute } for
> > pid=4243 comm="gdm" name="arch" dev=dm-0 ino=786829
> > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> > tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
> > type=AVC msg=audit(1346710042.243:57): avc: denied
> { execute } for
> > pid=4243 comm="gdm" name="arch" dev=dm-0 ino=786829
> > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> > tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
> >
> >
> >
> > and some others like these:
> > type=AVC msg=audit(1346838993.154:2567): avc: denied
> { search } for
> > pid=17155 comm="java" name="gridengine" dev=dm-0 ino=391879
> > scontext=unconfined_u:system_r:pki_ca_t:s0
> > tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir
> > type=AVC msg=audit(1346838993.154:2568): avc: denied
> { search } for
> > pid=17155 comm="java" name="gridengine" dev=dm-0 ino=391879
> > scontext=unconfined_u:system_r:pki_ca_t:s0
> > tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir
> >
> >
> >
> > And yes, I did yum update recently.
> > Where else should I look?
> > Thanks,
> > George
> >
> >
> >
> ______________________________________________________________
> > From: Rob Crittenden <rcritten at redhat.com>
> > To: george he <george_he7 at yahoo.com>
> > Cc: Ade Lee <alee at redhat.com>;
> "freeipa-users at redhat.com"
> > <freeipa-users at redhat.com>
> > Sent: Wednesday, September 5, 2012 8:40 AM
> > Subject: Re: [Freeipa-users] ipa host-del
> >
> >
> > george he wrote:
> > > here are the new errors:
> > > # rm /var/log/pki-ca/*
> > > # service dirsrv restart
> > > # service pki-cad restart
> > > # grep -i error /var/log/pki-ca/*
> > > /var/log/pki-ca/catalina.2012-09-05.log:WARNING:
> Error while
> > removing
> > > context [/ca]
> > > /var/log/pki-ca/catalina.2012-09-05.log:SEVERE:
> Error
> > initializing
> > > socket factory
> >
> > /var/log/pki-ca/catalina.2012-09-05.log:java.lang.ClassNotFoundException: Error
> > > loading SSL Implementation
> > > org.apache.tomcat.util.net.jss.JSSImplementation
> > > :java.lang.ClassNotFoundException:
> > org.mozilla.jss.ssl.SSLSocket
> >
> > /var/log/pki-ca/catalina.2012-09-05.log:LifecycleException:
> > Protocol
> > > handler initialization failed:
> > java.lang.ClassNotFoundException: Error
> > > loading SSL Implementation
> > > org.apache.tomcat.util.net.jss.JSSImplementation
> > > :java.lang.ClassNotFoundException:
> > org.mozilla.jss.ssl.SSLSocket
> > > /var/log/pki-ca/catalina.2012-09-05.log:SEVERE:
> Error
> > deploying web
> > > application directory ca
> > > /var/log/pki-ca/catalina.out:SEVERE: Error
> initializing
> > socket factory
> >
> > /var/log/pki-ca/catalina.out:java.lang.ClassNotFoundException: Error
> > > loading SSL Implementation
> > > org.apache.tomcat.util.net.jss.JSSImplementation
> > > :java.lang.ClassNotFoundException:
> > org.mozilla.jss.ssl.SSLSocket
> > > /var/log/pki-ca/catalina.out:LifecycleException:
> Protocol
> > handler
> > > initialization failed:
> java.lang.ClassNotFoundException:
> > Error loading
> > > SSL Implementation
> > org.apache.tomcat.util.net.jss.JSSImplementation
> > > :java.lang.ClassNotFoundException:
> > org.mozilla.jss.ssl.SSLSocket
> > > /var/log/pki-ca/catalina.out:SEVERE: Error
> deploying web
> > application
> > > directory ca
> > > /var/log/pki-ca/catalina.out:SEVERE: Error
> initializing
> > socket factory
> >
> > /var/log/pki-ca/catalina.out:java.lang.ClassNotFoundException: Error
> > > loading SSL Implementation
> > > org.apache.tomcat.util.net.jss.JSSImplementation
> > > :java.lang.ClassNotFoundException:
> > org.mozilla.jss.ssl.SSLSocket
> > > /var/log/pki-ca/catalina.out:LifecycleException:
> Protocol
> > handler
> > > initialization failed:
> java.lang.ClassNotFoundException:
> > Error loading
> > > SSL Implementation
> > org.apache.tomcat.util.net.jss.JSSImplementation
> > > :java.lang.ClassNotFoundException:
> > org.mozilla.jss.ssl.SSLSocket
> >
> > Hmm. Is there any additional information in the debug
> log? Any
> > AVCs in
> > /var/log/audit/audit.log?
> >
> > Have you updated any packages recently? I'm not sure
> why
> > dogtag would be
> > throwing this exception.
> >
> > rob
> >
> > >
> > >
> >
> ------------------------------------------------------------------------
> > > *From:* Rob Crittenden <rcritten at redhat.com>
> > > *To:* george he <george_he7 at yahoo.com>
> > > *Cc:* John Dennis <jdennis at redhat.com>;
> > "freeipa-users at redhat.com"
> > > <freeipa-users at redhat.com>
> > > *Sent:* Tuesday, September 4, 2012 9:49 PM
> > > *Subject:* Re: [Freeipa-users] ipa host-del
> > >
> > > george he wrote:
> > > > both of the commands "service dirsrv
> restart" and
> > "service pki-cad
> > > > restart" reported:
> > > > stopping ... OK
> > > > starting ... OK
> > > > but host-del still has the same error.
> > > > More suggestions?
> > >
> > > Check the logs again. The service starting does
> not mean
> > it kept
> > > running.
> > >
> > > rob
> > >
> > > > Thanks,
> > > > George
> > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------
> > > > *From:* Rob Crittenden
> <rcritten at redhat.com
> > > <mailto:rcritten at redhat.com>>
> > > > *To:* george he <george_he7 at yahoo.com
> > > <mailto:george_he7 at yahoo.com>>
> > > > *Cc:* John Dennis <jdennis at redhat.com
> > > <mailto:jdennis at redhat.com>>;
> "freeipa-users at redhat.com
> > > <mailto:freeipa-users at redhat.com>"
> > > > <freeipa-users at redhat.com
> > <mailto:freeipa-users at redhat.com>>
> > > > *Sent:* Tuesday, September 4, 2012 4:20
> PM
> > > > *Subject:* Re: [Freeipa-users] ipa
> host-del
> > > >
> > > > george he wrote:
> > > > > I'm running centos 6.3
> > > > > # uname -r
> > > > > 2.6.32-279.5.2.el6.x86_64
> > > > >
> > > > > pki-ca: unrecognized service
> > > > >
> > > > > There are tons of errors
> in /var/log/pki-ca/*,
> > some of
> > > them are:
> > > > > /var/log/pki-ca/system:11605.main -
> > [30/Aug/2012:16:34:56 EDT]
> > > > [3] [3]
> > > > > Cannot build CA chain. Error
> > > java.security.cert.CertificateException:
> > > > > Certificate is not a PKCS #11
> certificate
> > > > > /var/log/pki-ca/system:11605.main -
> > [30/Aug/2012:16:34:56 EDT]
> > > > [13] [3]
> > > > > authz instance DirAclAuthz
> initialization
> > failed and skipped,
> > > > > error=Property
> internaldb.ldapconn.port
> > missing value
> > > >
> > /var/log/pki-ca/system:11605.http-9445-1 -
> > > [30/Aug/2012:16:35:01 EDT]
> > > > > [3] [3] Cannot build CA chain. Error
> > > > >
> java.security.cert.CertificateException:
> > Certificate is not a
> > > > PKCS #11
> > > > > certificate
> > > >
> > /var/log/pki-ca/system:11605.http-9445-1 -
> > > [30/Aug/2012:16:35:10 EDT]
> > > > > [3] [3] CASigningUnit: Object
> certificate not
> > found. Error
> > > > >
> org.mozilla.jss.crypto.ObjectNotFoundException
> > > > > /var/log/pki-ca/system:3281.main -
> > [31/Aug/2012:17:54:28
> > > EDT] [8]
> > > > [3] In
> > > > > Ldap (bound) connection pool to host
> > > cushing.psych.yale.edu port
> > > > 7389,
> > > > > Cannot connect to LDAP server. Error:
> > > netscape.ldap.LDAPException:
> > > > > failed to connect to server
> > > ldap://cushing.psych.yale.edu:7389 (91)
> > > > >
> > > >
> > > /var/log/pki-ca/catalina.2012-09-03.log:SEVERE:
> Error
> > > initializing
> > > > > socket factory
> > > > >
> > > >
> > >
> >
> /var/log/pki-ca/catalina.2012-09-03.log:java.lang.ClassNotFoundException:
> > > > Error
> > > > > loading SSL Implementation
> > > > >
> > org.apache.tomcat.util.net.jss.JSSImplementation
> > > > > :java.lang.ClassNotFoundException:
> > > org.mozilla.jss.ssl.SSLSocket
> > > > >
> > >
> >
> /var/log/pki-ca/catalina.2012-09-03.log:LifecycleException:
> > Protocol
> > > > > handler initialization failed:
> > > java.lang.ClassNotFoundException:
> > > > Error
> > > > > loading SSL Implementation
> > > > >
> > org.apache.tomcat.util.net.jss.JSSImplementation
> > > > > :java.lang.ClassNotFoundException:
> > > org.mozilla.jss.ssl.SSLSocket
> > > >
> > > /var/log/pki-ca/catalina.2012-09-03.log:SEVERE:
> Error
> > > deploying web
> > > > > application directory ca
> > > >
> > > > The problem looks to be that the dogtag
> 389-ds
> > instance is not
> > > started.
> > > > I'd try: service dirsrv restart PKI-IPA
> > > >
> > > > Then service pki-cad restart
> > > >
> > > > rob
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> >
> >
> >
> >
>
>
>
>
>
More information about the Freeipa-users
mailing list