[Freeipa-users] RHEL 7 Upgrade experience so far
Erinn Looney-Triggs
erinn.looneytriggs at gmail.com
Mon Aug 4 22:03:29 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 08/04/2014 01:51 PM, Ade Lee wrote:
> OK - I suspect you may be running into an issue with serial number
> generation. Each time we install a clone, we end up allocating a
> new range of serial numbers for the clone.
>
> The idea is to keep separate ranges for each CA replica so that no
> two replicas can issue certs with the same serial number.
>
> The problem is that you've probably retried the install a whole
> bunch of times and now perhaps the serial number range is too
> high.
>
> This is just a guess - but you can see what ranges have been
> assigned by looking in :
>
> 1, ou-ranges, o=ipaca (on the master directory server) 2. CS.cfg
> for the master (look for the attributes dbs.* 3. The value of the
> attribute nextRange on : ou=certificateRepository, o=ipaca and
> ou=Requests, o=ipaca
>
> Please send me that info, and I'll explain how to clean that up.
>
> Ade
>
> On Mon, 2014-08-04 at 12:10 -0700, Erinn Looney-Triggs wrote:
>> On 08/04/2014 11:48 AM, Ade Lee wrote:
>>> OK - so its not really even getting started on the install.
>>> My guess is there is some cruft from previous
>>> installs/uninstalls that was not cleaned up. Is there anything
>>> in the directory server logs on the RHEL7 machine? What
>>> operation is being attempted that the server is refusing to
>>> perform?
>>>
>>> Ade
>>>
>>
>> Ok I moved on past this issue. Problem was minssf was set to 56
>> on the RHEL 7 dirsrv instance, setting it to 0 resolved this
>> issue. Thanks for having me check the dir on the RHEL 7 instance
>> I was assuming it was hitting against the RHEL 6.5 instance and
>> was finding basically nothing there.
>>
>>
>> This run looks like it pulled a lot more information in but it
>> still errored out.
>>
>> ipa : DEBUG stderr=pkispawn : WARNING .......
>> unable to validate security domain user/password through REST
>> interface. Interface not available pkispawn : ERROR .......
>> Exception from Java Configuration Servlet: Error in confguring
>> system certificatesjava.security.cert.CertificateException:
>> Unable to initialize, java.io.IOException: DerInput.getLength():
>> lengthTag=127, too big.
>>
>> ipa : CRITICAL failed to configure ca instance Command
>> '/usr/sbin/pkispawn -s CA -f /tmp/tmpbTnSRM' returned non-zero
>> exit status 1
>>
>> From the /var/log/pki/pki-tomcat/ca/debug log on the RHEL 7
>> instance:
>>
>> [04/Aug/2014:19:02:36][http-bio-8443-exec-3]: initializing with
>> mininum 3 and maximum 15 connections to host ipa2.abaqis.com port
>> 389, secure connection, false, authentication type 1
>> [04/Aug/2014:19:02:36][http-bio-8443-exec-3]: increasing minimum
>> connections by 3 [04/Aug/2014:19:02:36][http-bio-8443-exec-3]:
>> new total available connections 3
>> [04/Aug/2014:19:02:36][http-bio-8443-exec-3]: new number of
>> connections 3 [04/Aug/2014:19:02:36][http-bio-8443-exec-3]: In
>> LdapBoundConnFactory::getConn()
>> [04/Aug/2014:19:02:36][http-bio-8443-exec-3]: masterConn is
>> connected: true [04/Aug/2014:19:02:36][http-bio-8443-exec-3]:
>> getConn: conn is connected true
>> [04/Aug/2014:19:02:36][http-bio-8443-exec-3]: getConn: mNumConns
>> now 2 [04/Aug/2014:19:02:36][http-bio-8443-exec-3]: importLDIFS:
>> param=preop.internaldb.post_ldif
>> [04/Aug/2014:19:02:36][http-bio-8443-exec-3]: importLDIFS(): ldif
>> file = /usr/share/pki/ca/conf/vlv.ldif
>> [04/Aug/2014:19:02:36][http-bio-8443-exec-3]: importLDIFS(): ldif
>> file copy to /var/lib/pki/pki-tomcat/ca/conf/vlv.ldif
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]: importLDIFS():
>> LDAP Errors in importing
>> /var/lib/pki/pki-tomcat/ca/conf/vlv.ldif
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=allCerts-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins,
>> cn=config:netscape.ldap.LDAPException: error result (32);
>> matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=allExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=allInvalidCerts-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=allInValidCertsNotBefore-pki-tomcat, cn=ipaca, cn=ldbm
>> database, cn=plugins, cn=config:netscape.ldap.LDAPException:
>> error result (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=allNonRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=allRevokedCaCerts-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=allRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=allRevokedCertsNotAfter-pki-tomcat, cn=ipaca, cn=ldbm
>> database, cn=plugins, cn=config:netscape.ldap.LDAPException:
>> error result (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=allRevokedExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=allRevokedOrRevokedExpiredCaCerts-pki-tomcat, cn=ipaca,
>> cn=ldbm database, cn=plugins,
>> cn=config:netscape.ldap.LDAPException: error result (32);
>> matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=allRevokedOrRevokedExpiredCerts-pki-tomcat, cn=ipaca, cn=ldbm
>> database, cn=plugins, cn=config:netscape.ldap.LDAPException:
>> error result (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=allValidCerts-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=allValidCertsNotAfter-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=allValidOrRevokedCerts-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=caAll-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins,
>> cn=config:netscape.ldap.LDAPException: error result (32);
>> matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=caCanceled-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins,
>> cn=config:netscape.ldap.LDAPException: error result (32);
>> matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=caCanceledEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=caCanceledRenewal-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=caCanceledRevocation-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=caComplete-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins,
>> cn=config:netscape.ldap.LDAPException: error result (32);
>> matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=caCompleteEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=caCompleteRenewal-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=caCompleteRevocation-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=caEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=caPending-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins,
>> cn=config:netscape.ldap.LDAPException: error result (32);
>> matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=caPendingEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=caPendingRenewal-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=caPendingRevocation-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=caRejected-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins,
>> cn=config:netscape.ldap.LDAPException: error result (32);
>> matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=caRejectedEnrollment-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=caRejectedRenewal-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=caRejectedRevocation-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=caRenewal-pki-tomcat, cn=ipaca, cn=ldbm database, cn=plugins,
>> cn=config:netscape.ldap.LDAPException: error result (32);
>> matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]:
>> LDAPUtil:importLDIF: exception in adding entry
>> cn=caRevocation-pki-tomcat, cn=ipaca, cn=ldbm database,
>> cn=plugins, cn=config:netscape.ldap.LDAPException: error result
>> (32); matchedDN = o=ipaca
>>
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]: importLDIFS(): ldif
>> file = /usr/share/pki/ca/conf/vlvtasks.ldif
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]: importLDIFS(): ldif
>> file copy to /var/lib/pki/pki-tomcat/ca/conf/vlvtasks.ldif
>> [04/Aug/2014:19:02:37][http-bio-8443-exec-3]: Checking wait_dn
>> cn=index1160589769, cn=index, cn=tasks, cn=config
>> [04/Aug/2014:19:02:40][http-bio-8443-exec-3]: configCert: caType
>> is local [04/Aug/2014:19:02:40][http-bio-8443-exec-3]:
>> NamePanel: updateConfig() for certTag sslserver
>> [04/Aug/2014:19:02:40][http-bio-8443-exec-3]: updateConfig()
>> done [04/Aug/2014:19:02:40][http-bio-8443-exec-3]: Creating
>> local certificate... certTag=sslserver
>> [04/Aug/2014:19:02:40][http-bio-8443-exec-3]: In
>> LdapBoundConnFactory::getConn()
>> [04/Aug/2014:19:02:40][http-bio-8443-exec-3]: masterConn is
>> connected: true [04/Aug/2014:19:02:40][http-bio-8443-exec-3]:
>> getConn: conn is connected true
>> [04/Aug/2014:19:02:40][http-bio-8443-exec-3]: getConn: mNumConns
>> now 2 [04/Aug/2014:19:02:40][http-bio-8443-exec-3]: Repository:
>> getSerialNumber. [04/Aug/2014:19:02:40][http-bio-8443-exec-3]:
>> returnConn: mNumConns now 3 Record not found at
>> com.netscape.cmscore.dbs.DBSSession.read(DBSSession.java:179) at
>> com.netscape.cmscore.dbs.DBSSession.read(DBSSession.java:135) at
>> com.netscape.cmscore.dbs.Repository.getSerialNumber(Repository.java:140)
>>
>>
at
>> com.netscape.cmscore.dbs.Repository.initCache(Repository.java:259)
>>
>>
at
>> com.netscape.cmscore.dbs.Repository.initCacheIfNeeded(Repository.java:331)
>>
>>
at
>> com.netscape.cmscore.dbs.CertificateRepository.getNextSerialNumber(CertificateRepository.java:261)
>>
>>
at
>> com.netscape.cms.servlet.csadmin.CertUtil.createLocalCert(CertUtil.java:391)
>>
>>
at
>> com.netscape.cms.servlet.csadmin.ConfigurationUtils.configCert(ConfigurationUtils.java:2323)
>>
>>
at
>> com.netscape.cms.servlet.csadmin.SystemConfigService.configure(SystemConfigService.java:517)
>>
>>
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>
>>
at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>
>>
at java.lang.reflect.Method.invoke(Method.java:606)
>> at
>> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:167)
>>
>>
at
>> org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:257)
>>
>>
at
>> org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:222)
>>
>>
at
>> org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:211)
>>
>>
at
>> org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:542)
>>
>>
at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:524)
>>
>>
at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:126)
>>
>>
at
>> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208)
>>
>>
at
>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55)
>>
>>
at
>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50)
>>
>>
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>
>>
at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>
>>
at java.lang.reflect.Method.invoke(Method.java:606)
>> at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277)
>>
>>
at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
>>
>>
at java.security.AccessController.doPrivileged(Native Method)
>> at javax.security.auth.Subject.doAsPrivileged(Subject.java:536)
>> at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309)
>>
>>
at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:169)
>>
>>
at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:299)
>>
>>
at
>> org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57)
>>
>>
at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193)
>>
>>
at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
>>
>>
at java.security.AccessController.doPrivileged(Native Method)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>>
>>
at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
>>
>>
at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
>>
>>
at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
>>
>>
at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
>>
>>
at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
>>
>>
at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>>
>>
at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
>>
>>
at
>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1024)
>>
>>
at
>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
>>
>>
at
>> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
>>
>>
at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>>
>>
at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>>
>>
at java.lang.Thread.run(Thread.java:745)
>> [04/Aug/2014:19:02:40][http-bio-8443-exec-3]: NamePanel
>> configCert() exception caught:Record not found
>> [04/Aug/2014:19:02:40][http-bio-8443-exec-3]: NamePanel
>> configCert: failed to add metainfo. Exception:
>> java.lang.NullPointerException
>> [04/Aug/2014:19:02:40][http-bio-8443-exec-3]: In
>> LdapBoundConnFactory::getConn()
>> [04/Aug/2014:19:02:40][http-bio-8443-exec-3]: masterConn is
>> connected: true [04/Aug/2014:19:02:40][http-bio-8443-exec-3]:
>> getConn: conn is connected true
>> [04/Aug/2014:19:02:40][http-bio-8443-exec-3]: getConn: mNumConns
>> now 2 [04/Aug/2014:19:02:40][http-bio-8443-exec-3]: returnConn:
>> mNumConns now 3 [04/Aug/2014:19:02:40][http-bio-8443-exec-3]:
>> NamePanel configCert: failed to add certificate record.
>> Exception: java.lang.NullPointerException
>> [04/Aug/2014:19:02:40][http-bio-8443-exec-3]: NamePanel update:
>> Exception: java.lang.NullPointerException
>> [04/Aug/2014:19:02:40][http-bio-8443-exec-3]: handleCertRequest:
>> tag=sslserver [04/Aug/2014:19:02:40][http-bio-8443-exec-3]:
>> privKeyID=-45cf0bca8e8c04dc7904f4c273f6e3793185c997
>> [04/Aug/2014:19:02:40][http-bio-8443-exec-3]: handleCertRequest:
>> created cert request
>> [04/Aug/2014:19:02:40][http-bio-8443-exec-3]: handleCerts(): for
>> cert tag sslserver
>>
>>
>>
>> And from catalina.out on the same system:
>> java.security.cert.CertificateException: Unable to initialize,
>> java.io.IOException: DerInput.getLength(): lengthTag=127, too
>> big. at
>> netscape.security.x509.X509CertImpl.<init>(X509CertImpl.java:186)
>>
>>
at
>> netscape.security.x509.X509CertImpl.<init>(X509CertImpl.java:160)
>>
>>
at
>> com.netscape.cms.servlet.csadmin.ConfigurationUtils.handleCerts(ConfigurationUtils.java:2718)
>>
>>
at
>> com.netscape.cms.servlet.csadmin.SystemConfigService.configure(SystemConfigService.java:575)
>>
>>
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>
>>
at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>
>>
at java.lang.reflect.Method.invoke(Method.java:606)
>> at
>> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:167)
>>
>>
at
>> org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:257)
>>
>>
at
>> org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:222)
>>
>>
at
>> org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:211)
>>
>>
at
>> org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:542)
>>
>>
at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:524)
>>
>>
at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:126)
>>
>>
at
>> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208)
>>
>>
at
>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55)
>>
>>
at
>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50)
>>
>>
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>
>>
at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>
>>
at java.lang.reflect.Method.invoke(Method.java:606)
>> at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277)
>>
>>
at
>> org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274)
>>
>>
at java.security.AccessController.doPrivileged(Native Method)
>> at javax.security.auth.Subject.doAsPrivileged(Subject.java:536)
>> at
>> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309)
>>
>>
at
>> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:169)
>>
>>
at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:299)
>>
>>
at
>> org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:57)
>>
>>
at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:193)
>>
>>
at
>> org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189)
>>
>>
at java.security.AccessController.doPrivileged(Native Method)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>>
>>
at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
>>
>>
at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
>>
>>
at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
>>
>>
at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
>>
>>
at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
>>
>>
at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>>
>>
at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
>>
>>
at
>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1024)
>>
>>
at
>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
>>
>>
at
>> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
>>
>>
at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>>
>>
at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>>
>>
at java.lang.Thread.run(Thread.java:745)
>>
>> And the last bit from pkispawn: 2014-08-04 19:02:40 pkispawn :
>> ERROR ....... Exception from Java Configuration Servlet: Error
>> in confguring system
>> certificatesjava.security.cert.CertificateException: Unable to
>> initialize, java.io.IOException: DerInput.getLength():
>> lengthTag=127, too big. 2014-08-04 19:02:40 pkispawn : DEBUG
>> ....... Error Type: HTTPError 2014-08-04 19:02:40 pkispawn :
>> DEBUG ....... Error Message: 500 Server Error: Internal Server
>> Error 2014-08-04 19:02:40 pkispawn : DEBUG ....... File
>> "/usr/sbin/pkispawn", line 374, in main rv = instance.spawn()
>> File
>> "/usr/lib/python2.7/site-packages/pki/deployment/configuration.py",
>>
>>
line 128, in spawn
>> json.dumps(data, cls=pki.encoder.CustomTypeEncoder)) File
>> "/usr/lib/python2.7/site-packages/pki/deployment/pkihelper.py",
>> line 2998, in configure_pki_data response =
>> client.configure(data) File
>> "/usr/lib/python2.7/site-packages/pki/system.py", line 80, in
>> configure r = self.connection.post('/rest/installer/configure',
>> data, headers) File
>> "/usr/lib/python2.7/site-packages/pki/client.py", line 64, in
>> post r.raise_for_status() File
>> "/usr/lib/python2.7/site-packages/requests/models.py", line 638,
>> in raise_for_status raise http_error
>>
>>
>> -Erinn
>
>
Here you go:
dbs.beginReplicaNumber=1
dbs.beginRequestNumber=1
dbs.beginSerialNumber=1
dbs.enableSerialManagement=true
dbs.endReplicaNumber=50
dbs.endRequestNumber=9900000
dbs.endSerialNumber=ff60000
dbs.ldap=internaldb
dbs.newSchemaEntryAdded=true
dbs.replicaCloneTransferNumber=5
dbs.replicaDN=ou=replica
dbs.replicaIncrement=100
dbs.replicaLowWaterMark=20
dbs.replicaRangeDN=ou=replica, ou=ranges
dbs.requestCloneTransferNumber=10000
dbs.requestDN=ou=ca, ou=requests
dbs.requestIncrement=10000000
dbs.requestLowWaterMark=2000000
dbs.requestRangeDN=ou=requests, ou=ranges
dbs.serialCloneTransferNumber=10000
dbs.serialDN=ou=certificateRepository, ou=ca
dbs.serialIncrement=10000000
dbs.serialLowWaterMark=2000000
dbs.serialRangeDN=ou=certificateRepository, ou=ranges
Unfortunately, things seem to have gone further south on the RHEL 6.5
CA instance now. This just seems to be my luck on this replica
install. From the debug of the ipa-ca-install:
ipa : DEBUG Starting external process
ipa : DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmp1G6jOw
ipa : DEBUG Process finished, return code=1
ipa : DEBUG stdout=Loading deployment configuration from
/tmp/tmp1G6jOw.
ERROR: Unable to access security domain: 404 Client Error: Not Found
ipa : DEBUG stderr=
ipa : CRITICAL failed to configure ca instance Command
'/usr/sbin/pkispawn -s CA -f /tmp/tmp1G6jOw' returned non-zero exit
status 1
I can see in the apache logs on the RHEL 6.5 instance it errors out:
[Mon Aug 04 21:06:02 2014] [error] [client
2001:4870:800e:301:862b:2bff:fe67:704d] File does not exist:
/var/www/html/ca
This is supposed to be mapped via ajp to localhost:9447 which does
appear to be listening. Anyway, I am in the throws of that currently,
but let me know if those ranges are out of control big.
- -Erinn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJT4AMrAAoJEFg7BmJL2iPOzOcIAKTjuVyfVz8TBSkQ/3vyUrMT
3Ro+ybd5ihyiXRXEEIDrZSFJym0rUa6CYGB+xEAZgU2nL92W1XwdfXZg1xyL9usF
U/wLxrJnBXUmNe+L+P111VM5PDBct6heAhA9IHpEdt/8w2OqXxoxAy4FdvrPeury
as2L1+PPT5tic8BA8ei9SlflGrOMMhlI1tmjfVkn7VER+eT2XkLKwHckjLHMRxFp
/lBUFA/FmOsBXc4Gab62ij+feGTZvcazcexBP7jnlQAuHCSo4wgKCN4GiGYmVvam
OPKL+OLxOAtPfF9aqYr5UfTCQicj9LWK02V4cfPpO/Gjx7Zay2LJJzxHQ2aNS60=
=pdRb
-----END PGP SIGNATURE-----
More information about the Freeipa-users
mailing list