[Pki-users] Error installing alpha 10

Mike Mercier mmercier at gmail.com
Wed Mar 28 18:50:35 UTC 2012 

Hello,

On Wed, Mar 28, 2012 at 2:12 PM, Ade Lee <alee at redhat.com> wrote:
> I had noticed those selinux errors in the past, but I don't think they
> would have prevented the server from coming up.
>
> We'd need to look at the logs to figure out why that happened.  So
> please try a pkicreate again, and then look
> at /var/log/pki-ca/catalina.out (or whatever files are
> under /var/log/pki-ca and /var/log/messages

[root at localhost ~]# more /var/log/pki-ca/catalina.out
/usr/sbin/tomcat6: line 41: /var/run/pki-ca.pid: Permission denied
/usr/sbin/tomcat6: line 30: /var/lib/pki-ca/logs/catalina.out: Permission denied

/var/log/message
Mar 28 14:34:33 localhost pkicontrol[2678]: chown: invalid group:
`pliuser:pliuser'
Mar 28 14:34:33 localhost pkicontrol[2678]: chown: invalid group:
`pliuser:pliuser'
Mar 28 14:34:33 localhost systemd[1]: pki-cad at pki-ca.service: control
process exited, code=exited status=1
Mar 28 14:34:33 localhost systemd[1]: Unit pki-cad at pki-ca.service
entered failed state.

I seem to have done the following in my command line:
-user=pliuser -group=pkiuser     l <-> k

changing user to pkiuser resolved the issue.

Thanks,
Mike

>
> Thanks,
> Ade
>
> On Wed, 2012-03-28 at 13:46 -0400, Mike Mercier wrote:
>> Hello,
>>
>> I tried to setup an instance of alpha 10 without success:
>>
>> [root at localhost log]# more /etc/redhat-release
>> Fedora release 16 (Verne)
>> [root at localhost log]# rpm -qa|grep pki
>> pki-common-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.noarch
>> dogtag-pki-ca-theme-10.0.0-0.1.a1.20120315T0001z.git4f7ada5.fc16.noarch
>> pki-selinux-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.noarch
>> pki-deploy-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.noarch
>> pki-symkey-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.x86_64
>> pki-util-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.noarch
>> pki-setup-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.noarch
>> dogtag-pki-common-theme-10.0.0-0.1.a1.20120315T0001z.git4f7ada5.fc16.noarch
>> pki-native-tools-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.x86_64
>> pki-ca-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.noarch
>> pki-java-tools-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.noarch
>>
>> [root at localhost ~]# pkicreate -pki_instance_root=/var/lib
>> -pki_instance_name=pki-ca -subsystem_type=ca -agent_secure_port=9443
>> -ee_secure_port=9444 -ee_secure_client_auth_port=9446
>> -admin_secure_port=9445 -unsecure_port=9180 -tomcat_server_port=9701
>> -user=pliuser -group=pkiuser -redirect conf=/etc/pki-ca -redirect
>> logs=/var/log/pki-ca -verbose
>>
>> I see the following errors when running the above command:
>>
>> [debug]     Attempting to add hardware security modules to system if
>> applicable ...
>> [debug]         module name: lunasa  lib:
>> /usr/lunasa/lib/libCryptoki2_64.so DOES NOT EXIST!
>> [debug]         module name: nfast  lib:
>> /opt/nfast/toolkits/pkcs11/libcknfast.so DOES NOT EXIST!
>> [debug] configuring SELinux ...
>> [error] Failed setting selinux context pki_ca_port_t for 9180.  Port
>> already defined otherwise.
>> [error] Failed setting selinux context pki_ca_port_t for 9701.  Port
>> already defined otherwise.
>> [error] Failed setting selinux context pki_ca_port_t for 9443.  Port
>> already defined otherwise.
>> [error] Failed setting selinux context pki_ca_port_t for 9444.  Port
>> already defined otherwise.
>> [error] Failed setting selinux context pki_ca_port_t for 9446.  Port
>> already defined otherwise.
>> [error] Failed setting selinux context pki_ca_port_t for 9445.  Port
>> already defined otherwise.
>> [debug] Selinux contexts already set. No need to run semanage.
>> [debug] Running restorecon commands
>>
>> [error] FAILED run_command("/bin/systemctl restart
>> pki-cad at pki-ca.service"), exit status=1 output="Job failed. See system
>> logs and 'systemctl status' for details."
>>
>> [root at localhost log]# netstat -l
>> Active Internet connections (only servers)
>> Proto Recv-Q Send-Q Local Address               Foreign Address
>>      State
>> tcp        0      0 localhost.localdomain:ipp   *:*
>>      LISTEN
>> tcp        0      0 localhost.localdomain:smtp  *:*
>>      LISTEN
>> tcp        0      0 *:9830                      *:*
>>      LISTEN
>> tcp        0      0 *:47372                     *:*
>>      LISTEN
>> tcp        0      0 *:sunrpc                    *:*
>>      LISTEN
>> tcp        0      0 *:ssh                       *:*
>>      LISTEN
>> tcp        0      0 *:ipp                       *:*
>>      LISTEN
>> tcp        0      0 *:45602                     *:*
>>      LISTEN
>> tcp        0      0 *:sunrpc                    *:*
>>      LISTEN
>> tcp        0      0 *:ssh                       *:*
>>      LISTEN
>> udp        0      0 *:64440                     *:*
>> udp        0      0 *:mdns                      *:*
>> udp        0      0 *:42572                     *:*
>> udp        0      0 *:bootpc                    *:*
>> udp        0      0 *:sunrpc                    *:*
>> udp        0      0 *:ntp                       *:*
>> udp        0      0 *:323                       *:*
>> udp        0      0 *:51643                     *:*
>> udp        0      0 *:ipp                       *:*
>> udp        0      0 *:entrust-kmsh              *:*
>> udp        0      0 localhost.localdomain:733   *:*
>> udp        0      0 *:38474                     *:*
>> udp        0      0 *:sunrpc                    *:*
>> udp        0      0 *:ntp                       *:*
>> udp        0      0 *:323                       *:*
>> udp        0      0 *:23085                     *:*
>> udp        0      0 *:entrust-kmsh              *:*
>>
>> Any ideas?
>>
>> Note: I have already perfomed a pkiremove.
>>
>> Thanks,
>> Mike
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>
>

More information about the Pki-users mailing list