[Pki-users] Error installing alpha 10
Mike Mercier
mmercier at gmail.com
Wed Mar 28 18:50:35 UTC 2012
Hello,
On Wed, Mar 28, 2012 at 2:12 PM, Ade Lee <alee at redhat.com> wrote:
> I had noticed those selinux errors in the past, but I don't think they
> would have prevented the server from coming up.
>
> We'd need to look at the logs to figure out why that happened. So
> please try a pkicreate again, and then look
> at /var/log/pki-ca/catalina.out (or whatever files are
> under /var/log/pki-ca and /var/log/messages
[root at localhost ~]# more /var/log/pki-ca/catalina.out
/usr/sbin/tomcat6: line 41: /var/run/pki-ca.pid: Permission denied
/usr/sbin/tomcat6: line 30: /var/lib/pki-ca/logs/catalina.out: Permission denied
/var/log/message
Mar 28 14:34:33 localhost pkicontrol[2678]: chown: invalid group:
`pliuser:pliuser'
Mar 28 14:34:33 localhost pkicontrol[2678]: chown: invalid group:
`pliuser:pliuser'
Mar 28 14:34:33 localhost systemd[1]: pki-cad at pki-ca.service: control
process exited, code=exited status=1
Mar 28 14:34:33 localhost systemd[1]: Unit pki-cad at pki-ca.service
entered failed state.
I seem to have done the following in my command line:
-user=pliuser -group=pkiuser l <-> k
changing user to pkiuser resolved the issue.
Thanks,
Mike
>
> Thanks,
> Ade
>
> On Wed, 2012-03-28 at 13:46 -0400, Mike Mercier wrote:
>> Hello,
>>
>> I tried to setup an instance of alpha 10 without success:
>>
>> [root at localhost log]# more /etc/redhat-release
>> Fedora release 16 (Verne)
>> [root at localhost log]# rpm -qa|grep pki
>> pki-common-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.noarch
>> dogtag-pki-ca-theme-10.0.0-0.1.a1.20120315T0001z.git4f7ada5.fc16.noarch
>> pki-selinux-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.noarch
>> pki-deploy-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.noarch
>> pki-symkey-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.x86_64
>> pki-util-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.noarch
>> pki-setup-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.noarch
>> dogtag-pki-common-theme-10.0.0-0.1.a1.20120315T0001z.git4f7ada5.fc16.noarch
>> pki-native-tools-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.x86_64
>> pki-ca-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.noarch
>> pki-java-tools-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.noarch
>>
>> [root at localhost ~]# pkicreate -pki_instance_root=/var/lib
>> -pki_instance_name=pki-ca -subsystem_type=ca -agent_secure_port=9443
>> -ee_secure_port=9444 -ee_secure_client_auth_port=9446
>> -admin_secure_port=9445 -unsecure_port=9180 -tomcat_server_port=9701
>> -user=pliuser -group=pkiuser -redirect conf=/etc/pki-ca -redirect
>> logs=/var/log/pki-ca -verbose
>>
>> I see the following errors when running the above command:
>>
>> [debug] Attempting to add hardware security modules to system if
>> applicable ...
>> [debug] module name: lunasa lib:
>> /usr/lunasa/lib/libCryptoki2_64.so DOES NOT EXIST!
>> [debug] module name: nfast lib:
>> /opt/nfast/toolkits/pkcs11/libcknfast.so DOES NOT EXIST!
>> [debug] configuring SELinux ...
>> [error] Failed setting selinux context pki_ca_port_t for 9180. Port
>> already defined otherwise.
>> [error] Failed setting selinux context pki_ca_port_t for 9701. Port
>> already defined otherwise.
>> [error] Failed setting selinux context pki_ca_port_t for 9443. Port
>> already defined otherwise.
>> [error] Failed setting selinux context pki_ca_port_t for 9444. Port
>> already defined otherwise.
>> [error] Failed setting selinux context pki_ca_port_t for 9446. Port
>> already defined otherwise.
>> [error] Failed setting selinux context pki_ca_port_t for 9445. Port
>> already defined otherwise.
>> [debug] Selinux contexts already set. No need to run semanage.
>> [debug] Running restorecon commands
>>
>> [error] FAILED run_command("/bin/systemctl restart
>> pki-cad at pki-ca.service"), exit status=1 output="Job failed. See system
>> logs and 'systemctl status' for details."
>>
>> [root at localhost log]# netstat -l
>> Active Internet connections (only servers)
>> Proto Recv-Q Send-Q Local Address Foreign Address
>> State
>> tcp 0 0 localhost.localdomain:ipp *:*
>> LISTEN
>> tcp 0 0 localhost.localdomain:smtp *:*
>> LISTEN
>> tcp 0 0 *:9830 *:*
>> LISTEN
>> tcp 0 0 *:47372 *:*
>> LISTEN
>> tcp 0 0 *:sunrpc *:*
>> LISTEN
>> tcp 0 0 *:ssh *:*
>> LISTEN
>> tcp 0 0 *:ipp *:*
>> LISTEN
>> tcp 0 0 *:45602 *:*
>> LISTEN
>> tcp 0 0 *:sunrpc *:*
>> LISTEN
>> tcp 0 0 *:ssh *:*
>> LISTEN
>> udp 0 0 *:64440 *:*
>> udp 0 0 *:mdns *:*
>> udp 0 0 *:42572 *:*
>> udp 0 0 *:bootpc *:*
>> udp 0 0 *:sunrpc *:*
>> udp 0 0 *:ntp *:*
>> udp 0 0 *:323 *:*
>> udp 0 0 *:51643 *:*
>> udp 0 0 *:ipp *:*
>> udp 0 0 *:entrust-kmsh *:*
>> udp 0 0 localhost.localdomain:733 *:*
>> udp 0 0 *:38474 *:*
>> udp 0 0 *:sunrpc *:*
>> udp 0 0 *:ntp *:*
>> udp 0 0 *:323 *:*
>> udp 0 0 *:23085 *:*
>> udp 0 0 *:entrust-kmsh *:*
>>
>> Any ideas?
>>
>> Note: I have already perfomed a pkiremove.
>>
>> Thanks,
>> Mike
>>
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>
>
More information about the Pki-users
mailing list