[Pki-users] build error with newer tomcat7, Debian issues
Timo Aaltonen
tjaalton at ubuntu.com
Wed Sep 23 13:55:04 UTC 2015
On 23.09.2015 01:29, Timo Aaltonen wrote:
> On 22.09.2015 00:38, Timo Aaltonen wrote:
>>
>> Hi
>>
>> I'm not able to build 10.2.6 with a current tomcat7 (7.0.64):
>>
>> com/netscape/cms/tomcat/ProxyRealm.java:22: error: ProxyRealm is not
>> abstract and does not override abstract method authenticate(String) in Realm
>> public class ProxyRealm implements Realm {
>> ^
>> 1 error
>
> So I got past this error with the help from IRC, and tomcat7-based
> packages of 10.2.6 seem to work fine for the most part. Need to look
> into the tomcat8 bits with greater detail, must've missed something.
So the failure with tomcat8 seems to boil down to not getting all the bits in CS.cfg, for instance:
internaldb.ldapconn.host=
internaldb.ldapconn.port=
internaldb.ldapconn.secureConn=false
which then results in this blurb from catalina.out:
CMS Warning: FAILURE: Cannot build CA chain. Error java.security.cert.CertificateException: Certificate is not a PKCS #11 certificate|FAILURE: authz instance DirAclAuthz initialization failed and skipped, error=Property internaldb.ldapconn.port missing value|
tomcat7 version gets those right, and here's a diff from pki-ca-spawn log (- tomcat7, +tomcat8):
@@ -1371,13 +1377,17 @@
pkispawn : DEBUG ........... slot substitution: '[PKI_HOSTNAME]' ==> 'sid-test.tyrell'
pkispawn : DEBUG ........... slot substitution: '[TOMCAT_SERVER_PORT]' ==> '8005'
pkispawn : DEBUG ........... slot substitution: '[TOMCAT_SERVER_PORT]' ==> '8005'
+pkispawn : DEBUG ........... slot substitution: '[PKI_UNSECURE_PORT]' ==> '8080'
pkispawn : DEBUG ........... slot substitution: '[PKI_UNSECURE_PORT_SERVER_COMMENT]' ==> '<!-- Share$
-pkispawn : DEBUG ........... slot substitution: '[PKI_SECURE_PORT]' ==> '8443'
pkispawn : DEBUG ........... slot substitution: '[PKI_UNSECURE_PORT_CONNECTOR_NAME]' ==> 'Unsecure'
pkispawn : DEBUG ........... slot substitution: '[PKI_UNSECURE_PORT]' ==> '8080'
-pkispawn : DEBUG ........... slot substitution: '[PKI_SECURE_PORT_SERVER_COMMENT]' ==> '<!-- Shared $
pkispawn : DEBUG ........... slot substitution: '[PKI_SECURE_PORT]' ==> '8443'
+pkispawn : DEBUG ........... slot substitution: '[PKI_UNSECURE_PORT]' ==> '8080'
+pkispawn : DEBUG ........... slot substitution: '[PKI_SECURE_PORT]' ==> '8443'
+pkispawn : DEBUG ........... slot substitution: '[PKI_SECURE_PORT]' ==> '8443'
+pkispawn : DEBUG ........... slot substitution: '[PKI_SECURE_PORT_SERVER_COMMENT]' ==> '<!-- Shared $
pkispawn : DEBUG ........... slot substitution: '[PKI_SECURE_PORT_CONNECTOR_NAME]' ==> 'Secure'
+pkispawn : DEBUG ........... slot substitution: '[PKI_SECURE_PORT]' ==> '8443'
pkispawn : DEBUG ........... slot substitution: '[PKI_HOSTNAME]' ==> 'sid-test.tyrell'
pkispawn : DEBUG ........... slot substitution: '[PKI_AGENT_CLIENTAUTH]' ==> 'want'
pkispawn : DEBUG ........... slot substitution: '[TOMCAT_SSL_OPTIONS]' ==> 'ssl2=false,ssl3=false,tl$
@@ -1392,14 +1402,10 @@
pkispawn : DEBUG ........... slot substitution: '[PKI_INSTANCE_PATH]' ==> '/var/lib/pki/pki-tomcat'
pkispawn : DEBUG ........... slot substitution: '[PKI_AJP_PORT]' ==> '8009'
pkispawn : DEBUG ........... slot substitution: '[PKI_OPEN_AJP_PORT_COMMENT]' ==> '<!--'
-pkispawn : DEBUG ........... slot substitution: '[PKI_AJP_REDIRECT_PORT]' ==> '8443'
pkispawn : DEBUG ........... slot substitution: '[PKI_AJP_PORT]' ==> '8009'
+pkispawn : DEBUG ........... slot substitution: '[PKI_AJP_REDIRECT_PORT]' ==> '8443'
pkispawn : DEBUG ........... slot substitution: '[PKI_CLOSE_AJP_PORT_COMMENT]' ==> '-->'
pkispawn : DEBUG ........... slot substitution: '[PKI_INSTANCE_PATH]' ==> '/var/lib/pki/pki-tomcat'
-pkispawn : DEBUG ........... slot substitution: '[PKI_INSTANCE_PATH]' ==> '/var/lib/pki/pki-tomcat'
-pkispawn : DEBUG ........... slot substitution: '[PKI_INSTANCE_PATH]' ==> '/var/lib/pki/pki-tomcat'
-pkispawn : DEBUG ........... slot substitution: '[PKI_INSTANCE_PATH]' ==> '/var/lib/pki/pki-tomcat'
-pkispawn : DEBUG ........... slot substitution: '[PKI_INSTANCE_PATH]' ==> '/var/lib/pki/pki-tomcat'
pkispawn : DEBUG ........... slot substitution: '[PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT]' ==> ''
pkispawn : DEBUG ........... slot substitution: '[PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT]' ==> ''
pkispawn : DEBUG ........... chmod 660 /etc/pki/pki-tomcat/server.xml
@@ -1417,7 +1423,6 @@
pkispawn : DEBUG ........... slot substitution: '[TOMCAT_PIDFILE]' ==> '/var/run/pki/tomcat/pki-tomc$
pkispawn : DEBUG ........... slot substitution: '[TOMCAT_LOG_DIR]' ==> '/var/log/pki/pki-tomcat'
pkispawn : DEBUG ........... slot substitution: '[APPLICATION_VERSION]' ==> '10.2.6'
-pkispawn : DEBUG ........... slot substitution: '[PKI_USER]' ==> 'pkiuser'
pkispawn : DEBUG ........... slot substitution: '[PKI_SECURITY_MANAGER]' ==> 'false'
pkispawn : DEBUG ........... chmod 660 /etc/default/pki-tomcat
pkispawn : DEBUG ........... chown 0:0 /etc/default/pki-tomcat
@@ -1431,7 +1436,6 @@
pkispawn : DEBUG ........... slot substitution: '[TOMCAT_PIDFILE]' ==> '/var/run/pki/tomcat/pki-tomc$
pkispawn : DEBUG ........... slot substitution: '[TOMCAT_LOG_DIR]' ==> '/var/log/pki/pki-tomcat'
pkispawn : DEBUG ........... slot substitution: '[APPLICATION_VERSION]' ==> '10.2.6'
-pkispawn : DEBUG ........... slot substitution: '[PKI_USER]' ==> 'pkiuser'
pkispawn : DEBUG ........... slot substitution: '[PKI_SECURITY_MANAGER]' ==> 'false'
pkispawn : DEBUG ........... chmod 660 /etc/pki/pki-tomcat/tomcat.conf
pkispawn : DEBUG ........... chown 110:116 /etc/pki/pki-tomcat/tomcat.conf
@@ -1474,7 +1478,7 @@
pkispawn : INFO ....... generating noise file called '/etc/pki/pki-tomcat/ca/noise' and filling it $
pkispawn : DEBUG ........... chmod 660 /etc/pki/pki-tomcat/ca/noise
pkispawn : DEBUG ........... chown 110:116 /etc/pki/pki-tomcat/ca/noise
-pkispawn : INFO ....... executing 'certutil -S -d /etc/pki/pki-tomcat/alias -h internal -n Server-C$
+pkispawn : INFO ....... executing 'certutil -S -d /etc/pki/pki-tomcat/alias -h internal -n Server-C$
pkispawn : INFO ....... rm -f /etc/pki/pki-tomcat/ca/noise
pkispawn : INFO ....... rm -f /etc/pki/pki-tomcat/pfile
pkispawn : INFO ....... ln -s /lib/systemd/system/pki-tomcatd at .service /etc/systemd/system/pki-tomc$
@@ -1496,590 +1500,113 @@
pkispawn : DEBUG ........... chown 0:0 /root/.dogtag/pki-tomcat/ca/alias
pkispawn : INFO ....... executing 'certutil -N -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogta$
pkispawn : INFO ....... executing '/etc/init.d/pki-tomcatd start pki-tomcat'
-pkispawn : DEBUG ........... <?xml version="1.0" encoding="UTF-8"?><XMLResponse><State>0</State><Typ$
-pkispawn : INFO ....... constructing PKI configuration data.
...
..
.
but I don't know if that diff is of any use, and tracing pkispawn hasn't been useful yet.. so ideas welcome.
--
t
More information about the Pki-users
mailing list