[Pki-users] build error with newer tomcat7, Debian issues

Timo Aaltonen tjaalton at ubuntu.com
Wed Sep 23 13:55:04 UTC 2015 

On 23.09.2015 01:29, Timo Aaltonen wrote:
> On 22.09.2015 00:38, Timo Aaltonen wrote:
>>
>> 	Hi
>>
>> I'm not able to build 10.2.6 with a current tomcat7 (7.0.64):
>>
>> com/netscape/cms/tomcat/ProxyRealm.java:22: error: ProxyRealm is not
>> abstract and does not override abstract method authenticate(String) in Realm
>> public class ProxyRealm implements Realm {
>>        ^
>> 1 error
> 
> So I got past this error with the help from IRC, and tomcat7-based
> packages of 10.2.6 seem to work fine for the most part. Need to look
> into the tomcat8 bits with greater detail, must've missed something.

So the failure with tomcat8 seems to boil down to not getting all the bits in CS.cfg, for instance:

internaldb.ldapconn.host=
internaldb.ldapconn.port=
internaldb.ldapconn.secureConn=false

which then results in this blurb from catalina.out:

CMS Warning: FAILURE: Cannot build CA chain. Error java.security.cert.CertificateException: Certificate is not a PKCS #11 certificate|FAILURE: authz instance DirAclAuthz initialization failed and skipped, error=Property internaldb.ldapconn.port missing value|

tomcat7 version gets those right, and here's a diff from pki-ca-spawn log (- tomcat7, +tomcat8):

@@ -1371,13 +1377,17 @@
 pkispawn    : DEBUG    ........... slot substitution: '[PKI_HOSTNAME]' ==> 'sid-test.tyrell'
 pkispawn    : DEBUG    ........... slot substitution: '[TOMCAT_SERVER_PORT]' ==> '8005'
 pkispawn    : DEBUG    ........... slot substitution: '[TOMCAT_SERVER_PORT]' ==> '8005'
+pkispawn    : DEBUG    ........... slot substitution: '[PKI_UNSECURE_PORT]' ==> '8080'
 pkispawn    : DEBUG    ........... slot substitution: '[PKI_UNSECURE_PORT_SERVER_COMMENT]' ==> '<!-- Share$
-pkispawn    : DEBUG    ........... slot substitution: '[PKI_SECURE_PORT]' ==> '8443'
 pkispawn    : DEBUG    ........... slot substitution: '[PKI_UNSECURE_PORT_CONNECTOR_NAME]' ==> 'Unsecure'
 pkispawn    : DEBUG    ........... slot substitution: '[PKI_UNSECURE_PORT]' ==> '8080'
-pkispawn    : DEBUG    ........... slot substitution: '[PKI_SECURE_PORT_SERVER_COMMENT]' ==> '<!-- Shared $
 pkispawn    : DEBUG    ........... slot substitution: '[PKI_SECURE_PORT]' ==> '8443'
+pkispawn    : DEBUG    ........... slot substitution: '[PKI_UNSECURE_PORT]' ==> '8080'
+pkispawn    : DEBUG    ........... slot substitution: '[PKI_SECURE_PORT]' ==> '8443'
+pkispawn    : DEBUG    ........... slot substitution: '[PKI_SECURE_PORT]' ==> '8443'
+pkispawn    : DEBUG    ........... slot substitution: '[PKI_SECURE_PORT_SERVER_COMMENT]' ==> '<!-- Shared $
 pkispawn    : DEBUG    ........... slot substitution: '[PKI_SECURE_PORT_CONNECTOR_NAME]' ==> 'Secure'
+pkispawn    : DEBUG    ........... slot substitution: '[PKI_SECURE_PORT]' ==> '8443'
 pkispawn    : DEBUG    ........... slot substitution: '[PKI_HOSTNAME]' ==> 'sid-test.tyrell'
 pkispawn    : DEBUG    ........... slot substitution: '[PKI_AGENT_CLIENTAUTH]' ==> 'want'
 pkispawn    : DEBUG    ........... slot substitution: '[TOMCAT_SSL_OPTIONS]' ==> 'ssl2=false,ssl3=false,tl$
@@ -1392,14 +1402,10 @@
 pkispawn    : DEBUG    ........... slot substitution: '[PKI_INSTANCE_PATH]' ==> '/var/lib/pki/pki-tomcat'
 pkispawn    : DEBUG    ........... slot substitution: '[PKI_AJP_PORT]' ==> '8009'
 pkispawn    : DEBUG    ........... slot substitution: '[PKI_OPEN_AJP_PORT_COMMENT]' ==> '<!--'
-pkispawn    : DEBUG    ........... slot substitution: '[PKI_AJP_REDIRECT_PORT]' ==> '8443'
 pkispawn    : DEBUG    ........... slot substitution: '[PKI_AJP_PORT]' ==> '8009'
+pkispawn    : DEBUG    ........... slot substitution: '[PKI_AJP_REDIRECT_PORT]' ==> '8443'
 pkispawn    : DEBUG    ........... slot substitution: '[PKI_CLOSE_AJP_PORT_COMMENT]' ==> '-->'
 pkispawn    : DEBUG    ........... slot substitution: '[PKI_INSTANCE_PATH]' ==> '/var/lib/pki/pki-tomcat'
-pkispawn    : DEBUG    ........... slot substitution: '[PKI_INSTANCE_PATH]' ==> '/var/lib/pki/pki-tomcat'
-pkispawn    : DEBUG    ........... slot substitution: '[PKI_INSTANCE_PATH]' ==> '/var/lib/pki/pki-tomcat'
-pkispawn    : DEBUG    ........... slot substitution: '[PKI_INSTANCE_PATH]' ==> '/var/lib/pki/pki-tomcat'
-pkispawn    : DEBUG    ........... slot substitution: '[PKI_INSTANCE_PATH]' ==> '/var/lib/pki/pki-tomcat'
 pkispawn    : DEBUG    ........... slot substitution: '[PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT]' ==> ''
 pkispawn    : DEBUG    ........... slot substitution: '[PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT]' ==> ''
 pkispawn    : DEBUG    ........... chmod 660 /etc/pki/pki-tomcat/server.xml
@@ -1417,7 +1423,6 @@
 pkispawn    : DEBUG    ........... slot substitution: '[TOMCAT_PIDFILE]' ==> '/var/run/pki/tomcat/pki-tomc$
 pkispawn    : DEBUG    ........... slot substitution: '[TOMCAT_LOG_DIR]' ==> '/var/log/pki/pki-tomcat'
 pkispawn    : DEBUG    ........... slot substitution: '[APPLICATION_VERSION]' ==> '10.2.6'
-pkispawn    : DEBUG    ........... slot substitution: '[PKI_USER]' ==> 'pkiuser'
 pkispawn    : DEBUG    ........... slot substitution: '[PKI_SECURITY_MANAGER]' ==> 'false'
 pkispawn    : DEBUG    ........... chmod 660 /etc/default/pki-tomcat
 pkispawn    : DEBUG    ........... chown 0:0 /etc/default/pki-tomcat
@@ -1431,7 +1436,6 @@
 pkispawn    : DEBUG    ........... slot substitution: '[TOMCAT_PIDFILE]' ==> '/var/run/pki/tomcat/pki-tomc$
 pkispawn    : DEBUG    ........... slot substitution: '[TOMCAT_LOG_DIR]' ==> '/var/log/pki/pki-tomcat'
 pkispawn    : DEBUG    ........... slot substitution: '[APPLICATION_VERSION]' ==> '10.2.6'
-pkispawn    : DEBUG    ........... slot substitution: '[PKI_USER]' ==> 'pkiuser'
 pkispawn    : DEBUG    ........... slot substitution: '[PKI_SECURITY_MANAGER]' ==> 'false'
 pkispawn    : DEBUG    ........... chmod 660 /etc/pki/pki-tomcat/tomcat.conf
 pkispawn    : DEBUG    ........... chown 110:116 /etc/pki/pki-tomcat/tomcat.conf
@@ -1474,7 +1478,7 @@
 pkispawn    : INFO     ....... generating noise file called '/etc/pki/pki-tomcat/ca/noise' and filling it $
 pkispawn    : DEBUG    ........... chmod 660 /etc/pki/pki-tomcat/ca/noise
 pkispawn    : DEBUG    ........... chown 110:116 /etc/pki/pki-tomcat/ca/noise
-pkispawn    : INFO     ....... executing 'certutil -S -d /etc/pki/pki-tomcat/alias -h internal -n Server-C$
+pkispawn    : INFO     ....... executing 'certutil -S -d /etc/pki/pki-tomcat/alias -h internal -n Server-C$
 pkispawn    : INFO     ....... rm -f /etc/pki/pki-tomcat/ca/noise
 pkispawn    : INFO     ....... rm -f /etc/pki/pki-tomcat/pfile
 pkispawn    : INFO     ....... ln -s /lib/systemd/system/pki-tomcatd at .service /etc/systemd/system/pki-tomc$
@@ -1496,590 +1500,113 @@
 pkispawn    : DEBUG    ........... chown 0:0 /root/.dogtag/pki-tomcat/ca/alias
 pkispawn    : INFO     ....... executing 'certutil -N -d /root/.dogtag/pki-tomcat/ca/alias -f /root/.dogta$
 pkispawn    : INFO     ....... executing '/etc/init.d/pki-tomcatd start pki-tomcat'
-pkispawn    : DEBUG    ........... <?xml version="1.0" encoding="UTF-8"?><XMLResponse><State>0</State><Typ$
-pkispawn    : INFO     ....... constructing PKI configuration data.
...
..
.

but I don't know if that diff is of any use, and tracing pkispawn hasn't been useful yet.. so ideas welcome.

-- 
t

More information about the Pki-users mailing list