Petr Viktorin wrote:
On 09/12/2012 06:40 PM, Petr Viktorin wrote:
A new Dogtag build with changed pkispawn/pkidestroy locations should be
out later today. The attached patch should work with that build.
Fresh install is failing in F-18.
ki-tools-10.0.0-0.33.a1.20120914T0536zgit69c0684.fc18.i686
pki-base-10.0.0-0.33.a1.20120914T0536zgit69c0684.fc18.noarch
pki-server-10.0.0-0.33.a1.20120914T0536zgit69c0684.fc18.noarch
pki-silent-10.0.0-0.33.a1.20120914T0536zgit69c0684.fc18.noarch
pki-symkey-9.0.21-1.fc18.x86_64
dogtag-pki-ca-theme-10.0.0-0.1.a1.20120914T0604zgit69c0684.fc18.noarch
pki-selinux-10.0.0-0.33.a1.20120914T0536zgit69c0684.fc18.noarch
pki-ca-10.0.0-0.33.a1.20120914T0536zgit69c0684.fc18.noarch
pki-setup-9.0.21-1.fc18.noarch
rob
2012-09-14T21:16:16Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2012-09-14T21:16:16Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2012-09-14T21:16:16Z DEBUG httpd is not configured
2012-09-14T21:16:16Z DEBUG kadmin is not configured
2012-09-14T21:16:16Z DEBUG dirsrv is not configured
2012-09-14T21:16:16Z DEBUG pki-cad is not configured
2012-09-14T21:16:16Z DEBUG pki-tomcatd is not configured
2012-09-14T21:16:16Z DEBUG pkids is not configured
2012-09-14T21:16:16Z DEBUG install is not configured
2012-09-14T21:16:16Z DEBUG krb5kdc is not configured
2012-09-14T21:16:16Z DEBUG ntpd is not configured
2012-09-14T21:16:16Z DEBUG named is not configured
2012-09-14T21:16:16Z DEBUG ipa_memcached is not configured
2012-09-14T21:16:16Z DEBUG filestore is tracking no files
2012-09-14T21:16:16Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
2012-09-14T21:16:16Z DEBUG /usr/sbin/ipa-server-install was invoked with options: {'zone_refresh': 0, 'reverse_zone': None, 'setup_pkinit': True, 'realm_name': None, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True, 'subject': None, 'no_forwarders': False, 'persistent_search': True, 'ui_redirect': True, 'domain_name': None, 'idmax': 0, 'hbac_allow': False, 'no_reverse': False, 'dirsrv_pkcs12': None, 'unattended': False, 'pkinit_pkcs12': None, 'selfsign': False, 'trust_sshfp': False, 'external_ca_file': None, 'no_host_dns': False, 'http_pkcs12': None, 'zone_notif': False, 'forwarders': None, 'idstart': 684800000, 'external_ca': False, 'ip_address': None, 'conf_ssh': True, 'serial_autoincrement': True, 'zonemgr': None, 'setup_dns': True, 'host_name': None, 'debug': False, 'external_cert_file': None, 'uninstall': False, 'pkinit_pin': None}
2012-09-14T21:16:16Z DEBUG missing options might be asked for interactively later
2012-09-14T21:16:16Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2012-09-14T21:16:16Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2012-09-14T21:16:16Z DEBUG Check if stinky.greyoak.com is a primary hostname for localhost
2012-09-14T21:16:16Z DEBUG Primary hostname for localhost: stinky.greyoak.com
2012-09-14T21:16:16Z DEBUG will use host_name: stinky.greyoak.com
2012-09-14T21:16:16Z DEBUG read domain_name: greyoak.com
2012-09-14T21:16:16Z DEBUG args=/sbin/ip -family inet -oneline address show
2012-09-14T21:16:16Z DEBUG stdout=1: lo inet 127.0.0.1/8 scope host lo
2: eth0 inet 192.168.196.7/24 brd 192.168.196.255 scope global eth0
2012-09-14T21:16:16Z DEBUG stderr=
2012-09-14T21:16:16Z DEBUG read realm_name: GREYOAK.COM
2012-09-14T21:16:21Z DEBUG will use dns_forwarders: ['192.168.186.1']
2012-09-14T21:16:21Z DEBUG importing all plugin modules in '/usr/lib/python2.7/site-packages/ipalib/plugins'...
2012-09-14T21:16:21Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/aci.py'
2012-09-14T21:16:21Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/automember.py'
2012-09-14T21:16:21Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/automount.py'
2012-09-14T21:16:21Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py'
2012-09-14T21:16:21Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/batch.py'
2012-09-14T21:16:21Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/cert.py'
2012-09-14T21:16:21Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/config.py'
2012-09-14T21:16:21Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/delegation.py'
2012-09-14T21:16:21Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py'
2012-09-14T21:16:21Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/entitle.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/group.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacrule.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvc.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbacsvcgroup.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hbactest.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/host.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/hostgroup.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/idrange.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/internal.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/kerberos.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/krbtpolicy.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/migration.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/misc.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/netgroup.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/passwd.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/permission.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/ping.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/pkinit.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/privilege.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/pwpolicy.py'
2012-09-14T21:16:22Z DEBUG args=klist -V
2012-09-14T21:16:22Z DEBUG stdout=Kerberos 5 version 1.10.3
2012-09-14T21:16:22Z DEBUG stderr=
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/role.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/selfservice.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/selinuxusermap.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/service.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmd.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudocmdgroup.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/sudorule.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/trust.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/user.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/virtual.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipalib/plugins/xmlclient.py'
2012-09-14T21:16:22Z DEBUG importing all plugin modules in '/usr/lib/python2.7/site-packages/ipaserver/install/plugins'...
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/adtrust.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/baseupdate.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/dns.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/fix_replica_agreements.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/rename_managed.py'
2012-09-14T21:16:22Z DEBUG importing plugin module '/usr/lib/python2.7/site-packages/ipaserver/install/plugins/updateclient.py'
2012-09-14T21:16:22Z DEBUG ds group dirsrv exists
2012-09-14T21:16:22Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2012-09-14T21:16:22Z DEBUG Configuring ntpd
2012-09-14T21:16:22Z DEBUG [1/4]: stopping ntpd
2012-09-14T21:16:22Z DEBUG args=/bin/systemctl is-active ntpd.service
2012-09-14T21:16:22Z DEBUG stdout=unknown
2012-09-14T21:16:22Z DEBUG stderr=Failed to issue method call: Unit ntpd.service is not loaded.
2012-09-14T21:16:22Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2012-09-14T21:16:22Z DEBUG args=/bin/systemctl stop ntpd.service
2012-09-14T21:16:22Z DEBUG stdout=
2012-09-14T21:16:22Z DEBUG stderr=
2012-09-14T21:16:22Z DEBUG duration: 0 seconds
2012-09-14T21:16:22Z DEBUG [2/4]: writing configuration
2012-09-14T21:16:22Z DEBUG Backing up system configuration file '/etc/ntp.conf'
2012-09-14T21:16:22Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2012-09-14T21:16:22Z DEBUG Backing up system configuration file '/etc/sysconfig/ntpd'
2012-09-14T21:16:22Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
2012-09-14T21:16:22Z DEBUG duration: 0 seconds
2012-09-14T21:16:22Z DEBUG [3/4]: configuring ntpd to start on boot
2012-09-14T21:16:22Z DEBUG args=/bin/systemctl is-enabled ntpd.service
2012-09-14T21:16:22Z DEBUG stdout=disabled
2012-09-14T21:16:22Z DEBUG stderr=
2012-09-14T21:16:22Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2012-09-14T21:16:23Z DEBUG args=/bin/systemctl enable ntpd.service
2012-09-14T21:16:23Z DEBUG stdout=
2012-09-14T21:16:23Z DEBUG stderr=ln -s '/usr/lib/systemd/system/ntpd.service' '/etc/systemd/system/multi-user.target.wants/ntpd.service'
2012-09-14T21:16:23Z DEBUG duration: 0 seconds
2012-09-14T21:16:23Z DEBUG [4/4]: starting ntpd
2012-09-14T21:16:23Z DEBUG args=/bin/systemctl start ntpd.service
2012-09-14T21:16:23Z DEBUG stdout=
2012-09-14T21:16:23Z DEBUG stderr=
2012-09-14T21:16:23Z DEBUG args=/bin/systemctl is-active ntpd.service
2012-09-14T21:16:23Z DEBUG stdout=active
2012-09-14T21:16:23Z DEBUG stderr=
2012-09-14T21:16:23Z DEBUG duration: 0 seconds
2012-09-14T21:16:23Z DEBUG done configuring ntpd.
2012-09-14T21:16:23Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2012-09-14T21:16:23Z DEBUG Configuring directory server for the CA: Estimated time 30 seconds
2012-09-14T21:16:23Z DEBUG [1/3]: creating directory server user
2012-09-14T21:16:23Z DEBUG ds user pkisrv exists
2012-09-14T21:16:23Z DEBUG duration: 0 seconds
2012-09-14T21:16:23Z DEBUG [2/3]: creating directory server instance
2012-09-14T21:16:23Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
2012-09-14T21:16:23Z DEBUG writing inf template
2012-09-14T21:16:23Z DEBUG
[General]
FullMachineName= stinky.greyoak.com
SuiteSpotUserID= pkisrv
SuiteSpotGroup= dirsrv
ServerRoot= /usr/lib64/dirsrv
[slapd]
ServerPort= 7389
ServerIdentifier= PKI-IPA
Suffix= dc=greyoak,dc=com
RootDN= cn=Directory Manager
2012-09-14T21:16:23Z DEBUG calling setup-ds.pl
2012-09-14T21:16:26Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmp9z2GKC
2012-09-14T21:16:26Z DEBUG stdout=[12/09/14:17:16:26] - [Setup] Info Your new DS instance 'PKI-IPA' was successfully created.
Your new DS instance 'PKI-IPA' was successfully created.
[12/09/14:17:16:26] - [Setup] Success Exiting . . .
Log file is '-'
Exiting . . .
Log file is '-'
2012-09-14T21:16:26Z DEBUG stderr=
2012-09-14T21:16:26Z DEBUG completed creating ds instance
2012-09-14T21:16:26Z DEBUG duration: 3 seconds
2012-09-14T21:16:26Z DEBUG [3/3]: restarting directory server
2012-09-14T21:16:27Z DEBUG args=/bin/systemctl --system daemon-reload
2012-09-14T21:16:27Z DEBUG stdout=
2012-09-14T21:16:27Z DEBUG stderr=
2012-09-14T21:16:27Z DEBUG args=/usr/sbin/selinuxenabled
2012-09-14T21:16:27Z DEBUG stdout=
2012-09-14T21:16:27Z DEBUG stderr=
2012-09-14T21:16:27Z DEBUG args=/usr/sbin/restorecon /etc/sysconfig/dirsrv.systemd
2012-09-14T21:16:27Z DEBUG stdout=
2012-09-14T21:16:27Z DEBUG stderr=
2012-09-14T21:16:27Z DEBUG args=/bin/systemctl --system daemon-reload
2012-09-14T21:16:27Z DEBUG stdout=
2012-09-14T21:16:27Z DEBUG stderr=
2012-09-14T21:16:27Z DEBUG args=/bin/systemctl restart dirsrv@PKI-IPA.service
2012-09-14T21:16:27Z DEBUG stdout=
2012-09-14T21:16:27Z DEBUG stderr=
2012-09-14T21:16:27Z DEBUG args=/bin/systemctl is-active dirsrv@PKI-IPA.service
2012-09-14T21:16:27Z DEBUG stdout=active
2012-09-14T21:16:27Z DEBUG stderr=
2012-09-14T21:16:27Z DEBUG wait_for_open_ports: localhost [7389] timeout 120
2012-09-14T21:16:28Z DEBUG args=/bin/systemctl is-active dirsrv@PKI-IPA.service
2012-09-14T21:16:28Z DEBUG stdout=active
2012-09-14T21:16:28Z DEBUG stderr=
2012-09-14T21:16:28Z DEBUG duration: 1 seconds
2012-09-14T21:16:28Z DEBUG done configuring pkids.
2012-09-14T21:16:28Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2012-09-14T21:16:28Z DEBUG Configuring certificate server: Estimated time 3 minutes 30 seconds
2012-09-14T21:16:28Z DEBUG [1/18]: creating certificate server user
2012-09-14T21:16:28Z DEBUG ca user pkiuser exists
2012-09-14T21:16:28Z DEBUG duration: 0 seconds
2012-09-14T21:16:28Z DEBUG [2/18]: configuring certificate server instance
2012-09-14T21:16:28Z DEBUG Contents of pkispawn configuration file (/tmp/tmpwmqc7n):
###############################################################################
## 'Sensitive' Data: ##
## ##
## Values in this section pertain to various PKI subsystems, and contain ##
## required 'sensitive' information which MUST ALWAYS be provided by users. ##
## ##
## IMPORTANT: Sensitive data values must NEVER be displayed to the ##
## console NOR stored in log files!!! ##
###############################################################################
[Sensitive]
pki_admin_XXXXXXXX=XXXXXXXX
pki_backup_XXXXXXXX=XXXXXXXX
pki_client_database_XXXXXXXX=XXXXXXXX
pki_client_pkcs12_XXXXXXXX=XXXXXXXX
pki_clone_pkcs12_XXXXXXXX=
pki_ds_XXXXXXXX=XXXXXXXX
pki_security_domain_XXXXXXXX=
pki_token_XXXXXXXX=
###############################################################################
## 'Common' Data: ##
## ##
## Values in this section are common to more than one PKI subsystem, and ##
## contain required information which MAY be overridden by users as ##
## necessary. ##
## ##
## NOTE: Default values will be generated for any and all required ##
## 'common' data values which are left undefined. ##
###############################################################################
[Common]
pki_admin_cert_request_type=crmf
pki_admin_domain_name=
pki_admin_dualkey=False
pki_admin_email=root@localhost
pki_admin_keysize=2048
pki_admin_name=admin
pki_admin_nickname=ipa-ca-agent
pki_admin_subject_dn=CN=ipa-ca-agent,O=GREYOAK.COM
pki_admin_uid=admin
pki_audit_group=pkiaudit
pki_audit_signing_key_algorithm=SHA256withRSA
pki_audit_signing_key_size=2048
pki_audit_signing_key_type=rsa
pki_audit_signing_nickname=auditSigningCert cert-pki-ca
pki_audit_signing_signing_algorithm=SHA256withRSA
pki_audit_signing_subject_dn=CN=CA Audit,O=GREYOAK.COM
pki_audit_signing_token=
pki_backup_keys=True
pki_client_database_dir=/tmp/tmp-nINzGn
pki_client_database_purge=False
pki_client_dir=
pki_ds_base_dn=o=ipaca
pki_ds_bind_dn=cn=Directory Manager
pki_ds_database=ipaca
pki_ds_hostname=
pki_ds_ldap_port=7389
pki_ds_ldaps_port=636
pki_ds_remove_data=True
pki_ds_secure_connection=False
pki_group=pkiuser
pki_issuing_ca=
pki_restart_configured_instance=False
pki_security_domain_hostname=
pki_security_domain_https_port=8443
pki_security_domain_name=IPA
pki_security_domain_user=admin
pki_ssl_server_key_algorithm=SHA256withRSA
pki_ssl_server_key_size=2048
pki_ssl_server_key_type=rsa
pki_ssl_server_nickname=Server-Cert cert-pki-ca
pki_ssl_server_subject_dn=CN=stinky.greyoak.com,O=GREYOAK.COM
pki_ssl_server_token=
pki_subsystem_key_algorithm=SHA256withRSA
pki_subsystem_key_size=2048
pki_subsystem_key_type=rsa
pki_subsystem_nickname=subsystemCert cert-pki-ca
pki_subsystem_subject_dn=CN=CA Subsystem,O=GREYOAK.COM
pki_subsystem_token=
pki_token_name=internal
pki_user=pkiuser
###############################################################################
## 'Apache' Data: ##
## ##
## Values in this section are common to PKI subsystems that run ##
## as an instance of 'Apache' (RA and TPS subsystems), and contain ##
## required information which MAY be overridden by users as necessary. ##
###############################################################################
[Apache]
pki_instance_name=pki-apache
pki_http_port=80
pki_https_port=443
###############################################################################
## 'Tomcat' Data: ##
## ##
## Values in this section are common to PKI subsystems that run ##
## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ##
## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ##
## required information which MAY be overridden by users as necessary. ##
## ##
## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ##
## or a 'TKS Clone', change the value of 'pki_clone' ##
## from 'False' to 'True'. ##
## ##
## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ##
## are MUTUALLY EXCLUSIVE entities!!! ##
###############################################################################
[Tomcat]
pki_ajp_port=8009
pki_clone=False
pki_clone_pkcs12_path=
pki_clone_replication_master_port=
pki_clone_replication_clone_port=
pki_clone_replication_security=None
pki_clone_uri=
pki_enable_java_debugger=False
pki_enable_proxy=True
pki_http_port=8080
pki_https_port=8443
pki_instance_name=pki-tomcat
pki_proxy_http_port=80
pki_proxy_https_port=443
pki_security_manager=false
pki_tomcat_server_port=8005
###############################################################################
## 'CA' Data: ##
## ##
## Values in this section are common to CA subsystems including 'PKI CAs', ##
## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ##
## required information which MAY be overridden by users as necessary. ##
## ##
## EXTERNAL CAs: To specify an 'External CA', change the value ##
## of 'pki_external' from 'False' to 'True'. ##
## ##
## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ##
## of 'pki_subordinate' from 'False' to 'True'. ##
## ##
## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ##
## are MUTUALLY EXCLUSIVE entities!!! ##
###############################################################################
[CA]
pki_ca_signing_key_algorithm=SHA256withRSA
pki_ca_signing_key_size=2048
pki_ca_signing_key_type=rsa
pki_ca_signing_nickname=caSigningCert cert-pki-ca
pki_ca_signing_signing_algorithm=SHA256withRSA
pki_ca_signing_subject_dn=CN=Certificate Authority,O=GREYOAK.COM
pki_ca_signing_token=
pki_external=False
pki_external_ca_cert_chain_path=
pki_external_ca_cert_path=
pki_external_csr_path=
pki_external_step_two=False
pki_ocsp_signing_key_algorithm=SHA256withRSA
pki_ocsp_signing_key_size=2048
pki_ocsp_signing_key_type=rsa
pki_ocsp_signing_nickname=ocspSigningCert cert-pki-ca
pki_ocsp_signing_signing_algorithm=SHA256withRSA
pki_ocsp_signing_subject_dn=CN=OCSP Subsystem,O=GREYOAK.COM
pki_ocsp_signing_token=
pki_subordinate=False
pki_subsystem=CA
pki_subsystem_name=
###############################################################################
## 'KRA' Data: ##
## ##
## Values in this section are common to KRA subsystems ##
## including 'PKI KRAs' and 'Cloned KRAs', and contain ##
## required information which MAY be overridden by users as necessary. ##
###############################################################################
[KRA]
pki_storage_key_algorithm=SHA256withRSA
pki_storage_key_size=2048
pki_storage_key_type=rsa
pki_storage_nickname=
pki_storage_signing_algorithm=SHA256withRSA
pki_storage_subject_dn=
pki_storage_token=
pki_subsystem=KRA
pki_subsystem_name=
pki_transport_key_algorithm=SHA256withRSA
pki_transport_key_size=2048
pki_transport_key_type=rsa
pki_transport_nickname=
pki_transport_signing_algorithm=SHA256withRSA
pki_transport_subject_dn=
pki_transport_token=
###############################################################################
## 'OCSP' Data: ##
## ##
## Values in this section are common to OCSP subsystems ##
## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ##
## required information which MAY be overridden by users as necessary. ##
###############################################################################
[OCSP]
pki_ocsp_signing_key_algorithm=SHA256withRSA
pki_ocsp_signing_key_size=2048
pki_ocsp_signing_key_type=rsa
pki_ocsp_signing_nickname=ocspSigningCert cert-pki-ca
pki_ocsp_signing_signing_algorithm=SHA256withRSA
pki_ocsp_signing_subject_dn=CN=OCSP Subsystem,O=GREYOAK.COM
pki_ocsp_signing_token=
pki_subsystem=OCSP
pki_subsystem_name=
###############################################################################
## 'RA' Data: ##
## ##
## Values in this section are common to PKI RA subsystems, and contain ##
## required information which MAY be overridden by users as necessary. ##
###############################################################################
[RA]
pki_subsystem=RA
pki_subsystem_name=
###############################################################################
## 'TKS' Data: ##
## ##
## Values in this section are common to TKS subsystems ##
## including 'PKI TKSs' and 'Cloned TKSs', and contain ##
## required information which MAY be overridden by users as necessary. ##
###############################################################################
[TKS]
pki_subsystem=TKS
pki_subsystem_name=
###############################################################################
## 'TPS' Data: ##
## ##
## Values in this section are common to PKI TPS subsystems, and contain ##
## required information which MAY be overridden by users as necessary. ##
###############################################################################
[TPS]
pki_subsystem=TPS
pki_subsystem_name=
2012-09-14T21:16:44Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpwmqc7n
2012-09-14T21:16:44Z DEBUG stdout=
2012-09-14T21:16:44Z DEBUG stderr=*sys-package-mgr*: processing new jar, '/usr/share/java/jython.jar'
*sys-package-mgr*: processing new jar, '/usr/share/java/jakarta-oro.jar'
*sys-package-mgr*: processing new jar, '/usr/share/java/tomcat-servlet-3.0-api.jar'
*sys-package-mgr*: processing new jar, '/usr/share/java/mysql-connector-java-5.1.22.jar'
*sys-package-mgr*: processing new jar, '/usr/lib64/libreadline-java/libreadline-java.jar'
*sys-package-mgr*: processing new jar, '/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.6.x86_64/jre/lib/resources.jar'
*sys-package-mgr*: processing new jar, '/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.6.x86_64/jre/lib/rt.jar'
*sys-package-mgr*: processing new jar, '/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.6.x86_64/jre/lib/jsse.jar'
*sys-package-mgr*: processing new jar, '/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.6.x86_64/jre/lib/jce.jar'
*sys-package-mgr*: processing new jar, '/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.6.x86_64/jre/lib/charsets.jar'
*sys-package-mgr*: processing new jar, '/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.6.x86_64/jre/lib/rhino.jar'
*sys-package-mgr*: processing new jar, '/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.6.x86_64/jre/lib/ext/pulse-java.jar'
*sys-package-mgr*: processing new jar, '/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.6.x86_64/jre/lib/ext/zipfs.jar'
*sys-package-mgr*: processing new jar, '/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.6.x86_64/jre/lib/ext/sunpkcs11.jar'
*sys-package-mgr*: processing new jar, '/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.6.x86_64/jre/lib/ext/sunjce_provider.jar'
*sys-package-mgr*: processing new jar, '/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.6.x86_64/jre/lib/ext/sunec.jar'
*sys-package-mgr*: processing new jar, '/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.6.x86_64/jre/lib/ext/localedata.jar'
*sys-package-mgr*: processing new jar, '/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.6.x86_64/jre/lib/ext/gnome-java-bridge.jar'
*sys-package-mgr*: processing new jar, '/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.6.x86_64/jre/lib/ext/dnsns.jar'
Traceback (innermost last):
File "/usr/lib/python2.7/site-packages/pki/deployment/configuration.jy", line 135, in ?
File "/usr/lib/python2.7/site-packages/pki/deployment/configuration.jy", line 125, in main
File "/usr/lib/python2.7/site-packages/pki/deployment/pkijython.py", line 422, in construct_pki_configuration_data
File "/usr/lib/python2.7/site-packages/pki/deployment/pkijython.py", line 342, in set_admin_parameters
File "/usr/lib/python2.7/site-packages/pki/deployment/pkijython.py", line 193, in generateCRMFRequest
at com.netscape.cmsutil.util.Utils.base64encode(Utils.java:284)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
java.lang.NoClassDefFoundError: java.lang.NoClassDefFoundError: org/apache/commons/codec/binary/Base64
2012-09-14T21:16:44Z INFO File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 614, in run_script
return_value = main_function()
File "/usr/sbin/ipa-server-install", line 931, in main
subject_base=options.subject)
File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 567, in configure_instance
self.start_creation("Configuring certificate server", 210)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 321, in start_creation
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 674, in __spawn_instance
"/root/ca-agent.p12")
File "/usr/lib64/python2.7/shutil.py", line 299, in move
copy2(src, real_dst)
File "/usr/lib64/python2.7/shutil.py", line 128, in copy2
copyfile(src, dst)
File "/usr/lib64/python2.7/shutil.py", line 82, in copyfile
with open(src, 'rb') as fsrc:
2012-09-14T21:16:44Z INFO The ipa-server-install command failed, exception: IOError: [Errno 2] No such file or directory: '/var/lib/pki/pki-tomcat/alias/ca_admin_cert.p12'
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
