On 09/23/2014 03:59 AM, Ade Lee wrote:
> On Mon, 2014-09-22 at 13:39 -0600, swartz wrote:
>> On 9/22/2014 9:14 AM, Ade Lee wrote:
>>> Another question - what is the output of ls -l /etc/pki-ca/CS.cfg ?
>> >ls -l /etc/pki-ca/CS.cfg
>> -rw-r-----. 1 pkiuser pkiuser 49196 Sep 19 11:29 /etc/pki-ca/CS.cfg
> In very rare cases, I've seen cases where the CS.cfg becomes truncated
> during an update. Unfortunately, we have not been able to reproduce the
> event. In later versions of dogtag, we make sure to save the CS.cfg
> just in case.
> Your instance sounds like a truncated CS.cfg instance, but the size is a
> lot larger than cases I've seen before, so I don't want to jump to that
> conclusion yet.
JFTR, FreeIPA may have been involved as well, we had a related fix in FreeIPA
> If you scroll to the end of the CS.cfg, does it look like it has been
> If you have backups of the CS.cfg, that will help. Also, you could look
> for backups that we have created:
> find /var/lib/pki-ca -name CS.cfg*
> find /var/log -name CS.cfg*
> Also, do you have a replica CA?
>> I know that I did NOT change the configs myself. But something certainly
>> did during 'yum update'.
>> There are no .rpmsave or .rpmnew files that would typically be created
>> if configs are properly marked in RPM spec file.
>> There are two other files that exist though:
>> -rw-r-----. 1 pkiuser pkiuser 65869 Sep 19 11:30 CS.cfg.in.p21
>> -rw-rw----. 1 pkiuser pkiuser 65955 Sep 5 2013 CS.cfg.in.p33
>> However, they are not usable either in place of current CS.cfg.
> The above files are templates only. They are modified during instance
>>>> There have been no updates recently on rhel 6 to the pki packages.
>>>> There has, however, been an update to tomcat - which broke dogtag
>>>> What version of tomcat6 is on your system?
>> >rpm -qa tomcat6
> This tomcat version should still be a working one. The tomcat6 then
> broke things has not made it out yet, having been discovered in QE
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project