Re: [OpenXPKI-users] fresh OpenXPKI not starting

[Oliver Welter]

Hi Masin,

really nice to see Wikimedia is going to use our software ;)
Oh well all this branching stuff is to keep your config up to date but 
yes I admit it looks a bit overdone.

If you are missing that much fields and actions, an educated guess would 
be that  the symlink in "wmde/workflow/global" is missing. The "baseurl" 
is used to create the links in the notification emails, its not required 
to get the system up and running at all.

Oli

On 10.10.24 15:28, Masin Wiedner wrote:
Hi!

I followed the documentation at 
https://openxpki.readthedocs.io/en/stable/quickstart.html to setup 
OpenXPKI. I installed it into an LX container based upon Debian 
Bookworm. I deviated from the instructions by using a dedicated DB 
server instead of localhost and using a different password.

I skipped the section "Sample / Demo Configuration" and went directly 
to "Production Configuration". I mostly followed the instructions re 
openxpki-config repository 
(https://github.com/openxpki/openxpki-config). I deviated there when 
it came to `git` stuff, "Single Branch Approach". I'm not entirely 
sure what the use-case is for me to create my own branch. I guess 
whoever wrote this is used to store the PKI config in a git repo but 
it's not really mentioned there.

I added my realm to config.d/system/realms.yaml

```
wmde:
    label: Wikimedia Deutschland CA
    baseurl: https://pki.wmde.org/openxpki/
```

I can't find any documentation on the meaning of baseurl. What's its 
function? Do I need to provide it before starting the service?

I followed "Define your Realms" with all its `ln -s` and `cp` and `rm` 
operations. I then copied the home.html but didn't change any of the 
"Default Profiles" not did I "Customize i18n". As I didn't change 
anything I didn't run `make mo-install`.

When running `openxpkictl --debug *:5 start` I get the following lines 
in the stderr.log:

```
2024-10-10 13:06:45.915318 DEBUG:1 PID:9615 
O:S:Init::__do_init_prepare_daemon (line 225): init prepare daemon
2024-10-10 13:06:45.915447 DEBUG:1 PID:9615 O:S:Init::__do_init_dbi 
(line 282): init dbi
2024-10-10 13:06:45.915544 DEBUG:1 PID:9615 O:S:Init::get_database 
(line 450): start
2024-10-10 13:06:45.925902 DEBUG:4 PID:9615 
O:S:Database::_build_dbix_handler (line 227): DSN: 
dbi:MariaDB:host=db2-my;database=openxpki
2024-10-10 13:06:45.926019 DEBUG:4 PID:9615 
O:S:Database::_build_dbix_handler (line 228): User: openxpki
2024-10-10 13:06:45.926155 DEBUG:4 PID:9615 
O:S:Database::_build_dbix_handler (line 233): Additional connect() 
attributes: mariadb_bind_type_guessing = 0 | mariadb_auto_reconnect = 0
2024-10-10 13:06:46.031638 DEBUG:1 PID:9615 O:S:Context::setcontext 
(line 118): start
2024-10-10 13:06:46.035432 DEBUG:4 PID:9615 
O:S:Database::QueryBuilder::_make_query (line 88): 
SQL::Abstract::More->select(-columns = ['datapool_value'], -from = 
'datapool', -limit = 1, -where = {'datapool_key' => 
'dbschema','namespace' => 'config','pki_realm' => ''})
2024-10-10 13:06:46.036910 DEBUG:1 PID:9615 
O:S:Init::__do_init_dbi_log (line 274): init dbi log
2024-10-10 13:06:46.036980 DEBUG:1 PID:9615 O:S:Init::get_database 
(line 450): start
2024-10-10 13:06:46.037583 DEBUG:4 PID:9615 
O:S:Database::_build_dbix_handler (line 227): DSN: 
dbi:MariaDB:host=db2-my;database=openxpki
2024-10-10 13:06:46.037669 DEBUG:4 PID:9615 
O:S:Database::_build_dbix_handler (line 228): User: openxpki
2024-10-10 13:06:46.037801 DEBUG:4 PID:9615 
O:S:Database::_build_dbix_handler (line 233): Additional connect() 
attributes: mariadb_auto_reconnect = 0 | mariadb_bind_type_guessing = 0
2024-10-10 13:06:46.038802 DEBUG:1 PID:9615 O:S:Context::setcontext 
(line 118): start
2024-10-10 13:06:46.038888 DEBUG:1 PID:9615 
O:S:Init::__do_init_crypto_layer (line 243): init crypto layer
2024-10-10 13:06:46.038997 DEBUG:1 PID:9615 O:S:Init::get_crypto_layer 
(line 418): start
2024-10-10 13:06:46.039281 DEBUG:1 PID:9615 
OpenXPKI::Crypto::TokenManager::new (line 37): start
2024-10-10 13:06:46.039341 DEBUG:1 PID:9615 
OpenXPKI::Crypto::TokenManager::get_system_token (line 156): start
Debugging module 'OpenXPKI::Crypto::API' with bitmask 111.
Debugging module 'OpenXPKI::Crypto::Backend::API' with bitmask 111.
Debugging module 'OpenXPKI::Crypto::CLI' with bitmask 111.
Debugging module 'OpenXPKI::Crypto::Toolkit' with bitmask 111.
Debugging module 'OpenXPKI::Crypto::Backend::OpenSSL::Config' with 
bitmask 111.
Debugging module 'OpenXPKI::DN' with bitmask 111.
Debugging module 'OpenXPKI::Crypto::Backend::OpenSSL' with bitmask 111.
Debugging module 'OpenXPKI::Crypto::Backend::OpenSSL::Engine' with 
bitmask 111.
2024-10-10 13:06:46.150596 DEBUG:2 PID:9615 
OpenXPKI::Crypto::Backend::OpenSSL::Engine::new (line 26): new: class 
instantiated
Debugging module 'OpenXPKI::Crypto::Backend::OpenSSL::CLI' with 
bitmask 111.
2024-10-10 13:06:46.151562 DEBUG:4 PID:9615 
OpenXPKI::Crypto::CLI::START (line 38): check TMP
2024-10-10 13:06:46.151620 DEBUG:4 PID:9615 
OpenXPKI::Crypto::CLI::START (line 49): check SHELL
2024-10-10 13:06:46.151671 DEBUG:4 PID:9615 
OpenXPKI::Crypto::CLI::START (line 55): check ENGINE
2024-10-10 13:06:46.151758 DEBUG:1 PID:9615 
OpenXPKI::FileUtils::__get_safe_template (line 321): start
2024-10-10 13:06:46.151808 DEBUG:2 PID:9615 
OpenXPKI::FileUtils::__get_safe_template (line 329): check TMP
2024-10-10 13:06:46.151857 DEBUG:2 PID:9615 
OpenXPKI::FileUtils::__get_safe_template (line 340): build template
2024-10-10 13:06:46.152115 DEBUG:1 PID:9615 
OpenXPKI::FileUtils::__get_safe_template (line 321): start
2024-10-10 13:06:46.152164 DEBUG:2 PID:9615 
OpenXPKI::FileUtils::__get_safe_template (line 329): check TMP
2024-10-10 13:06:46.152213 DEBUG:2 PID:9615 
OpenXPKI::FileUtils::__get_safe_template (line 340): build template
2024-10-10 13:06:46.152456 DEBUG:2 PID:9615 
OpenXPKI::Crypto::TokenManager::get_system_token (line 188): token added
2024-10-10 13:06:46.152510 DEBUG:2 PID:9615 
OpenXPKI::Crypto::TokenManager::get_system_token (line 192): token is 
present
2024-10-10 13:06:46.152586 DEBUG:1 PID:9615 
OpenXPKI::Crypto::Toolkit::online (line 509): start
2024-10-10 13:06:46.152641 DEBUG:2 PID:9615 
OpenXPKI::Crypto::TokenManager::get_system_token (line 196): token is 
usable
2024-10-10 13:06:46.152723 DEBUG:1 PID:9615 
OpenXPKI::Crypto::TokenManager::new (line 63): end - token manager is 
ready
2024-10-10 13:06:46.152778 DEBUG:1 PID:9615 O:S:Context::setcontext 
(line 118): start
2024-10-10 13:06:46.153691 DEBUG:1 PID:9615 O:S:Context::setcontext 
(line 118): start
2024-10-10 13:06:46.153773 DEBUG:1 PID:9615 O:S:Init::__do_init_api2 
(line 308): init api2
2024-10-10 13:06:46.153954 DEBUG:1 PID:9615 O:S:Context::setcontext 
(line 118): start
2024-10-10 13:06:46.154033 DEBUG:1 PID:9615 
O:S:Init::__do_init_workflow_factory (line 171): init workflow factory
2024-10-10 13:06:46.154108 DEBUG:1 PID:9615 
OpenXPKI::Workflow::Handler::load_default_factories (line 41): start
2024-10-10 13:06:46.154337 DEBUG:1 PID:9615 
OpenXPKI::Workflow::Handler::get_factory (line 112): start
2024-10-10 13:06:46.154415 DEBUG:1 PID:9615 
OpenXPKI::Workflow::Config::_build_workflow_config (line 41): start 
config
2024-10-10 13:06:46.221485 DEBUG:1 PID:9615 
OpenXPKI::Exception::full_message (line 118): exception thrown: Field 
name used in workflow config is not defined; __action__ => initialize, 
__field__ => reason_code, __workflow__ => certificate_bulk_revoke
2024-10-10 13:06:46.221967 DEBUG:1 PID:9615 O:S:__log_and_die (line 
783): start
2024-10-10 13:06:46.222376 DEBUG:1 PID:9615 
OpenXPKI::Exception::full_message (line 118): exception thrown: Field 
name used in workflow config is not defined; __action__ => initialize, 
__field__ => reason_code, __workflow__ => certificate_bulk_revoke
2024-10-10 13:06:46.222467 DEBUG:1 PID:9615 
OpenXPKI::Exception::full_message (line 118): exception thrown: Field 
name used in workflow config is not defined; __action__ => initialize, 
__field__ => reason_code, __workflow__ => certificate_bulk_revoke
2024-10-10 13:06:46.222747 DEBUG:1 PID:9615 O:S:__log_and_die (line 
805): end, dying
Exception during server initialization: Field name used in workflow 
config is not defined; __action__ => initialize, __field__ => 
reason_code, __workflow__ => certificate_bulk_revoke (Field name used 
in workflow config is not defined; __action__ => initialize, __field__ 
=> reason_code, __workflow__ => certificate_bulk_revoke) at 
/usr/share/perl5/OpenXPKI/Server.pm line 806.
```

I had some fun commenting the lines with the field names it's 
complaining about. But after commenting out every single mentioned 
field name it complained about "key_format" which does not exist in 
the file. When I delete the symlink to certificate_bulk_revoke.yaml it 
starts complaining about similar errors in the next file, 
certificate_privkey_export.yaml. I don't think there's anything wrong 
with those files rather than me having done something wrong.

The output of `openxpkictl` itself isn't that exciting. It's result is
```
OpenXPKI server is not running or does not accept requests.
Status check failed
```
with exit code 2.

I guess I did something wrong or incomplete. Does anyone have a hint 
on how to investigate?

--
Protect your environment -  close windows and adopt a penguin!



_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users