Re: [OpenXPKI-users] fresh OpenXPKI not starting

Fri, 11 Oct 2024 01:23:28 -0700 

Hi Oli,
thanks for the hint, that was the reason. When I wrote I followed the instructions I should written I "followed" the instructions. I feel stupid :-D. 


My error was in taking the liberty and "correcting" the relative path of 
the symlinks. First, there are lots of symlinks like

```
ln -s ../../realm.tpl/uicontrol/
```
But then comes
```
ln -s ../../../realm.tpl/profile/template/ profile/
```
with three times "../".


It's not my first time I've fallen into this trap :-D. I always need to 
remind myself that the target of `ln` is not an actual file but just the 
content of the symlink.



After correcting this and my following errors, openxpki starts now. So 
I'm ready to do some evaluation.



I'm optimistic openxpki is more than enough for our use-cases. At the 
moment, we used puppet to provision our clients and servers but puppet 
is a nightmare in matters of module upgrade compatibility. One big 
advantage, though, was its integrated PKI which we used for provisioning 
OpenVPN on the clients.



We already decided to go with Saltstack as a replacement for configuring 
the clients but we'd need to issues certificates for the VPN in a 
scriptable way. Maybe I'll find some other uses, too, e.g. SSH certs.


--
Besten Gruß

Masin Wiedner
IT Systemadministrator Wikimedia Deutschland e.V.

Wikimedia Deutschland e. V. | Tempelhofer Ufer 23–24 | 10963 Berlin
Tel. +49 (0)30-577 11 62-0
https://wikimedia.de


Bleiben Sie auf dem neuesten Stand! Aktuelle Nachrichten und spannende 
Geschichten rund um Wikimedia, Wikipedia und Freies Wissen im 
Newsletter: Zur Anmeldung.



Unsere Vision ist eine Welt, in der alle Menschen am Wissen der 
Menschheit teilhaben, es nutzen und mehren können. Helfen Sie uns dabei!

https://spenden.wikimedia.de


Wikimedia Deutschland — Gesellschaft zur Förderung Freien Wissens e. V. 
Eingetragen im Vereinsregister des Amtsgerichts Berlin-Charlottenburg 
unter der Nummer 23855 B. Als gemeinnützig anerkannt durch das Finanzamt 
für Körperschaften I Berlin, Steuernummer 27/029/42207.


Am 10.10.24 um 19:32 schrieb Oliver Welter:

Hi Masin,

really nice to see Wikimedia is going to use our software ;)


Oh well all this branching stuff is to keep your config up to date but 
yes I admit it looks a bit overdone.



If you are missing that much fields and actions, an educated guess would 
be that  the symlink in "wmde/workflow/global" is missing. The "baseurl" 
is used to create the links in the notification emails, its not required 
to get the system up and running at all.


Oli

On 10.10.24 15:28, Masin Wiedner wrote:

Hi!


I followed the documentation at https://openxpki.readthedocs.io/en/ 
stable/quickstart.html to setup OpenXPKI. I installed it into an LX 
container based upon Debian Bookworm. I deviated from the instructions 
by using a dedicated DB server instead of localhost and using a 
different password.



I skipped the section "Sample / Demo Configuration" and went directly 
to "Production Configuration". I mostly followed the instructions re 
openxpki-config repository (https://github.com/openxpki/openxpki- 
config). I deviated there when it came to `git` stuff, "Single Branch 
Approach". I'm not entirely sure what the use-case is for me to create 
my own branch. I guess whoever wrote this is used to store the PKI 
config in a git repo but it's not really mentioned there.


I added my realm to config.d/system/realms.yaml

```
wmde:
    label: Wikimedia Deutschland CA
    baseurl: https://pki.wmde.org/openxpki/
```


I can't find any documentation on the meaning of baseurl. What's its 
function? Do I need to provide it before starting the service?



I followed "Define your Realms" with all its `ln -s` and `cp` and `rm` 
operations. I then copied the home.html but didn't change any of the 
"Default Profiles" not did I "Customize i18n". As I didn't change 
anything I didn't run `make mo-install`.



When running `openxpkictl --debug *:5 start` I get the following lines 
in the stderr.log:


```

2024-10-10 13:06:45.915318 DEBUG:1 PID:9615 
O:S:Init::__do_init_prepare_daemon (line 225): init prepare daemon
2024-10-10 13:06:45.915447 DEBUG:1 PID:9615 O:S:Init::__do_init_dbi 
(line 282): init dbi
2024-10-10 13:06:45.915544 DEBUG:1 PID:9615 O:S:Init::get_database 
(line 450): start
2024-10-10 13:06:45.925902 DEBUG:4 PID:9615 
O:S:Database::_build_dbix_handler (line 227): DSN: 
dbi:MariaDB:host=db2-my;database=openxpki
2024-10-10 13:06:45.926019 DEBUG:4 PID:9615 
O:S:Database::_build_dbix_handler (line 228): User: openxpki
2024-10-10 13:06:45.926155 DEBUG:4 PID:9615 
O:S:Database::_build_dbix_handler (line 233): Additional connect() 
attributes: mariadb_bind_type_guessing = 0 | mariadb_auto_reconnect = 0
2024-10-10 13:06:46.031638 DEBUG:1 PID:9615 O:S:Context::setcontext 
(line 118): start
2024-10-10 13:06:46.035432 DEBUG:4 PID:9615 
O:S:Database::QueryBuilder::_make_query (line 88): 
SQL::Abstract::More->select(-columns = ['datapool_value'], -from = 
'datapool', -limit = 1, -where = {'datapool_key' => 
'dbschema','namespace' => 'config','pki_realm' => ''})
2024-10-10 13:06:46.036910 DEBUG:1 PID:9615 
O:S:Init::__do_init_dbi_log (line 274): init dbi log
2024-10-10 13:06:46.036980 DEBUG:1 PID:9615 O:S:Init::get_database 
(line 450): start
2024-10-10 13:06:46.037583 DEBUG:4 PID:9615 
O:S:Database::_build_dbix_handler (line 227): DSN: 
dbi:MariaDB:host=db2-my;database=openxpki
2024-10-10 13:06:46.037669 DEBUG:4 PID:9615 
O:S:Database::_build_dbix_handler (line 228): User: openxpki
2024-10-10 13:06:46.037801 DEBUG:4 PID:9615 
O:S:Database::_build_dbix_handler (line 233): Additional connect() 
attributes: mariadb_auto_reconnect = 0 | mariadb_bind_type_guessing = 0
2024-10-10 13:06:46.038802 DEBUG:1 PID:9615 O:S:Context::setcontext 
(line 118): start
2024-10-10 13:06:46.038888 DEBUG:1 PID:9615 
O:S:Init::__do_init_crypto_layer (line 243): init crypto layer
2024-10-10 13:06:46.038997 DEBUG:1 PID:9615 O:S:Init::get_crypto_layer 
(line 418): start
2024-10-10 13:06:46.039281 DEBUG:1 PID:9615 
OpenXPKI::Crypto::TokenManager::new (line 37): start
2024-10-10 13:06:46.039341 DEBUG:1 PID:9615 
OpenXPKI::Crypto::TokenManager::get_system_token (line 156): start

Debugging module 'OpenXPKI::Crypto::API' with bitmask 111.
Debugging module 'OpenXPKI::Crypto::Backend::API' with bitmask 111.
Debugging module 'OpenXPKI::Crypto::CLI' with bitmask 111.
Debugging module 'OpenXPKI::Crypto::Toolkit' with bitmask 111.

Debugging module 'OpenXPKI::Crypto::Backend::OpenSSL::Config' with 
bitmask 111.

Debugging module 'OpenXPKI::DN' with bitmask 111.
Debugging module 'OpenXPKI::Crypto::Backend::OpenSSL' with bitmask 111.

Debugging module 'OpenXPKI::Crypto::Backend::OpenSSL::Engine' with 
bitmask 111.
2024-10-10 13:06:46.150596 DEBUG:2 PID:9615 
OpenXPKI::Crypto::Backend::OpenSSL::Engine::new (line 26): new: class 
instantiated
Debugging module 'OpenXPKI::Crypto::Backend::OpenSSL::CLI' with 
bitmask 111.
2024-10-10 13:06:46.151562 DEBUG:4 PID:9615 
OpenXPKI::Crypto::CLI::START (line 38): check TMP
2024-10-10 13:06:46.151620 DEBUG:4 PID:9615 
OpenXPKI::Crypto::CLI::START (line 49): check SHELL
2024-10-10 13:06:46.151671 DEBUG:4 PID:9615 
OpenXPKI::Crypto::CLI::START (line 55): check ENGINE
2024-10-10 13:06:46.151758 DEBUG:1 PID:9615 
OpenXPKI::FileUtils::__get_safe_template (line 321): start
2024-10-10 13:06:46.151808 DEBUG:2 PID:9615 
OpenXPKI::FileUtils::__get_safe_template (line 329): check TMP
2024-10-10 13:06:46.151857 DEBUG:2 PID:9615 
OpenXPKI::FileUtils::__get_safe_template (line 340): build template
2024-10-10 13:06:46.152115 DEBUG:1 PID:9615 
OpenXPKI::FileUtils::__get_safe_template (line 321): start
2024-10-10 13:06:46.152164 DEBUG:2 PID:9615 
OpenXPKI::FileUtils::__get_safe_template (line 329): check TMP
2024-10-10 13:06:46.152213 DEBUG:2 PID:9615 
OpenXPKI::FileUtils::__get_safe_template (line 340): build template
2024-10-10 13:06:46.152456 DEBUG:2 PID:9615 
OpenXPKI::Crypto::TokenManager::get_system_token (line 188): token added
2024-10-10 13:06:46.152510 DEBUG:2 PID:9615 
OpenXPKI::Crypto::TokenManager::get_system_token (line 192): token is 
present
2024-10-10 13:06:46.152586 DEBUG:1 PID:9615 
OpenXPKI::Crypto::Toolkit::online (line 509): start
2024-10-10 13:06:46.152641 DEBUG:2 PID:9615 
OpenXPKI::Crypto::TokenManager::get_system_token (line 196): token is 
usable
2024-10-10 13:06:46.152723 DEBUG:1 PID:9615 
OpenXPKI::Crypto::TokenManager::new (line 63): end - token manager is 
ready
2024-10-10 13:06:46.152778 DEBUG:1 PID:9615 O:S:Context::setcontext 
(line 118): start
2024-10-10 13:06:46.153691 DEBUG:1 PID:9615 O:S:Context::setcontext 
(line 118): start
2024-10-10 13:06:46.153773 DEBUG:1 PID:9615 O:S:Init::__do_init_api2 
(line 308): init api2
2024-10-10 13:06:46.153954 DEBUG:1 PID:9615 O:S:Context::setcontext 
(line 118): start
2024-10-10 13:06:46.154033 DEBUG:1 PID:9615 
O:S:Init::__do_init_workflow_factory (line 171): init workflow factory
2024-10-10 13:06:46.154108 DEBUG:1 PID:9615 
OpenXPKI::Workflow::Handler::load_default_factories (line 41): start
2024-10-10 13:06:46.154337 DEBUG:1 PID:9615 
OpenXPKI::Workflow::Handler::get_factory (line 112): start
2024-10-10 13:06:46.154415 DEBUG:1 PID:9615 
OpenXPKI::Workflow::Config::_build_workflow_config (line 41): start 
config
2024-10-10 13:06:46.221485 DEBUG:1 PID:9615 
OpenXPKI::Exception::full_message (line 118): exception thrown: Field 
name used in workflow config is not defined; __action__ => initialize, 
__field__ => reason_code, __workflow__ => certificate_bulk_revoke
2024-10-10 13:06:46.221967 DEBUG:1 PID:9615 O:S:__log_and_die (line 
783): start
2024-10-10 13:06:46.222376 DEBUG:1 PID:9615 
OpenXPKI::Exception::full_message (line 118): exception thrown: Field 
name used in workflow config is not defined; __action__ => initialize, 
__field__ => reason_code, __workflow__ => certificate_bulk_revoke
2024-10-10 13:06:46.222467 DEBUG:1 PID:9615 
OpenXPKI::Exception::full_message (line 118): exception thrown: Field 
name used in workflow config is not defined; __action__ => initialize, 
__field__ => reason_code, __workflow__ => certificate_bulk_revoke
2024-10-10 13:06:46.222747 DEBUG:1 PID:9615 O:S:__log_and_die (line 
805): end, dying
Exception during server initialization: Field name used in workflow 
config is not defined; __action__ => initialize, __field__ => 
reason_code, __workflow__ => certificate_bulk_revoke (Field name used 
in workflow config is not defined; __action__ => initialize, __field__ 
=> reason_code, __workflow__ => certificate_bulk_revoke) at /usr/ 
share/perl5/OpenXPKI/Server.pm line 806.

```


I had some fun commenting the lines with the field names it's 
complaining about. But after commenting out every single mentioned 
field name it complained about "key_format" which does not exist in 
the file. When I delete the symlink to certificate_bulk_revoke.yaml it 
starts complaining about similar errors in the next file, 
certificate_privkey_export.yaml. I don't think there's anything wrong 
with those files rather than me having done something wrong.


The output of `openxpkictl` itself isn't that exciting. It's result is
```
OpenXPKI server is not running or does not accept requests.
Status check failed
```
with exit code 2.


I guess I did something wrong or incomplete. Does anyone have a hint 
on how to investigate?






_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users






















					Reply via email to