Sure, take your time, Fabrice. I have a special knack of running into troubles
in cases when others didn’t have any :)
Eugene
Sent from iPhone
> On Dec 12, 2017, at 18:18, Durand fabrice <[email protected]> wrote:
>
> Ok let me try to install the pki on the zen and i will be back to you.
>
> i have installed the pki on 10 servers not a long time ago without any issue.
>
>
>
>> Le 2017-12-12 à 20:52, E.P. a écrit :
>> Yes, db.sqlite3 was owned by root
>>
>> [root@PacketFence-ZEN packetfence-pki]# ls -al
>> total 56
>> drwxr-xr-x 7 pf pf 128 Dec 12 08:49 .
>> drwxr-xr-x. 15 root root 182 Dec 12 01:33 ..
>> drwxrws--- 2 pf pf 6 Nov 15 14:20 ca
>> drwxr-xr-x 2 pf pf 125 Dec 12 01:33 conf
>> -rw-r--r-- 1 root root 43008 Dec 12 08:44 db.sqlite3
>> drwxr-xr-x 2 pf pf 204 Dec 12 02:49 inverse
>> drwxrws--- 2 pf pf 90 Dec 12 01:35 logs
>> -rwxr--r-- 1 pf pf 250 Nov 15 14:20 manage.py
>> -rw-r--r-- 1 root root 6 Dec 12 08:49 packetfence-pki.pid
>> drwxr-xr-x 5 pf pf 4096 Dec 12 02:49 pki
>>
>> Changed the file ownership to pf:pf
>>
>> [root@PacketFence-ZEN packetfence-pki]# ls -al
>> total 100
>> drwxr-xr-x 7 pf pf 147 Dec 13 01:45 .
>> drwxr-xr-x. 15 root root 182 Dec 12 01:33 ..
>> drwxrws--- 2 pf pf 6 Nov 15 14:20 ca
>> drwxr-xr-x 2 pf pf 125 Dec 12 01:33 conf
>> -rw-r--r-- 1 pf pf 43008 Dec 13 01:45 db.sqlite3
>> drwxr-xr-x 2 pf pf 204 Dec 12 02:49 inverse
>> drwxrws--- 2 pf pf 90 Dec 12 01:35 logs
>> -rwxr--r-- 1 pf pf 250 Nov 15 14:20 manage.py
>> -rw-r--r-- 1 root root 5 Dec 13 01:43 packetfence-pki.pid
>> drwxr-xr-x 5 pf pf 4096 Dec 12 02:49 pki
>>
>> But trying to login to the PKI webpage brings me back to the same original
>> error “no such table: pki_ca” which I showed earlier. I tried to follow your
>> previous advise about renaming the db.sqlite3 file and running migration but
>> the behavior is consistent. Is it OK that the PKI process ID file is also
>> owned by root ?
>>
>> From: Fabrice Durand [mailto:[email protected]]
>> Sent: Tuesday, December 12, 2017 5:35 AM
>> To: E.P.; [email protected]
>> Subject: Re: [PacketFence-users] PKI installation
>>
>> Just change the owner of the sqlite file to pf and it should be ok.
>>
>> Btw all these steps are made in the packaging, so it probably failled or
>> never finish correctly.
>>
>> I will do a test on my side.
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>>
>> Le 2017-12-12 à 03:47, E.P. a écrit :
>> Well, we are getting closer ;)
>> Ran the python script to migrate the database it completed
>>
>> [root@PacketFence-ZEN packetfence-pki]# python manage.py migrate
>> Operations to perform:
>> Synchronize unmigrated apps: staticfiles, rest_framework, messages,
>> bootstrap3
>> Apply all migrations: authtoken, sessions, admin, auth, contenttypes, pki
>> Synchronizing apps without migrations:
>> Creating tables...
>> Running deferred SQL...
>> Installing custom SQL...
>> Running migrations:
>> Rendering model states... DONE
>> Applying contenttypes.0001_initial... OK
>> Applying auth.0001_initial... OK
>> Applying admin.0001_initial... OK
>> Applying contenttypes.0002_remove_content_type_name... OK
>> Applying auth.0002_alter_permission_name_max_length... OK
>> Applying auth.0003_alter_user_email_max_length... OK
>> Applying auth.0004_alter_user_username_opts... OK
>> Applying auth.0005_alter_user_last_login_null... OK
>> Applying auth.0006_require_contenttypes_0002... OK
>> Applying authtoken.0001_initial... OK
>> Applying pki.0001_initial... OK
>> Applying sessions.0001_initial... OK
>>
>> But the attempt to login to PKI failed again, now with a different error
>> message:
>>
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> OperationalError at /
>>
>> attempt to write a readonly database
>> Request Method:
>> POST
>> Request URL:
>> https://192.168.2.25:9393/
>> Django Version:
>> 1.8.1
>> Exception Type:
>> OperationalError
>> Exception Value:
>> attempt to write a readonly database
>> Exception Location:
>> /usr/lib/python2.7/site-packages/django/db/backends/sqlite3/base.py in
>> execute, line 318
>> Python Executable:
>> /bin/python
>> Python Version:
>> 2.7.5
>> Python Path:
>> ['/usr/lib64/python27.zip',
>> '/usr/lib64/python2.7',
>> '/usr/lib64/python2.7/plat-linux2',
>> '/usr/lib64/python2.7/lib-tk',
>> '/usr/lib64/python2.7/lib-old',
>> '/usr/lib64/python2.7/lib-dynload',
>> '/usr/lib64/python2.7/site-packages',
>> '/usr/lib/python2.7/site-packages',
>> '/usr/local/packetfence-pki',
>> '/usr/local/packetfence-pki/inverse']
>> Server time:
>> Tue, 12 Dec 2017 08:45:28 +0000
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>
>> From: Durand fabrice [mailto:[email protected]]
>> Sent: Monday, December 11, 2017 7:20 PM
>> To: E.P.; [email protected]
>> Subject: Re: [PacketFence-users] PKI installation
>>
>> Looks that the db hasn't been initialized , can you do that in
>> /usr/local/packetfence-pki
>>
>> rm db3.sqlite
>>
>> python manage.py migrate
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>>
>> Le 2017-12-11 à 21:55, E.P. a écrit :
>> I was a bit premature with my report that it worked ;)
>> After logging into the PKI page I ended up with this error:
>>
>> OperationalError at /
>> no such table: pki_ca
>>
>> Request Method:
>> POST
>> Request URL:
>> https://192.168.2.25:9393/
>> Django Version:
>> 1.8.1
>> Exception Type:
>> OperationalError
>> Exception Value:
>> no such table: pki_ca
>> Exception Location:
>> /usr/lib/python2.7/site-packages/django/db/backends/sqlite3/base.py in
>> execute, line 318
>> Python Executable:
>> /bin/python
>> Python Version:
>> 2.7.5
>> Python Path:
>> ['/usr/lib64/python27.zip',
>> '/usr/lib64/python2.7',
>> '/usr/lib64/python2.7/plat-linux2',
>> '/usr/lib64/python2.7/lib-tk',
>> '/usr/lib64/python2.7/lib-old',
>> '/usr/lib64/python2.7/lib-dynload',
>> '/usr/lib64/python2.7/site-packages',
>> '/usr/lib/python2.7/site-packages',
>> '/usr/local/packetfence-pki',
>> '/usr/local/packetfence-pki/inverse']
>> Server time:
>> Tue, 12 Dec 2017 02:53:21 +0000
>>
>>
>> And there’s a whole lot of traceback that I can show but it will make this
>> post unreadable
>>
>>
>> From: E.P. [mailto:[email protected]]
>> Sent: Monday, December 11, 2017 6:52 PM
>> To: 'Durand fabrice'; '[email protected]'
>> Subject: RE: [PacketFence-users] PKI installation
>>
>> Hm…
>> I was stubbornly persisting on this service showing in the output of netstat.
>> But now I can have the webpage for PKI come up. Strange…
>> But it looks like it is now working.
>> I REALLY appreciate your assistance, Fabrice, and the whole effort you do to
>> create and maintain this product.
>> I anticipate a pleasure after having it deployed and tuned to our
>> requirements
>>
>> Eugene
>>
>> From: E.P. [mailto:[email protected]]
>> Sent: Monday, December 11, 2017 6:44 PM
>> To: 'Durand fabrice'; [email protected]
>> Subject: RE: [PacketFence-users] PKI installation
>>
>> Yes, Fabrice, I made sure I uncommented iptables rules for this service.
>> Here’s the extract from iptables.conf file:
>>
>> # PacketFence-PKI
>> -A input-management-if --protocol tcp --match tcp --dport 9393 --jump ACCEPT
>> -A input-management-if --protocol tcp --match tcp --dport 9292 --jump ACCEPT
>>
>> Here’s the extract from the output of “iptables –L”
>>
>>
>> Chain input-management-if (1 references)
>> target prot opt source destination
>> ACCEPT tcp -- anywhere anywhere state NEW tcp
>> dpt:ssh
>> ACCEPT tcp -- anywhere anywhere tcp dpt:http
>> ACCEPT tcp -- anywhere anywhere tcp dpt:https
>> ACCEPT tcp -- anywhere anywhere tcp dpt:ies-lm
>> ACCEPT tcp -- anywhere anywhere tcp dpt:websm
>> ACCEPT tcp -- anywhere anywhere tcp dpt:arcp
>> ACCEPT tcp -- anywhere anywhere tcp
>> dpt:sun-as-jpda
>> ACCEPT tcp -- anywhere anywhere tcp
>> dpt:marcam-lm
>> ACCEPT tcp -- anywhere anywhere tcp
>> dpt:armtechdaemon
>> ACCEPT tcp -- anywhere anywhere tcp
>> dpt:cslistener
>> ACCEPT tcp -- anywhere anywhere tcp dpt:mailbox
>> ACCEPT tcp -- anywhere anywhere tcp
>> dpt:afs3-prserver
>> ACCEPT tcp -- anywhere anywhere tcp dpt:radius
>> ACCEPT udp -- anywhere anywhere udp dpt:radius
>> ACCEPT tcp -- anywhere anywhere tcp
>> dpt:radius-acct
>> ACCEPT udp -- anywhere anywhere udp
>> dpt:radius-acct
>> ACCEPT tcp -- anywhere anywhere tcp dpt:mmpft
>> ACCEPT udp -- anywhere anywhere udp dpt:mmpft
>> ACCEPT tcp -- anywhere anywhere tcp dpt:radsec
>> ACCEPT udp -- anywhere anywhere udp
>> dpt:snmptrap
>> ACCEPT udp -- anywhere anywhere udp dpt:bootps
>> ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
>> ACCEPT tcp -- anywhere anywhere tcp dpt:9392
>> ACCEPT tcp -- anywhere anywhere tcp dpt:8834
>> ACCEPT tcp -- anywhere anywhere tcp dpt:9393
>>
>> And nothing to listen on port 9393
>>
>> [root@PacketFence-ZEN conf]# netstat -antlp | grep 9393
>> Press any key to continue...
>>
>>
>>
>> --
>> Fabrice Durand
>> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://packetfence.org)
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
