Re: [Users] Trusted Pools and CentOS 6 packages
So you will not see below error after copying the .cer & .jks again, right? ### ecStorage = NVRAM### Performing TPM provisioning...FAILED javax.xml.ws.WebServiceException: Failed to access the WSDL at: https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2FactorySe rvice?wsdl. It failed with: Connection refused. As to below errors: Performing HIS identity provisioning...FAILED java.util.NoSuchElementException at java.util.StringTokenizer.nextToken(StringTokenizer.java:349) at gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:215) at gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:292) at gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j ava:225) Failed to receive AIC from Privacy CA, error 1 Registering identity with server...FAILED java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.(FileInputStream.java:137) at java.io.FileInputStream.(FileInputStream.java:96) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99 ) Failed to register identity with appraiser, error 1 Missing of aik.cer is the subsequence of HIS identity provisioning failure. The key is: java.util.NoSuchElementException at java.util.StringTokenizer.nextToken(StringTokenizer.java:349) at gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:215) Which is mostly caused by incorrect tpm owner auth. This is actually the issue occurred in your first try. So I doubt the oat-client rpm you reinstalled is still the old one in your local cache. Please try to uninstall oat-client, yum clean, then yum install oat-client, and then try again. Thanks Jimmy > -Original Message- > From: Nicolae Paladi [mailto:n.pal...@gmail.com] > Sent: Friday, November 15, 2013 4:08 PM > To: Wei, Gang > Cc: Doron Fediuck; users@ovirt.org > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > Hi, > > I have done that and reran provisioner.sh with the same result. > > As I understand, I am copying the files _PrivacyCA.cer_ and _TrustStore.jks_ to > /usr/share/oat-client, > while the java error complains about the missing file _aik.cer_, as follows: > > java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or > directory) > at java.io.FileInputStream.open(Native Method) > at java.io.FileInputStream.(FileInputStream.java:146) > at java.io.FileInputStream.(FileInputStream.java:101) > at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) > at gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99 ) > > is the file _aik.cer_ supposed to be generated at some point here? > > Just to clarify, I am using CentOS 6.4, TruSerS and tpm-tools. > > Cheers, > /Nicolae. > > > > On 15 November 2013 03:23, Wei, Gang wrote: > > > So, just as what I suggested in last mail, please copy the files from server > to client again and run provisioner.sh: > > > > 1.3.1 copy PrivacyCA.cer and TrustStore.jks from appraiser to client. > > Copy :/var/lib/oat-appraiser/ClientFiles/PrivacyCA.cer > to :/usr/share/oat-client/ > > Copy :/var/lib/oat-appraiser/ClientFiles/TrustStore.jks > to :/usr/share/oat-client/ > > Notes: please repeat above steps in case you have re-deployed your oat > appraiser. > > > > Thanks > > Jimmy > > > > From: Nicolae Paladi [mailto:n.pal...@gmail.com] > Sent: Thursday, November 14, 2013 6:30 PM > > > To: Wei, Gang > Cc: Doron Fediuck; users@ovirt.org > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > > > > > Hi, > > > > > > As far as I see, port 8443 is not occupied and tomcat6 is running: > > > > root@host /usr/share/oat-client/script # netstat -anp | grep 8443 > > root@host /usr/share/oat-client/script # service tomcat6 status > > tomcat6 (pid 30950) is running... [ OK ] > > > > > > Also, just in case, I've checked if disabling iptables helps, and it doesn't; > > > > > > In the error trace, there is a line: > > java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file > or directory) > > > > and indeed, there is not file aik.cer at /usr/share/oat-client/aik.cer; when > is it supposed to > > be generated? > > > >
Re: [Users] Trusted Pools and CentOS 6 packages
Hi, I have done that and reran provisioner.sh with the same result. As I understand, I am copying the files _PrivacyCA.cer_ and _TrustStore.jks_ to /usr/share/oat-client, while the java error complains about the missing file _aik.cer_, as follows: *java.io.FileNotFoundException: /usr/share/oat-client/aik.cer* (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.(FileInputStream.java:146) at java.io.FileInputStream.(FileInputStream.java:101) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99) is the file _aik.cer_ supposed to be generated at some point here? Just to clarify, I am using CentOS 6.4, TruSerS and tpm-tools. Cheers, /Nicolae. On 15 November 2013 03:23, Wei, Gang wrote: > So, just as what I suggested in last mail, please copy the files from > server to client again and run provisioner.sh: > > > > *1.3.1 copy PrivacyCA.cer and TrustStore.jks from appraiser to client.* > > Copy :/var/lib/oat-appraiser/ClientFiles/PrivacyCA.cer to > :/usr/share/oat-client/ > > Copy :/var/lib/oat-appraiser/ClientFiles/TrustStore.jks to > :/usr/share/oat-client/ > > *Notes: please repeat above steps in case you have re-deployed your oat > appraiser.* > > > > Thanks > > Jimmy > > > > *From:* Nicolae Paladi [mailto:n.pal...@gmail.com] > *Sent:* Thursday, November 14, 2013 6:30 PM > > *To:* Wei, Gang > *Cc:* Doron Fediuck; users@ovirt.org > *Subject:* Re: [Users] Trusted Pools and CentOS 6 packages > > > > Hi, > > > > > > As far as I see, port 8443 is not occupied and tomcat6 is running: > > > > root@host /usr/share/oat-client/script # netstat -anp | grep 8443 > > root@host /usr/share/oat-client/script # service tomcat6 status > > tomcat6 (pid 30950) is running... [ OK ] > > > > > > Also, just in case, I've checked if disabling iptables helps, and it > doesn't; > > > > > > In the error trace, there is a line: > > *java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such > file or directory)* > > > > and indeed, there is not file aik.cer at /usr/share/oat-client/aik.cer; > when is it supposed to > > be generated? > > > > cheers, > > /Nicolae > > > > > > On 14 November 2013 04:32, Wei, Gang wrote: > > And you need to copy files from server to client before you try to run > provisioner.sh every time you run OAT_configure.sh again. > > Jimmy > > > > > -Original Message- > > From: Wei, Gang > > Sent: Thursday, November 14, 2013 11:26 AM > > To: Nicolae Paladi > > Cc: Doron Fediuck; users@ovirt.org; Wei, Gang > > Subject: RE: [Users] Trusted Pools and CentOS 6 packages > > > > Can you try netstat -anp | grep 8443? Maybe it is occupied by apache. > > > > Meanwhile check whether tomcat is up. > > > > Jimmy > > > > > > > -Original Message- > > > From: Nicolae Paladi [mailto:n.pal...@gmail.com] > > > Sent: Wednesday, November 13, 2013 10:43 PM > > > To: Wei, Gang > > > Cc: Doron Fediuck; users@ovirt.org > > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > > > > > Hi, > > > > > > I am using port 8443, since no other process -- as far as I know -- is > > using it; > > > > > > below you will find all of the requested configuration files: > > > > > > Contents of /etc/oat_client/*: > > > log4j.properties: http://pastebin.com/MQLM68vs > > > OAT.properties: http://pastebin.com/LwHihxah > > > OATprovisioner.properties: http://pastebin.com/0x5TShtZ > > > TPMModule.properties: http://pastebin.com/hvw9gfRE > > > > > > > > > server.xml: http://pastebin.com/VZ9Vk6iC > > > OAT_client.sh: http://pastebin.com/St4yCGcF > > > > > > provisioner.sh: http://pastebin.com/RedqQt8V > > > > > > > > > cheers, > > > /Nicolae. > > > > > > > > > On 13 November 2013 14:47, Wei, Gang wrote: > > > > > > > > > This time it failed earlier. Looks like the PCA webservice2 was not > > > listening on 8443 port. Have you replaced the port 8443 with 8442 > in > > > server > > > side ($TOMCAT_HOME/conf/server.xml) but not change it in client > side > > > (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443 port is > > occupied > > > by another app? > > > > > > Please copy t
Re: [Users] Trusted Pools and CentOS 6 packages
Hi, As far as I see, port 8443 is not occupied and tomcat6 is running: root@host /usr/share/oat-client/script # netstat -anp | grep 8443 root@host /usr/share/oat-client/script # service tomcat6 status tomcat6 (pid 30950) is running... [ OK ] Also, just in case, I've checked if disabling iptables helps, and it doesn't; In the error trace, there is a line: *java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory)* and indeed, there is not file aik.cer at /usr/share/oat-client/aik.cer; when is it supposed to be generated? cheers, /Nicolae On 14 November 2013 04:32, Wei, Gang wrote: > And you need to copy files from server to client before you try to run > provisioner.sh every time you run OAT_configure.sh again. > > Jimmy > > > > -Original Message- > > From: Wei, Gang > > Sent: Thursday, November 14, 2013 11:26 AM > > To: Nicolae Paladi > > Cc: Doron Fediuck; users@ovirt.org; Wei, Gang > > Subject: RE: [Users] Trusted Pools and CentOS 6 packages > > > > Can you try netstat -anp | grep 8443? Maybe it is occupied by apache. > > > > Meanwhile check whether tomcat is up. > > > > Jimmy > > > > > > > -Original Message- > > > From: Nicolae Paladi [mailto:n.pal...@gmail.com] > > > Sent: Wednesday, November 13, 2013 10:43 PM > > > To: Wei, Gang > > > Cc: Doron Fediuck; users@ovirt.org > > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > > > > > Hi, > > > > > > I am using port 8443, since no other process -- as far as I know -- is > > using it; > > > > > > below you will find all of the requested configuration files: > > > > > > Contents of /etc/oat_client/*: > > > log4j.properties: http://pastebin.com/MQLM68vs > > > OAT.properties: http://pastebin.com/LwHihxah > > > OATprovisioner.properties: http://pastebin.com/0x5TShtZ > > > TPMModule.properties: http://pastebin.com/hvw9gfRE > > > > > > > > > server.xml: http://pastebin.com/VZ9Vk6iC > > > OAT_client.sh: http://pastebin.com/St4yCGcF > > > > > > provisioner.sh: http://pastebin.com/RedqQt8V > > > > > > > > > cheers, > > > /Nicolae. > > > > > > > > > On 13 November 2013 14:47, Wei, Gang wrote: > > > > > > > > > This time it failed earlier. Looks like the PCA webservice2 was not > > > listening on 8443 port. Have you replaced the port 8443 with 8442 > in > > > server > > > side ($TOMCAT_HOME/conf/server.xml) but not change it in client > side > > > (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443 port is > > occupied > > > by another app? > > > > > > Please copy the content from your current server.xml, > OAT_client.sh, > > > provisioner.sh and /etc/oat-client/* into the content of your reply > > for > > > analysis. (don't attach *.sh as attachments, that will get filtered > > by my > > > company's mailing system). > > > > > > Thanks > > > Jimmy > > > > > > > > > > > > > -Original Message- > > > > From: Nicolae Paladi [mailto:n.pal...@gmail.com] > > > > Sent: Wednesday, November 13, 2013 7:01 PM > > > > To: Wei, Gang > > > > Cc: Doron Fediuck; users@ovirt.org > > > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > > > > > > > > > > Hi, > > > > > > > > thank you for the feedback; > > > > I've gone through the steps again, but obtained the exactly same > > > problem: > > > > > > > > 1. I removed all of the previously installed packaged related to > > OAT. > > > > > > > > 2. I followed the tutorial, until this command: > > > > > > > > bash provisioner.sh > > > > > > > > provisioner.sh: line 7: systemctl: command not found > > > > ### ecStorage = NVRAM### > > > > Performing TPM provisioning...FAILED > > > > javax.xml.ws.WebServiceException: Failed to access the WSDL at: > > > > > > > > > > https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor > > > > yService?wsdl. It failed with: > > > > Connection refused. > > > >
Re: [Users] Trusted Pools and CentOS 6 packages
And you need to copy files from server to client before you try to run provisioner.sh every time you run OAT_configure.sh again. Jimmy > -Original Message- > From: Wei, Gang > Sent: Thursday, November 14, 2013 11:26 AM > To: Nicolae Paladi > Cc: Doron Fediuck; users@ovirt.org; Wei, Gang > Subject: RE: [Users] Trusted Pools and CentOS 6 packages > > Can you try netstat -anp | grep 8443? Maybe it is occupied by apache. > > Meanwhile check whether tomcat is up. > > Jimmy > > > > -Original Message- > > From: Nicolae Paladi [mailto:n.pal...@gmail.com] > > Sent: Wednesday, November 13, 2013 10:43 PM > > To: Wei, Gang > > Cc: Doron Fediuck; users@ovirt.org > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > > > Hi, > > > > I am using port 8443, since no other process -- as far as I know -- is > using it; > > > > below you will find all of the requested configuration files: > > > > Contents of /etc/oat_client/*: > > log4j.properties: http://pastebin.com/MQLM68vs > > OAT.properties: http://pastebin.com/LwHihxah > > OATprovisioner.properties: http://pastebin.com/0x5TShtZ > > TPMModule.properties: http://pastebin.com/hvw9gfRE > > > > > > server.xml: http://pastebin.com/VZ9Vk6iC > > OAT_client.sh: http://pastebin.com/St4yCGcF > > > > provisioner.sh: http://pastebin.com/RedqQt8V > > > > > > cheers, > > /Nicolae. > > > > > > On 13 November 2013 14:47, Wei, Gang wrote: > > > > > > This time it failed earlier. Looks like the PCA webservice2 was not > > listening on 8443 port. Have you replaced the port 8443 with 8442 in > > server > > side ($TOMCAT_HOME/conf/server.xml) but not change it in client side > > (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443 port is > occupied > > by another app? > > > > Please copy the content from your current server.xml, OAT_client.sh, > > provisioner.sh and /etc/oat-client/* into the content of your reply > for > > analysis. (don't attach *.sh as attachments, that will get filtered > by my > > company's mailing system). > > > > Thanks > > Jimmy > > > > > > > > > -Original Message- > > > From: Nicolae Paladi [mailto:n.pal...@gmail.com] > > > Sent: Wednesday, November 13, 2013 7:01 PM > > > To: Wei, Gang > > > Cc: Doron Fediuck; users@ovirt.org > > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > > > > > > > Hi, > > > > > > thank you for the feedback; > > > I've gone through the steps again, but obtained the exactly same > > problem: > > > > > > 1. I removed all of the previously installed packaged related to > OAT. > > > > > > 2. I followed the tutorial, until this command: > > > > > > bash provisioner.sh > > > > > > provisioner.sh: line 7: systemctl: command not found > > > ### ecStorage = NVRAM### > > > Performing TPM provisioning...FAILED > > > javax.xml.ws.WebServiceException: Failed to access the WSDL at: > > > > > > https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor > > > yService?wsdl. It failed with: > > > Connection refused. > > > at > > > > > > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP > > > arser.java:162) > > > at > > > > > > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j > > > ava:144) > > > at > > > > > > com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav > > > a:265) > > > at > > > > > > com.sun.xml.ws.client.WSServiceDelegate.(WSServiceDelegate.java:228) > > > at > > > > > > com.sun.xml.ws.client.WSServiceDelegate.(WSServiceDelegate.java:176) > > > at > > > > > > com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.jav > > a:104 > > > ) > > > at javax.xml.ws.Service.(Service.java:77) > > > at > > > > > > gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWe > > bSer > > > > >
Re: [Users] Trusted Pools and CentOS 6 packages
Can you try netstat -anp | grep 8443? Maybe it is occupied by apache. Meanwhile check whether tomcat is up. Jimmy > -Original Message- > From: Nicolae Paladi [mailto:n.pal...@gmail.com] > Sent: Wednesday, November 13, 2013 10:43 PM > To: Wei, Gang > Cc: Doron Fediuck; users@ovirt.org > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > Hi, > > I am using port 8443, since no other process -- as far as I know -- is using it; > > below you will find all of the requested configuration files: > > Contents of /etc/oat_client/*: > log4j.properties: http://pastebin.com/MQLM68vs > OAT.properties: http://pastebin.com/LwHihxah > OATprovisioner.properties: http://pastebin.com/0x5TShtZ > TPMModule.properties: http://pastebin.com/hvw9gfRE > > > server.xml: http://pastebin.com/VZ9Vk6iC > OAT_client.sh: http://pastebin.com/St4yCGcF > > provisioner.sh: http://pastebin.com/RedqQt8V > > > cheers, > /Nicolae. > > > On 13 November 2013 14:47, Wei, Gang wrote: > > > This time it failed earlier. Looks like the PCA webservice2 was not > listening on 8443 port. Have you replaced the port 8443 with 8442 in > server > side ($TOMCAT_HOME/conf/server.xml) but not change it in client side > (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443 port is occupied > by another app? > > Please copy the content from your current server.xml, OAT_client.sh, > provisioner.sh and /etc/oat-client/* into the content of your reply for > analysis. (don't attach *.sh as attachments, that will get filtered by my > company's mailing system). > > Thanks > Jimmy > > > > > -Original Message- > > From: Nicolae Paladi [mailto:n.pal...@gmail.com] > > Sent: Wednesday, November 13, 2013 7:01 PM > > To: Wei, Gang > > Cc: Doron Fediuck; users@ovirt.org > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > > > > Hi, > > > > thank you for the feedback; > > I've gone through the steps again, but obtained the exactly same > problem: > > > > 1. I removed all of the previously installed packaged related to OAT. > > > > 2. I followed the tutorial, until this command: > > > > bash provisioner.sh > > > > provisioner.sh: line 7: systemctl: command not found > > ### ecStorage = NVRAM### > > Performing TPM provisioning...FAILED > > javax.xml.ws.WebServiceException: Failed to access the WSDL at: > > > https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor > > yService?wsdl. It failed with: > > Connection refused. > > at > > > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP > > arser.java:162) > > at > > > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j > > ava:144) > > at > > > com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav > > a:265) > > at > > > com.sun.xml.ws.client.WSServiceDelegate.(WSServiceDelegate.java:228) > > at > > > com.sun.xml.ws.client.WSServiceDelegate.(WSServiceDelegate.java:176) > > at > > > com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.jav > a:104 > > ) > > at javax.xml.ws.Service.(Service.java:77) > > at > > > gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWe > bSer > > > vice2FactoryServiceService.(HisPrivacyCAWebService2FactoryService > Servi > > ce.java:42) > > at > > > gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWe > bSer > > > vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli > > entInvoker.java:32) > > at > > > gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205) > > Caused by: java.net.ConnectException: Connection refused > > at java.net.PlainSocketImpl.socketConnect(Native Method) > > at > > > java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.jav > a:339 > > ) > > at > > > java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketI > mpl.j > >
Re: [Users] Trusted Pools and CentOS 6 packages
Hi, I am using port 8443, since no other process -- as far as I know -- is using it; below you will find all of the requested configuration files: Contents of /etc/oat_client/*: log4j.properties: http://pastebin.com/MQLM68vs OAT.properties: http://pastebin.com/LwHihxah OATprovisioner.properties: http://pastebin.com/0x5TShtZ TPMModule.properties: http://pastebin.com/hvw9gfRE server.xml: http://pastebin.com/VZ9Vk6iC OAT_client.sh: http://pastebin.com/St4yCGcF provisioner.sh: http://pastebin.com/RedqQt8V cheers, /Nicolae. On 13 November 2013 14:47, Wei, Gang wrote: > This time it failed earlier. Looks like the PCA webservice2 was not > listening on 8443 port. Have you replaced the port 8443 with 8442 in server > side ($TOMCAT_HOME/conf/server.xml) but not change it in client side > (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443 port is occupied > by another app? > > Please copy the content from your current server.xml, OAT_client.sh, > provisioner.sh and /etc/oat-client/* into the content of your reply for > analysis. (don't attach *.sh as attachments, that will get filtered by my > company's mailing system). > > Thanks > Jimmy > > > > -Original Message- > > From: Nicolae Paladi [mailto:n.pal...@gmail.com] > > Sent: Wednesday, November 13, 2013 7:01 PM > > To: Wei, Gang > > Cc: Doron Fediuck; users@ovirt.org > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > > > Hi, > > > > thank you for the feedback; > > I've gone through the steps again, but obtained the exactly same problem: > > > > 1. I removed all of the previously installed packaged related to OAT. > > > > 2. I followed the tutorial, until this command: > > > > bash provisioner.sh > > > > provisioner.sh: line 7: systemctl: command not found > > ### ecStorage = NVRAM### > > Performing TPM provisioning...FAILED > > javax.xml.ws.WebServiceException: Failed to access the WSDL at: > > > https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor > > yService?wsdl. It failed with: > > Connection refused. > > at > > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP > > arser.java:162) > > at > > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j > > ava:144) > > at > > com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav > > a:265) > > at > > > com.sun.xml.ws.client.WSServiceDelegate.(WSServiceDelegate.java:228) > > at > > > com.sun.xml.ws.client.WSServiceDelegate.(WSServiceDelegate.java:176) > > at > > > com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104 > > ) > > at javax.xml.ws.Service.(Service.java:77) > > at > > > gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWebSer > > > > vice2FactoryServiceService.(HisPrivacyCAWebService2FactoryServiceServi > > ce.java:42) > > at > > > gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWebSer > > > vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli > > entInvoker.java:32) > > at > > > gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205) > > Caused by: java.net.ConnectException: Connection refused > > at java.net.PlainSocketImpl.socketConnect(Native Method) > > at > > > java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339 > > ) > > at > > > java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.j > > ava:200) > > at > > > java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182) > > at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) > > at java.net.Socket.connect(Socket.java:579) > > at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618) > > at > > sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160) > > at sun.net.NetworkClient.doConnect(NetworkClient.java:180) > > at sun.net.www.http.HttpClient.openServer(HttpClient.java:432) > > at sun.net.www.http.HttpClient.openServer(HttpClient.java:527) > > at > > sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:275) > > at > > sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371) > > at > > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt > > tpClient(AbstractDelegateHt
Re: [Users] Trusted Pools and CentOS 6 packages
This time it failed earlier. Looks like the PCA webservice2 was not listening on 8443 port. Have you replaced the port 8443 with 8442 in server side ($TOMCAT_HOME/conf/server.xml) but not change it in client side (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443 port is occupied by another app? Please copy the content from your current server.xml, OAT_client.sh, provisioner.sh and /etc/oat-client/* into the content of your reply for analysis. (don't attach *.sh as attachments, that will get filtered by my company's mailing system). Thanks Jimmy > -Original Message- > From: Nicolae Paladi [mailto:n.pal...@gmail.com] > Sent: Wednesday, November 13, 2013 7:01 PM > To: Wei, Gang > Cc: Doron Fediuck; users@ovirt.org > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > Hi, > > thank you for the feedback; > I've gone through the steps again, but obtained the exactly same problem: > > 1. I removed all of the previously installed packaged related to OAT. > > 2. I followed the tutorial, until this command: > > bash provisioner.sh > > provisioner.sh: line 7: systemctl: command not found > ### ecStorage = NVRAM### > Performing TPM provisioning...FAILED > javax.xml.ws.WebServiceException: Failed to access the WSDL at: > https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor > yService?wsdl. It failed with: > Connection refused. > at > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP > arser.java:162) > at > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j > ava:144) > at > com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav > a:265) > at > com.sun.xml.ws.client.WSServiceDelegate.(WSServiceDelegate.java:228) > at > com.sun.xml.ws.client.WSServiceDelegate.(WSServiceDelegate.java:176) > at > com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104 > ) > at javax.xml.ws.Service.(Service.java:77) > at > gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWebSer > vice2FactoryServiceService.(HisPrivacyCAWebService2FactoryServiceServi > ce.java:42) > at > gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWebSer > vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli > entInvoker.java:32) > at > gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205) > Caused by: java.net.ConnectException: Connection refused > at java.net.PlainSocketImpl.socketConnect(Native Method) > at > java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339 > ) > at > java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.j > ava:200) > at > java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182) > at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) > at java.net.Socket.connect(Socket.java:579) > at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618) > at > sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160) > at sun.net.NetworkClient.doConnect(NetworkClient.java:180) > at sun.net.www.http.HttpClient.openServer(HttpClient.java:432) > at sun.net.www.http.HttpClient.openServer(HttpClient.java:527) > at > sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:275) > at > sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt > tpClient(AbstractDelegateHttpsURLConnection.java:191) > at > sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec > tion.java:932) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A > bstractDelegateHttpsURLConnection.java:177) > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn > ection.java:1300) > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU > RLConnectionImpl.java:254) > at java.net.URL.openStream(URL.java:1037) > at > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD > LParser.java:804) > at > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL > Parser.java:262) > at > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j > ava:129) > ... 8 more > Failed to initialize the TPM, error 1 > Performing HIS identity provisioning...FAILED > gov.niarl.his.privacyca.TpmModule$TpmModuleException: > TpmM
Re: [Users] Trusted Pools and CentOS 6 packages
As I understand it, isn't the core issue that "/usr/share/oat-client/aik.cer" is never generated and causes the error, since it is missing? /Nicolae On 13 November 2013 12:01, Nicolae Paladi wrote: > Hi, > > thank you for the feedback; > I've gone through the steps again, but obtained the exactly same problem: > > 1. I removed all of the previously installed packaged related to OAT. > > 2. I followed the tutorial, until this command: > > bash provisioner.sh > provisioner.sh: line 7: systemctl: command not found > ### ecStorage = NVRAM### > Performing TPM provisioning...FAILED > javax.xml.ws.WebServiceException: Failed to access the WSDL at: > https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2FactoryService?wsdl. > It failed with: > Connection refused. > at > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:162) > at > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:144) > at > com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:265) > at > com.sun.xml.ws.client.WSServiceDelegate.(WSServiceDelegate.java:228) > at > com.sun.xml.ws.client.WSServiceDelegate.(WSServiceDelegate.java:176) > at > com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104) > at javax.xml.ws.Service.(Service.java:77) > at > gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWebService2FactoryServiceService.(HisPrivacyCAWebService2FactoryServiceService.java:42) > at > gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWebServices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2ClientInvoker.java:32) > at > gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205) > Caused by: java.net.ConnectException: Connection refused > at java.net.PlainSocketImpl.socketConnect(Native Method) > at > java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339) > at > java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200) > at > java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182) > at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) > at java.net.Socket.connect(Socket.java:579) > at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618) > at > sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160) > at sun.net.NetworkClient.doConnect(NetworkClient.java:180) > at sun.net.www.http.HttpClient.openServer(HttpClient.java:432) > at sun.net.www.http.HttpClient.openServer(HttpClient.java:527) > at > sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:275) > at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191) > at > sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:932) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177) > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300) > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) > at java.net.URL.openStream(URL.java:1037) > at > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:804) > at > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDLParser.java:262) > at > com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:129) > ... 8 more > Failed to initialize the TPM, error 1 > Performing HIS identity provisioning...FAILED > gov.niarl.his.privacyca.TpmModule$TpmModuleException: > TpmModule.getCredential returned nonzero error: 2() > at > gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594) > at > gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.java:217) > Failed to receive AIC from Privacy CA, error 1 > Registering identity with server...FAILED > java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file > or directory) > at java.io.FileInputStream.open(Native Method) > at java.io.FileInputStream.(FileInputStream.java:146) > at java.io.FileInputStream.(FileInputStream.java:101) > at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) > at > gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99) > Failed to register identity with appraiser, error 1 > > Should I have updated anything else? > > cheers, > /Nicolae. > > > > On 1 November 2013 10:14, Wei, Gang wrote: > >> This is indeed an issue caused by the incompa
Re: [Users] Trusted Pools and CentOS 6 packages
Hi, thank you for the feedback; I've gone through the steps again, but obtained the exactly same problem: 1. I removed all of the previously installed packaged related to OAT. 2. I followed the tutorial, until this command: bash provisioner.sh provisioner.sh: line 7: systemctl: command not found ### ecStorage = NVRAM### Performing TPM provisioning...FAILED javax.xml.ws.WebServiceException: Failed to access the WSDL at: https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2FactoryService?wsdl. It failed with: Connection refused. at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:162) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:144) at com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:265) at com.sun.xml.ws.client.WSServiceDelegate.(WSServiceDelegate.java:228) at com.sun.xml.ws.client.WSServiceDelegate.(WSServiceDelegate.java:176) at com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104) at javax.xml.ws.Service.(Service.java:77) at gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWebService2FactoryServiceService.(HisPrivacyCAWebService2FactoryServiceService.java:42) at gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWebServices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2ClientInvoker.java:32) at gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205) Caused by: java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:579) at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618) at sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160) at sun.net.NetworkClient.doConnect(NetworkClient.java:180) at sun.net.www.http.HttpClient.openServer(HttpClient.java:432) at sun.net.www.http.HttpClient.openServer(HttpClient.java:527) at sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:275) at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:932) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) at java.net.URL.openStream(URL.java:1037) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:804) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDLParser.java:262) at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:129) ... 8 more Failed to initialize the TPM, error 1 Performing HIS identity provisioning...FAILED gov.niarl.his.privacyca.TpmModule$TpmModuleException: TpmModule.getCredential returned nonzero error: 2() at gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594) at gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.java:217) Failed to receive AIC from Privacy CA, error 1 Registering identity with server...FAILED java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.(FileInputStream.java:146) at java.io.FileInputStream.(FileInputStream.java:101) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99) Failed to register identity with appraiser, error 1 Should I have updated anything else? cheers, /Nicolae. On 1 November 2013 10:14, Wei, Gang wrote: > This is indeed an issue caused by the incompatibility between OAT tpm > access > code & tpm-tools(tpm_takeownership -z). It has already been fixed. Please > follow below wiki and try again. > https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Recipe > . > > Thanks > Jimmy > > Nicolae Paladi wrote on 2013-10-28: > > Hi, I've followed the recipe > > ( > https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec
Re: [Users] Trusted Pools and CentOS 6 packages
This is indeed an issue caused by the incompatibility between OAT tpm access code & tpm-tools(tpm_takeownership -z). It has already been fixed. Please follow below wiki and try again. https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Recipe. Thanks Jimmy Nicolae Paladi wrote onĀ 2013-10-28: > Hi, I've followed the recipe > (https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec > i pe) but didn't get it to run yet; I think a step is missing -- the AIK > is not available is /usr/share/oat-client (it was not available in > /var/lig/oat-appraiser/ClientFiles either); when I try to run > provisioner.sh, I get the following: provisioner.sh: line 7: systemctl: > command not found ### ecStorage = NVRAM### Performing TPM > provisioning...710 DONE Successfully initialized TPM Performing HIS > identity provisioning...FAILED java.util.NoSuchElementException > at java.util.StringTokenizer.nextToken(StringTokenizer.java:349) > at > gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21 > 5) > at > gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29 > 2) > at > gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione > r.java: 225) Failed to receive AIC from Privacy CA, error 1 Registering > identity with server...FAILED java.io.FileNotFoundException: > /usr/share/oat-client/aik.cer (No such file or directory) > at java.io.FileInputStream.open(Native Method) > at java.io.FileInputStream.(FileInputStream.java:137) > at java.io.FileInputStream.(FileInputStream.java:96) > at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) > at > gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99 ) > Failed to register identity with appraiser, error 1 > > > > Thanks, > /Nicolae > > > On 27 October 2013 22:55, Nicolae Paladi wrote: > > > Awesome, thanks! > > I'll try this out in the morning > > /Nicolae > > > On 27 October 2013 17:03, Wei, Gang wrote: > > > Please refer to > > https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL- > Recipe. > > Jimmy smime.p7s Description: S/MIME cryptographic signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Trusted Pools and CentOS 6 packages
Awesome, thanks! I'll try this out in the morning /Nicolae On 27 October 2013 17:03, Wei, Gang wrote: > Please refer to > https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Recipe > . > > Jimmy > > > > -Original Message- > > From: Doron Fediuck [mailto:dfedi...@redhat.com] > > Sent: Sunday, October 27, 2013 11:53 PM > > To: Nicolae Paladi > > Cc: users@ovirt.org; Wei, Gang > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > > > > > > > - Original Message - > > > From: "Nicolae Paladi" > > > To: users@ovirt.org > > > Sent: Friday, October 25, 2013 7:16:30 PM > > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > > > > > Doron Fediuck writes: > > > > > > > > > > > - Original Message - > > > > > From: "Gianluca Cecchi" > > > > > To: "Doron Fediuck" > > > > > Cc: "Wei D Chen" , "users" > > > > , "Mei Yu" > > > > , "Ofri Masad" > > > > > , "Gang Wei" > > > > > Sent: Tuesday, June 11, 2013 2:29:54 AM > > > > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > > > > > > > > > On Mon, Jun 10, 2013 at 6:36 PM, Doron Fediuck wrote: > > > > > > > > > > > > > > > > > That's nice of Jimmy to assist. > > > > > > Are you trying out the oVirt TCP feature or will you be using OAT > > > > > > for something else? > > > > > > > > > > Actually the need was for OpenStack environment, but I'm going to > test > > > > > oVirt node too. > > > > > > > > > > Gianluca > > > > > > > > > > > > > Thanks for the info. > > > > Note that openstack and ovirt are using the same OAT infra, > > > > but implementing the logic in a different way. > > > > Let me know f you have a specific use case so I'll be able to > > > > provide additional details. > > > > > > > > > > > > > Hi, > > > > > > I have an environment where the oat-server is on a Ubuntu, while > > > the compute hosts are CentOS servers. > > > > > > I have installed the packages for the oat-server from the Ubuntu > > > repositories, and there is indeed a "ClientFiles" directory, but > > > but it lacks installation files (just the following: > > > endorsement.p12 install.bat lib OAT.properties > > OATprovisioner.properties > > > PrivacyCA.cer TrustStore.jks) > > > > > > > > > The questions are: > > > * are there packages for centos 6.4 available? > > > * how can the client files be generated by the oat-server? > > > > > > cheers, > > > /Nicolae > > > > > > > Hi Nicolae, > > Adding Jimmy for RPM updates. > > Jimmy, are you packaging the OAT for el6 and where can it be found? > > > > Also, some of the issues are available here: > > http://www.ovirt.org/Trusted_compute_pools_deployment > > > > Doron > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Trusted Pools and CentOS 6 packages
Hi, I've followed the recipe ( https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Recipe) but didn't get it to run yet; I think a step is missing -- the AIK is not available is /usr/share/oat-client (it was not available in /var/lig/oat-appraiser/ClientFiles either); when I try to run provisioner.sh, I get the following: provisioner.sh: line 7: systemctl: command not found ### ecStorage = NVRAM### Performing TPM provisioning...710 DONE Successfully initialized TPM Performing HIS identity provisioning...FAILED java.util.NoSuchElementException at java.util.StringTokenizer.nextToken(StringTokenizer.java:349) at gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:215) at gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:292) at gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.java:225) Failed to receive AIC from Privacy CA, error 1 Registering identity with server...FAILED java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.(FileInputStream.java:137) at java.io.FileInputStream.(FileInputStream.java:96) at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) at gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99) Failed to register identity with appraiser, error 1 Thanks, /Nicolae On 27 October 2013 22:55, Nicolae Paladi wrote: > Awesome, thanks! > > I'll try this out in the morning > > /Nicolae > > > On 27 October 2013 17:03, Wei, Gang wrote: > >> Please refer to >> >> https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Recipe >> . >> >> Jimmy >> >> >> > -Original Message- >> > From: Doron Fediuck [mailto:dfedi...@redhat.com] >> > Sent: Sunday, October 27, 2013 11:53 PM >> > To: Nicolae Paladi >> > Cc: users@ovirt.org; Wei, Gang >> > Subject: Re: [Users] Trusted Pools and CentOS 6 packages >> > >> > >> > >> > ----- Original Message - >> > > From: "Nicolae Paladi" >> > > To: users@ovirt.org >> > > Sent: Friday, October 25, 2013 7:16:30 PM >> > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages >> > > >> > > Doron Fediuck writes: >> > > >> > > > >> > > > - Original Message - >> > > > > From: "Gianluca Cecchi" >> > > > > To: "Doron Fediuck" >> > > > > Cc: "Wei D Chen" , "users" >> > > > , "Mei Yu" >> > > > , "Ofri Masad" >> > > > > , "Gang Wei" >> > > > > Sent: Tuesday, June 11, 2013 2:29:54 AM >> > > > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages >> > > > > >> > > > > On Mon, Jun 10, 2013 at 6:36 PM, Doron Fediuck wrote: >> > > > > >> > > > > > >> > > > > > That's nice of Jimmy to assist. >> > > > > > Are you trying out the oVirt TCP feature or will you be using >> OAT >> > > > > > for something else? >> > > > > >> > > > > Actually the need was for OpenStack environment, but I'm going to >> test >> > > > > oVirt node too. >> > > > > >> > > > > Gianluca >> > > > > >> > > > >> > > > Thanks for the info. >> > > > Note that openstack and ovirt are using the same OAT infra, >> > > > but implementing the logic in a different way. >> > > > Let me know f you have a specific use case so I'll be able to >> > > > provide additional details. >> > > > >> > > >> > > >> > > Hi, >> > > >> > > I have an environment where the oat-server is on a Ubuntu, while >> > > the compute hosts are CentOS servers. >> > > >> > > I have installed the packages for the oat-server from the Ubuntu >> > > repositories, and there is indeed a "ClientFiles" directory, but >> > > but it lacks installation files (just the following: >> > > endorsement.p12 install.bat lib OAT.properties >> > OATprovisioner.properties >> > > PrivacyCA.cer TrustStore.jks) >> > > >> > > >> > > The questions are: >> > > * are there packages for centos 6.4 available? >> > > * how can the client files be generated by the oat-server? >> > > >> > > cheers, >> > > /Nicolae >> > > >> > >> > Hi Nicolae, >> > Adding Jimmy for RPM updates. >> > Jimmy, are you packaging the OAT for el6 and where can it be found? >> > >> > Also, some of the issues are available here: >> > http://www.ovirt.org/Trusted_compute_pools_deployment >> > >> > Doron >> > > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Trusted Pools and CentOS 6 packages
Please refer to https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Recipe. Jimmy > -Original Message- > From: Doron Fediuck [mailto:dfedi...@redhat.com] > Sent: Sunday, October 27, 2013 11:53 PM > To: Nicolae Paladi > Cc: users@ovirt.org; Wei, Gang > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > > > - Original Message - > > From: "Nicolae Paladi" > > To: users@ovirt.org > > Sent: Friday, October 25, 2013 7:16:30 PM > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > > > Doron Fediuck writes: > > > > > > > > - Original Message - > > > > From: "Gianluca Cecchi" > > > > To: "Doron Fediuck" > > > > Cc: "Wei D Chen" , "users" > > > , "Mei Yu" > > > , "Ofri Masad" > > > > , "Gang Wei" > > > > Sent: Tuesday, June 11, 2013 2:29:54 AM > > > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > > > > > > > On Mon, Jun 10, 2013 at 6:36 PM, Doron Fediuck wrote: > > > > > > > > > > > > > > That's nice of Jimmy to assist. > > > > > Are you trying out the oVirt TCP feature or will you be using OAT > > > > > for something else? > > > > > > > > Actually the need was for OpenStack environment, but I'm going to test > > > > oVirt node too. > > > > > > > > Gianluca > > > > > > > > > > Thanks for the info. > > > Note that openstack and ovirt are using the same OAT infra, > > > but implementing the logic in a different way. > > > Let me know f you have a specific use case so I'll be able to > > > provide additional details. > > > > > > > > > Hi, > > > > I have an environment where the oat-server is on a Ubuntu, while > > the compute hosts are CentOS servers. > > > > I have installed the packages for the oat-server from the Ubuntu > > repositories, and there is indeed a "ClientFiles" directory, but > > but it lacks installation files (just the following: > > endorsement.p12 install.bat lib OAT.properties > OATprovisioner.properties > > PrivacyCA.cer TrustStore.jks) > > > > > > The questions are: > > * are there packages for centos 6.4 available? > > * how can the client files be generated by the oat-server? > > > > cheers, > > /Nicolae > > > > Hi Nicolae, > Adding Jimmy for RPM updates. > Jimmy, are you packaging the OAT for el6 and where can it be found? > > Also, some of the issues are available here: > http://www.ovirt.org/Trusted_compute_pools_deployment > > Doron smime.p7s Description: S/MIME cryptographic signature ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Trusted Pools and CentOS 6 packages
- Original Message - > From: "Nicolae Paladi" > To: users@ovirt.org > Sent: Friday, October 25, 2013 7:16:30 PM > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > Doron Fediuck writes: > > > > > - Original Message - > > > From: "Gianluca Cecchi" > > > To: "Doron Fediuck" > > > Cc: "Wei D Chen" , "users" > > , "Mei Yu" > > , "Ofri Masad" > > > , "Gang Wei" > > > Sent: Tuesday, June 11, 2013 2:29:54 AM > > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > > > > > On Mon, Jun 10, 2013 at 6:36 PM, Doron Fediuck wrote: > > > > > > > > > > > That's nice of Jimmy to assist. > > > > Are you trying out the oVirt TCP feature or will you be using OAT > > > > for something else? > > > > > > Actually the need was for OpenStack environment, but I'm going to test > > > oVirt node too. > > > > > > Gianluca > > > > > > > Thanks for the info. > > Note that openstack and ovirt are using the same OAT infra, > > but implementing the logic in a different way. > > Let me know f you have a specific use case so I'll be able to > > provide additional details. > > > > > Hi, > > I have an environment where the oat-server is on a Ubuntu, while > the compute hosts are CentOS servers. > > I have installed the packages for the oat-server from the Ubuntu > repositories, and there is indeed a "ClientFiles" directory, but > but it lacks installation files (just the following: > endorsement.p12 install.bat lib OAT.properties OATprovisioner.properties > PrivacyCA.cer TrustStore.jks) > > > The questions are: > * are there packages for centos 6.4 available? > * how can the client files be generated by the oat-server? > > cheers, > /Nicolae > Hi Nicolae, Adding Jimmy for RPM updates. Jimmy, are you packaging the OAT for el6 and where can it be found? Also, some of the issues are available here: http://www.ovirt.org/Trusted_compute_pools_deployment Doron ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Trusted Pools and CentOS 6 packages
Doron Fediuck writes: > > - Original Message - > > From: "Gianluca Cecchi" > > To: "Doron Fediuck" > > Cc: "Wei D Chen" , "users" > , "Mei Yu" > , "Ofri Masad" > > , "Gang Wei" > > Sent: Tuesday, June 11, 2013 2:29:54 AM > > Subject: Re: [Users] Trusted Pools and CentOS 6 packages > > > > On Mon, Jun 10, 2013 at 6:36 PM, Doron Fediuck wrote: > > > > > > > > That's nice of Jimmy to assist. > > > Are you trying out the oVirt TCP feature or will you be using OAT > > > for something else? > > > > Actually the need was for OpenStack environment, but I'm going to test > > oVirt node too. > > > > Gianluca > > > > Thanks for the info. > Note that openstack and ovirt are using the same OAT infra, > but implementing the logic in a different way. > Let me know f you have a specific use case so I'll be able to > provide additional details. > Hi, I have an environment where the oat-server is on a Ubuntu, while the compute hosts are CentOS servers. I have installed the packages for the oat-server from the Ubuntu repositories, and there is indeed a "ClientFiles" directory, but but it lacks installation files (just the following: endorsement.p12 install.bat lib OAT.properties OATprovisioner.properties PrivacyCA.cer TrustStore.jks) The questions are: * are there packages for centos 6.4 available? * how can the client files be generated by the oat-server? cheers, /Nicolae ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Trusted Pools and CentOS 6 packages
On Mon, Jun 10, 2013 at 6:36 PM, Doron Fediuck wrote: > > That's nice of Jimmy to assist. > Are you trying out the oVirt TCP feature or will you be using OAT > for something else? Actually the need was for OpenStack environment, but I'm going to test oVirt node too. Gianluca ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Trusted Pools and CentOS 6 packages
Il giorno 10/giu/2013 18:23, "Doron Fediuck" ha scritto: > > - Original Message - > > From: "Gianluca Cecchi" > > To: "users" > > Sent: Wednesday, June 5, 2013 12:02:01 PM > > Subject: [Users] Trusted Pools and CentOS 6 packages > > > > Hello, > > based on > > http://www.ovirt.org/Trusted_compute_pools_deployment#Provision_White_List_Database > > > > > > The commands of kind: > > > > bash_oat_cert .. > > bash oat_oem ... > > > > are to be run on hypervisor host side, correct? > > > > Where can I find these packages for CentOS 6? > > > > Thanks in advance > > > > Gianluca > > > > PS: I took the time to correct a typo in client section where it said > > "Yum Install oat server package from fedora19 repository" instead of > > "Yum Install oat client package from fedora19 repository" > > Hi Gianluca, > Thanks for the wiki update! > > The relevant guys handling OAT are currently in a public holiday, > so expect a response within 2-3 days. > > Please ping me if no one answers to you in this time frame. > Doron Hi, In the mean time Jimmy (Gang Wei) let me notice for another task that on oat server, where I built the packages, there is a generated "CommandTool" directory and I can directly copy its contents to the client (the oVirt node in our scenario) and use them to register with oat server Gianluca ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users