Hi, Raymond,
I think permissions are correct, in setup.log I don't see ERRORs, the line:
"il proprietario di `/var/sipxdata/certdb' è stato cambiato in
sipxchange:sipxchange"
confirms that /var/sipxdata/certdb is owned by sipxchange. Is this right?
Here my setup.log file:
"2009-04-21T18:10:42.069109Z":0:SETUP:INFO::setup:0:sipxecs-setup:setup:"Start
4.1.0-015219"
"2009-04-21T18:10:42.074589Z":0:SETUP:INFO::setup:0:sipxecs-setup:setup:"---
1 Start sipXecs Services Setup"
"2009-04-21T18:10:45.022592Z":0:SETUP:INFO::setup:0:sipxecs-setup:setup:"---
10 Get System Type"
"2009-04-21T18:10:47.087458Z":0:SETUP:INFO::setup:0:sipxecs-setup:setup:"First
System selected"
"2009-04-21T18:10:47.087676Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"Host
Name 'tst-sipxm.tstcsi.it'"
"2009-04-21T18:10:47.087698Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"Domain
Name 'tstcsi.it'"
"2009-04-21T18:10:47.087702Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"---
15 Get Network Parameters"
"2009-04-21T18:10:48.089043Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"Read
network info from /etc/sysconfig/network-scripts/ifcfg-eth0"
"2009-04-21T18:10:48.089062Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"Writing
/etc/sipxpbx/sipxconfig-netif"
"2009-04-21T18:10:48.089066Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"IpAddress=158.102.29.200\nNetMask=255.255.255.0"
"2009-04-21T18:10:48.089138Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"Setting
ownership of '/etc/sipxpbx/sipxconfig-netif' using:\n chown -v
sipxchange:sipxchange /etc/sipxpbx/sipxconfig-netif"
"2009-04-21T18:10:48.092001Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"il
proprietario di `/etc/sipxpbx/sipxconfig-netif' è stato cambiato in
sipxchange:sipxchange"
"2009-04-21T18:10:48.092065Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"Setting
access to '/etc/sipxpbx/sipxconfig-netif' using:\n chmod -v
u=rw,g=rw,o= /etc/sipxpbx/sipxconfig-netif"
"2009-04-21T18:10:48.094224Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"il
modo di `/etc/sipxpbx/sipxconfig-netif' è diventato 0660 (rw-rw----)"
"2009-04-21T18:10:48.094293Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"---
20 Get SIP Domain Name"
"2009-04-21T18:10:55.036997Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"
SipDomain : tstcsi.it"
"2009-04-21T18:10:55.037040Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"---
30 Set SIP Domain Name and Realm"
"2009-04-21T18:10:56.037223Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"---
domain-config ---"
"2009-04-21T18:10:56.037385Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"Setting
ownership of '/etc/sipxpbx/domain-config' using:\n chown -v
sipxchange:sipxchange /etc/sipxpbx/domain-config"
"2009-04-21T18:10:56.039774Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"il
proprietario di `/etc/sipxpbx/domain-config' è stato cambiato in
sipxchange:sipxchange"
"2009-04-21T18:10:56.039845Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"Setting
access to '/etc/sipxpbx/domain-config' using:\n chmod -v u=rw,g=rw,o=
/etc/sipxpbx/domain-config"
"2009-04-21T18:10:56.042236Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"il
modo di `/etc/sipxpbx/domain-config' è diventato 0660 (rw-rw----)"
"2009-04-21T18:10:56.042332Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"SIP_DOMAIN_NAME
: tstcsi.it\nSIP_REALM : tstcsi.it\nSUPERVISOR_PORT : 8092\nCONFIG_HOSTS
: tst-sipxm.tstcsi.it"
"2009-04-21T18:10:56.042365Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"---
40 Generate TLS/SSL Certificate"
"2009-04-21T18:10:56.042388Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"---
Setting Certificate Parameters"
"2009-04-21T18:10:56.042506Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"created
directory '/var/sipxdata/certdb'"
"2009-04-21T18:10:56.042521Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"Setting
ownership of '/var/sipxdata/certdb' using:\n chown -v
sipxchange:sipxchange /var/sipxdata/certdb"
"2009-04-21T18:10:56.044742Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"il
proprietario di `/var/sipxdata/certdb' è stato cambiato in
sipxchange:sipxchange"
"2009-04-21T18:10:56.044849Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"Setting
access to '/var/sipxdata/certdb' using:\n chmod -v u=rwx,g=rwx,o=
/var/sipxdata/certdb"
"2009-04-21T18:10:56.047163Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"il
modo di `/var/sipxdata/certdb' è diventato 0770 (rwxrwx---)"
"2009-04-21T18:10:56.047251Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"countryName=\"US\"\nstateOrProvinceName=\"AnyState\"\nlocalityName=\"AnyTown\"\norganizationName=\"tstcsi.it\"\norganizationalUnitName=\"sipXecs\"\ncaName=\"ca.tst-sipxm.tstcsi.it\"\ncaEmail=\"[email protected]\"\nsipDomainName=\"tstcsi.it\"\nserver=\"tst-sipxm.tstcsi.it\"\nserverEmail=\"[email protected]\""
"2009-04-21T18:10:56.047304Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"Setting
ownership of 'SSL_DEFAULTS' using:\n chown -v sipxchange:sipxchange
SSL_DEFAULTS"
"2009-04-21T18:10:56.049843Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"il
proprietario di `SSL_DEFAULTS' è stato cambiato in sipxchange:sipxchange"
"2009-04-21T18:10:56.049925Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"Setting
access to 'SSL_DEFAULTS' using:\n chmod -v u=rw,g=rw,o= SSL_DEFAULTS"
"2009-04-21T18:10:56.052476Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"il
modo di `SSL_DEFAULTS' è diventato 0660 (rw-rw----)"
"2009-04-21T18:10:57.053124Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"generating
ssl certs at 2009-04-21 18:10:57 +000"
"2009-04-21T18:11:03.025762Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"Recursively
setting ownership of '/var/sipxdata/certdb' using:\n chown -R -v
sipxchange:sipxchange /var/sipxdata/certdb"
"2009-04-21T18:11:03.028230Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"il
proprietario di `/var/sipxdata/certdb/rnd_seed' è stato cambiato in
sipxchange:sipxchange\nil proprietario di
`/var/sipxdata/certdb/authorities.jks' è stato cambiato in
sipxchange:sipxchange\nil proprietario di
`/var/sipxdata/certdb/tst-sipxm.tstcsi.it.keystore' è stato cambiato in
sipxchange:sipxchange\nil proprietario di
`/var/sipxdata/certdb/tst-sipxm.tstcsi.it.key' è stato cambiato in
sipxchange:sipxchange\nil proprietario di
`/var/sipxdata/certdb/tst-sipxm.tstcsi.it.crt' è stato cambiato in
sipxchange:sipxchange\nil proprietario di
`/var/sipxdata/certdb/tst-sipxm.tstcsi.it.csr' è stato cambiato in
sipxchange:sipxchange\nil proprietario di
`/var/sipxdata/certdb/ca.tst-sipxm.tstcsi.it.crt' è stato cambiato in
sipxchange:sipxchange\nil proprietario di
`/var/sipxdata/certdb/ca.tst-sipxm.tstcsi.it.key' è stato cambiato in
sipxchange:sipxchange\nil proprietario di
`/var/sipxdata/certdb/tst-sipxm.tstcsi.it.p12' è stato cambiato in
sipxchange:sipxchange\nil proprietario di
`/var/sipxdata/certdb/ca.tst-sipxm.tstcsi.it.der' è stato cambiato in
sipxchange:sipxchange\nil proprietario di
`/var/sipxdata/certdb/ca.tst-sipxm.tstcsi.it.ser' è stato cambiato in
sipxchange:sipxchange\nil proprietario di
`/var/sipxdata/certdb/ca.tst-sipxm.tstcsi.it.csr' è stato cambiato in
sipxchange:sipxchange\nil proprietario di
`/var/sipxdata/certdb/SSL_DEFAULTS' è rimasto sipxchange:sipxchange\nil
proprietario di `/var/sipxdata/certdb' è rimasto sipxchange:sipxchange"
"2009-04-21T18:11:03.028458Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"\n
We need some information from you to generate the certificates:\n\n
Country Name (2 letter code): US\n State or Province Name (full name):
AnyState\n Locality Name (eg, city): AnyTown\n Organization Name (eg,
company): tstcsi.it\n Organization Unit Name (eg, section):
sipXecs\n\n______________________________________________________________________\nIdentifying
information for your private Certificate Authority (CA)\n\n CA Common
Name: ca.tst-sipxm.tstcsi.it\n Email Contact Address for CA
([email protected]):
[email protected]\n\n______________________________________________________________________\nidentifying
information for the server:\n\n Full DNS name for the server:
tst-sipxm.tstcsi.it\n\n______________________________________________________________________\nIdentifying
information for the SIP domain:\n\n SIP domain name: tstcsi.it\n Email
Contact Address ([email protected]):
[email protected]\n\ngenerating private Certificate Authority
(CA)\n______________________________________________________________________\n\n\n
Generating RSA private key for CA (2048
bit)\n\n______________________________________________________________________\n\n
Generating X.509 certificate signing request for
CA\n______________________________________________________________________\n\n
Generating X.509 certificate for CA signed by
itself\n______________________________________________________________________\n\nVerify...CA
certificate OK\n\nGenerating server certificate request
[tst-sipxm.tstcsi.it]\n______________________________________________________________________\n\n
Generating RSA private key for server (1024
bit)\n______________________________________________________________________\n\n
Generating X.509 certificate signing request for
'tst-sipxm.tstcsi.it'\n______________________________________________________________________\n\n
Generating X.509 certificate signed by
ca.tst-sipxm.tstcsi.it\n______________________________________________________________________\n\n
Generating PKCS#12
package\n______________________________________________________________________\n\n
Generating Java Key Store
\n______________________________________________________________________\n\n
Generating Java Trust Store \nIl
certificato è stato aggiunto al
keystore\n______________________________________________________________________\n\n
Verify pem format certificates\n\n tst-sipxm.tstcsi.it.crt
...ok\nServer certificates OK\n\n To install your certificate, run the
following command\n as root on the server:\n\n
/usr/bin/ssl-cert/install-cert.sh"
"2009-04-21T18:11:03.028520Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"---
60 Install TLS/SSL Certificate"
"2009-04-21T18:11:06.058982Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"Checking
the 'tst-sipxm.tstcsi.it' certificate\nInstalling
'ca.tst-sipxm.tstcsi.it.crt' certificate as a trusted
CA\n`ca.tst-sipxm.tstcsi.it.crt' ->
`/etc/sipxpbx/ssl/authorities/ca.tst-sipxm.tstcsi.it.crt'\nhashing
/etc/sipxpbx/ssl/authorities\nca.tst-sipxm.tstcsi.it.crt =>
be179e3d.0\nInstalling the 'tst-sipxm.tstcsi.it' certificate (pem
format)\n`tst-sipxm.tstcsi.it.crt' ->
`/etc/sipxpbx/ssl/ssl.crt'\nInstalling the 'tst-sipxm.tstcsi.it' private
key\n`tst-sipxm.tstcsi.it.key' -> `/etc/sipxpbx/ssl/ssl.key'\nInstalling
the 'tst-sipxm.tstcsi.it' Java keystore\n`tst-sipxm.tstcsi.it.keystore'
-> `/etc/sipxpbx/ssl/ssl.keystore'\nGenerating web cert
automatically\n`tst-sipxm.tstcsi.it.crt' ->
`/etc/sipxpbx/ssl/ssl-web.crt'\nInstalling the 'tst-sipxm.tstcsi.it'
private key\n`tst-sipxm.tstcsi.it.key' ->
`/etc/sipxpbx/ssl/ssl-web.key'\nInstalling the 'tst-sipxm.tstcsi.it'
Java keystore\n`tst-sipxm.tstcsi.it.keystore' ->
`/etc/sipxpbx/ssl/ssl-web.keystore'\nChecking the installed
certificate\nInstalling the 'tst-sipxm.tstcsi.it' certificate (pkcs12
format)\n`tst-sipxm.tstcsi.it.crt' ->
`/etc/sipxpbx/ssl/ssl.p12'\nInstalling the 'tst-sipxm.tstcsi.it'
certificate (pkcs12 format)\n`tst-sipxm.tstcsi.it.crt' ->
`/etc/sipxpbx/ssl/ssl-web.p12'\nInstalling the authorities.jks
file\n`authorities.jks' -> `/etc/sipxpbx/ssl/authorities.jks'\n\n Your
TLS/SSL security is now configured.\n\n\n Your server certificate will
expire Apr 20 18:11:00 2012 GMT. "
"2009-04-21T18:11:06.059049Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"---
70 Enabling sipXconfig"
"2009-04-21T18:11:06.059175Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"Setting
ownership of '/var/sipxdata/process-state/ConfigServer' using:\n chown
-v sipxchange:sipxchange /var/sipxdata/process-state/ConfigServer"
"2009-04-21T18:11:06.061944Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"il
proprietario di `/var/sipxdata/process-state/ConfigServer' è stato
cambiato in sipxchange:sipxchange"
"2009-04-21T18:11:06.062050Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"Setting
access to '/var/sipxdata/process-state/ConfigServer' using:\n chmod -v
u=rw,g=rw,o= /var/sipxdata/process-state/ConfigServer"
"2009-04-21T18:11:06.064522Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"il
modo di `/var/sipxdata/process-state/ConfigServer' è diventato 0660
(rw-rw----)"
"2009-04-21T18:11:06.064604Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"---
90 Configuring sipXecs Autostart"
"2009-04-21T18:11:06.068447Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"configure
postgresql service autostart:"
"2009-04-21T18:11:06.070880Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:""
"2009-04-21T18:11:06.070948Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"configure
sipxecs service autostart:"
"2009-04-21T18:11:06.075131Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:""
"2009-04-21T18:11:06.075208Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"---
95 Refreshing configuration database"
"2009-04-21T18:11:08.009330Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:""
"2009-04-21T18:11:08.009411Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"---
100 Ready"
"2009-04-21T18:11:11.006179Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:"---
Exit to shell ---"
"2009-04-21T18:11:11.006427Z":0:SETUP:INFO:tst-sipxm.tstcsi.it:setup:0:sipxecs-setup:setup:""
Raymond Dans ha scritto:
> Gmb wrote:
>
>
>> in my case isn't a permission error, all file in
>> /var/sipxdata/certdb are owned by sipxchange:sipxchange. Where
>> can i found a more detailed log, if exists?
>>
>>
> Check the permissions on /var/log/sipxpbx/setup.log. I believe the revision
> you were using 015219 still logged output from gen-ssl-keys.sh to this file.
> If the permissions are incorrect (should be owned by sipxchange) then it will
> fail logging and cause a failure in gen-ssl-keys.sh when setting up the
> Distributed Server.
>
>
>> Thanks
>>
>>>> Subject: [sipX-dev] Problem adding new server
>>>>
>>>> Hi,
>>>> I'm trying sipx 4.1.0-015219, I've encountered a problem when I was
>>>> trying to add a new server as HA configuration:
>>>>
>>>> â
>>>> https://tst-sipxm.tstcsi.it:8443/sipxconfig/initial-config/ â â
>>>> â tst-sipxs.tstcsi.it
>>>> â
>>>> â exception tarfile.ReadError
>>>> â
>>>> â file could not be opened successfully
>>>> â
>>>> â headers
>>>> â
>>>> â Date: Wed, 22 Apr 2009 12:21:00 GMT^M
>>>> â
>>>> â Server: Jetty/5.1.4 (Linux/2.6.18-92.el5 i386
>>>> java/1.6.0_07^M â
>>>> â Expires: Thu, 01 Jan 1970 00:00:00 GMT^M
>>>> â
>>>> â Cache-Control: must-revalidate, post-check=0,
>>>> pre-check=0^M â
>>>> â Pragma: public^M
>>>> â
>>>> â Content-Disposition: attachment;
>>>> â
>>>> â filename="tst-sipxs.tstcsi.it.tar.gz"^M
>>>> â
>>>> â Content-Type: text/html^M
>>>> â
>>>> â Set-Cookie:
>>>> JSESSIONID=30r4rgfvl82d9;Path=/sipxconfig^M â
>>>> â Content-Length: 1282^M
>>>> â
>>>> â Connection: close^M
>>>>
>>>> What's wrong?
>>>> Thanks
>>>>
>>>>
>>>>
>>> Should check the file ownership under the primary server directory
>>> /var/sipxdata/certdb, the files should owned by
>>>
>> sipxchange:sipxchange
>>
>>> (or whatever your sipx user is).
>>>
>>> Dave.
>>>
>>>
>>>
>
> Raymond
>
>
_______________________________________________
sipx-dev mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-dev
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
