Bug 1214859
Summary: | password interface needs to be updated to support nuxwdog | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Matthew Harmsen <mharmsen> | |
Component: | tomcatjss | Assignee: | Christina Fu <cfu> | |
Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> | |
Severity: | high | Docs Contact: | ||
Priority: | high | |||
Version: | 7.1 | CC: | alee, arubin, cfu, dennis, edewata, extras-qa, gsterlin, jherrman, mharmsen, nkinder, rpattath | |
Target Milestone: | rc | Keywords: | Rebase, ZStream | |
Target Release: | 7.2 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | tomcatjss-7.1.2-1.el7 | Doc Type: | Rebase: Bug Fixes and Enhancements | |
Doc Text: |
The tomcatjss package has been upgraded to upstream version 7.1.2, which provides a number of bug fixes and enhancements over the previous version. Notably, the getPassword method for the tomcatjss utility has been enhanced to optionally include a counter to track the number of retries, which enables tomcatjss to interact with the nuxwdog daemon and allow multiple retries for a password retrieval.
|
Story Points: | --- | |
Clone Of: | 1214858 | |||
: | 1216090 (view as bug list) | Environment: | ||
Last Closed: | 2015-11-19 04:49:05 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1214858 | |||
Bug Blocks: | 1216090 |
Description
Matthew Harmsen
2015-04-23 16:59:48 UTC
[root@cloud-qe-7 ~]# rpm -qi tomcatjss Name : tomcatjss Version : 7.1.2 Release : 1.el7 Architecture: noarch Install Date: Wed 26 Aug 2015 03:46:46 PM EDT Group : System Environment/Libraries Size : 49694 License : LGPLv2+ Signature : RSA/SHA256, Wed 05 Aug 2015 06:20:33 AM EDT, Key ID 938a80caf21541eb Source RPM : tomcatjss-7.1.2-1.el7.src.rpm Build Date : Thu 23 Apr 2015 05:16:52 PM EDT Build Host : ppc-020.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://pki.fedoraproject.org/ Summary : JSSE implementation using JSS for Tomcat [root@cloud-qe-7 ~]# rpm -qi nuxwdog Name : nuxwdog Version : 1.0.3 Release : 2.el7 Architecture: x86_64 Install Date: Wed 26 Aug 2015 03:45:21 PM EDT Group : System Environment/Libraries Size : 119114 License : LGPLv2 and (GPL+ or Artistic) Signature : RSA/SHA256, Wed 05 Aug 2015 04:36:27 AM EDT, Key ID 938a80caf21541eb Source RPM : nuxwdog-1.0.3-2.el7.src.rpm Build Date : Wed 17 Jun 2015 05:02:06 PM EDT Build Host : x86-018.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://www.redhat.com/certificate_system Summary : Watchdog server to start and stop processes, and prompt for passwords [root@cloud-qe-7 ~]# rpm -qi pki-ca Name : pki-ca Version : 10.2.5 Release : 5.el7 Architecture: noarch Install Date: Wed 26 Aug 2015 03:46:58 PM EDT Group : System Environment/Daemons Size : 2429116 License : GPLv2 Signature : RSA/SHA256, Mon 17 Aug 2015 10:24:33 AM EDT, Key ID 938a80caf21541eb Source RPM : pki-core-10.2.5-5.el7.src.rpm Build Date : Wed 12 Aug 2015 09:51:40 PM EDT Build Host : ppc-034.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://pki.fedoraproject.org/ Summary : Certificate System - Certificate Authority Verification steps: [root@cloud-qe-7 ~]# pkispawn IMPORTANT: Interactive installation currently only exists for very basic deployments! For example, deployments intent upon using advanced features such as: * Cloning, * Elliptic Curve Cryptography (ECC), * External CA, * Hardware Security Module (HSM), * Subordinate CA, * etc., must provide the necessary override parameters in a separate configuration file. Run 'man pkispawn' for details. Subsystem (CA/KRA/OCSP/TKS/TPS) [CA]: Tomcat: Instance [pki-tomcat]: HTTP port [8080]: Secure HTTP port [8443]: AJP port [8009]: Management port [8005]: Administrator: Username [caadmin]: Password: Verify password: Import certificate (Yes/No) [N]? Export certificate to [/root/.dogtag/pki-tomcat/ca_admin.cert]: Directory Server: Hostname [cloud-qe-7.idmqe.lab.eng.bos.redhat.com]: Use a secure LDAPS connection (Yes/No/Quit) [N]? LDAP Port [389]: Bind DN [cn=Directory Manager]: Password: Base DN [o=pki-tomcat-CA]: dc=pki-ca Security Domain: Name [idmqe.lab.eng.bos.redhat.com Security Domain]: Begin installation (Yes/No/Quit)? yes Log file: /var/log/pki/pki-ca-spawn.20150827105815.log Installing CA into /var/lib/pki/pki-tomcat. Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg. /usr/lib/python2.7/site-packages/urllib3/connectionpool.py:769: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html InsecureRequestWarning) Notice: Trust flag u is set automatically if the private key is present. Created symlink from /etc/systemd/system/multi-user.target.wants/pki-tomcatd.target to /usr/lib/systemd/system/pki-tomcatd.target. ========================================================================== INSTALLATION SUMMARY ========================================================================== Administrator's username: caadmin Administrator's PKCS #12 file: /root/.dogtag/pki-tomcat/ca_admin_cert.p12 To check the status of the subsystem: systemctl status pki-tomcatd To restart the subsystem: systemctl restart pki-tomcatd The URL for the subsystem is: https://cloud-qe-7.idmqe.lab.eng.bos.redhat.com:8443/ca PKI instances will be enabled upon system boot ========================================================================== [root@cloud-qe-7 ~]# systemctl stop pki-tomcatd [root@cloud-qe-7 ~]# pki-server instance-nuxwdog-enable pki-tomcat ---------------------------------------- Nuxwdog enabled for instance pki-tomcat. ---------------------------------------- [root@cloud-qe-7 ~]# cat /var/lib/pki/pki-tomcat/conf/password.conf internal=930824051813 internaldb=Secret123 replicationdb=-315257593 [root@cloud-qe-7 ~]# systemctl restart pki-tomcatd-nuxwdog [pki-tomcat] Please provide the password for internal: ************ [pki-tomcat] Please provide the password for internaldb: ********* [pki-tomcat] Please provide the password for replicationdb: ********** [root@cloud-qe-7 ~]# systemctl status pki-tomcatd-nuxwdog ● pki-tomcatd-nuxwdog - PKI Tomcat Server pki-tomcat Started by Nuxwdog Loaded: loaded (/usr/lib/systemd/system/pki-tomcatd-nuxwdog@.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2015-08-27 11:38:37 EDT; 12s ago Process: 22667 ExecStart=/bin/nuxwdog -f /etc/pki/%i/nuxwdog.conf (code=exited, status=0/SUCCESS) Process: 22485 ExecStartPre=/usr/bin/pkidaemon start tomcat %i (code=exited, status=0/SUCCESS) Main PID: 22670 (nuxwdog) CGroup: /system.slice/system-pki\x2dtomcatd\x2dnuxwdog.slice/pki-tomcatd-nuxwdog ├─22670 /bin/nuxwdog -f /etc/pki/pki-tomcat/nuxwdog.conf └─22671 java -DRESTEASY_LIB=/usr/share/java/resteasy-base -Djava.l... Aug 27 11:38:17 cloud-qe-7.idmqe.lab.eng.bos.redhat.com systemd[1]: Starting ... Aug 27 11:38:17 cloud-qe-7.idmqe.lab.eng.bos.redhat.com pkidaemon[22485]: SUC... Aug 27 11:38:17 cloud-qe-7.idmqe.lab.eng.bos.redhat.com pkidaemon[22485]: SUC... Aug 27 11:38:37 cloud-qe-7.idmqe.lab.eng.bos.redhat.com systemd[1]: Started P... Hint: Some lines were ellipsized, use -l to show in full. [root@cloud-qe-7 ~]# systemctl stop pki-tomcatd-nuxwdog [root@cloud-qe-7 ~]# pki-server instance-nuxwdog-disable pki-tomcat ----------------------------------------- Nuxwdog disabled for instance pki-tomcat. ----------------------------------------- [root@cloud-qe-7 ~]# systemctl start pki-tomcatd [root@cloud-qe-7 ~]# systemctl status pki-tomcatd ● pki-tomcatd - PKI Tomcat Server pki-tomcat Loaded: loaded (/lib/systemd/system/pki-tomcatd@.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2015-08-27 11:39:45 EDT; 9s ago Process: 23298 ExecStartPre=/usr/bin/pkidaemon start tomcat %i (code=exited, status=0/SUCCESS) Main PID: 23477 (java) CGroup: /system.slice/system-pki\x2dtomcatd.slice/pki-tomcatd └─23477 java -DRESTEASY_LIB=/usr/share/java/resteasy-base -classpa... Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: Aug 27... Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: INFO: ... Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: Aug 27... Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: INFO: ... Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: Aug 27... Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: INFO: ... Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: PKILis... Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: PKILis... Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: Aug 27... Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: INFO: ... Hint: Some lines were ellipsized, use -l to show in full. [root@cloud-qe-7 ~]# systemctl status pki-tomcatd -l ● pki-tomcatd - PKI Tomcat Server pki-tomcat Loaded: loaded (/lib/systemd/system/pki-tomcatd@.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2015-08-27 11:39:45 EDT; 21s ago Process: 23298 ExecStartPre=/usr/bin/pkidaemon start tomcat %i (code=exited, status=0/SUCCESS) Main PID: 23477 (java) CGroup: /system.slice/system-pki\x2dtomcatd.slice/pki-tomcatd └─23477 java -DRESTEASY_LIB=/usr/share/java/resteasy-base -classpath /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.security.manager -Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy org.apache.catalina.startup.Bootstrap start Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: Aug 27, 2015 11:39:53 AM org.apache.catalina.startup.HostConfig deployDescriptor Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: INFO: Deployment of configuration descriptor /etc/pki/pki-tomcat/Catalina/localhost/ca.xml has finished in 3,422 ms Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: Aug 27, 2015 11:39:53 AM org.apache.coyote.AbstractProtocol start Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: INFO: Starting ProtocolHandler ["http-bio-8080"] Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: Aug 27, 2015 11:39:53 AM org.apache.coyote.AbstractProtocol start Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: INFO: Starting ProtocolHandler ["http-bio-8443"] Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: PKIListener: org.apache.catalina.core.StandardServer[after_start] Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: PKIListener: Subsystem CA is running. Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: Aug 27, 2015 11:39:53 AM org.apache.catalina.startup.Catalina start Aug 27 11:39:53 cloud-qe-7.idmqe.lab.eng.bos.redhat.com server[23477]: INFO: Server startup in 7061 ms Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2188.html |