Bug 1466495
Summary: | TPS installation on shared instance fails in FIPS/HSM environment | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Roshni <rpattath> | ||||||||||||
Component: | pki-core | Assignee: | RHCS Maintainers <rhcs-maint> | ||||||||||||
Status: | CLOSED NOTABUG | QA Contact: | Asha Akkiangady <aakkiang> | ||||||||||||
Severity: | unspecified | Docs Contact: | |||||||||||||
Priority: | unspecified | ||||||||||||||
Version: | 7.4 | CC: | arubin, mharmsen | ||||||||||||
Target Milestone: | rc | ||||||||||||||
Target Release: | --- | ||||||||||||||
Hardware: | Unspecified | ||||||||||||||
OS: | Unspecified | ||||||||||||||
Whiteboard: | |||||||||||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||||||||
Doc Text: | Story Points: | --- | |||||||||||||
Clone Of: | Environment: | ||||||||||||||
Last Closed: | 2017-06-30 19:18:52 UTC | Type: | Bug | ||||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||||
Documentation: | --- | CRM: | |||||||||||||
Verified Versions: | Category: | --- | |||||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||
Embargoed: | |||||||||||||||
Attachments: |
|
Created attachment 1292956 [details]
KRA installation file
Created attachment 1292957 [details]
TKS installation file
Created attachment 1292958 [details]
TPS installation file
Created attachment 1292959 [details]
pkispawn TPS error
TKS installation config file was missing the following params pki_hsm_enable=True pki_hsm_libfile=/opt/nfast/toolkits/pkcs11/libcknfast.so pki_hsm_modulename=nfast and the audit signing cert was not created under HSM. Once I fixed the above TPS installation went through fine and the agent pages are accessible for all subsystems. tpsclient token enroll/format were successful too. |
Created attachment 1292955 [details] CA installation file Description of problem: TPS installation on shared instance fails in FIPS/HSM environment Version-Release number of selected component (if applicable): pki-ca-10.4.1-10.el7.noarch How reproducible: always Steps to Reproduce: 1. Attaching the installation files used for CA, KRA, TKS,TPS and the pkispawn error message 2. 3. Actual results: Expected results: Additional info: journalctl messages Jun 29 14:55:18 pki1.example.com server[901]: Exception in thread "http-bio-30042-exec-7" java.lang.NoClassDefFoundError: org/mozilla/jss/ssl/SSLAlertEvent Jun 29 14:55:18 pki1.example.com server[901]: at org.dogtagpki.server.PKIServerSocketListener.alertSent(PKIServerSocketListener.java:96) Jun 29 14:55:18 pki1.example.com server[901]: at org.apache.tomcat.util.net.jss.TomcatJSS.alertSent(TomcatJSS.java:59) Jun 29 14:55:18 pki1.example.com server[901]: at org.mozilla.jss.ssl.SSLSocket.fireAlertSentEvent(SSLSocket.java:775) Jun 29 14:55:18 pki1.example.com server[901]: at org.mozilla.jss.ssl.SocketBase.socketClose(Native Method) Jun 29 14:55:18 pki1.example.com server[901]: at org.mozilla.jss.ssl.SocketBase.close(SocketBase.java:105) Jun 29 14:55:18 pki1.example.com server[901]: at org.mozilla.jss.ssl.SSLSocket.close(SSLSocket.java:743) Jun 29 14:55:18 pki1.example.com server[901]: at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:328) Jun 29 14:55:18 pki1.example.com server[901]: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) Jun 29 14:55:18 pki1.example.com server[901]: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) Jun 29 14:55:18 pki1.example.com server[901]: at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) Jun 29 14:55:18 pki1.example.com server[901]: at java.lang.Thread.run(Thread.java:748) Jun 29 14:55:18 pki1.example.com server[901]: Exception in thread "http-bio-30042-exec-8" java.lang.NoClassDefFoundError: org/mozilla/jss/ssl/SSLAlertEvent Jun 29 14:55:18 pki1.example.com server[901]: at org.dogtagpki.server.PKIServerSocketListener.alertSent(PKIServerSocketListener.java:96) Jun 29 14:55:18 pki1.example.com server[901]: at org.apache.tomcat.util.net.jss.TomcatJSS.alertSent(TomcatJSS.java:59) Jun 29 14:55:18 pki1.example.com server[901]: at org.mozilla.jss.ssl.SSLSocket.fireAlertSentEvent(SSLSocket.java:775) Jun 29 14:55:18 pki1.example.com server[901]: at org.mozilla.jss.ssl.SocketBase.socketClose(Native Method) Jun 29 14:55:18 pki1.example.com server[901]: at org.mozilla.jss.ssl.SocketBase.close(SocketBase.java:105) Jun 29 14:55:18 pki1.example.com server[901]: at org.mozilla.jss.ssl.SSLSocket.close(SSLSocket.java:743) Jun 29 14:55:18 pki1.example.com server[901]: at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:328) Jun 29 14:55:18 pki1.example.com server[901]: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) Jun 29 14:55:18 pki1.example.com server[901]: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) Jun 29 14:55:18 pki1.example.com server[901]: at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) Jun 29 14:55:18 pki1.example.com server[901]: at java.lang.Thread.run(Thread.java:748)