Bug 490645
Summary: | DRM fails to configure - pkisilent | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] Dogtag Certificate System | Reporter: | Chandrasekar Kannan <ckannan> | ||||||||||
Component: | Tools - Java | Assignee: | Jenny Severance <jgalipea> | ||||||||||
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | ||||||||||
Severity: | urgent | Docs Contact: | |||||||||||
Priority: | urgent | ||||||||||||
Version: | unspecified | CC: | alee, awnuk, benl, cfu, jmagne | ||||||||||
Target Milestone: | --- | ||||||||||||
Target Release: | --- | ||||||||||||
Hardware: | All | ||||||||||||
OS: | Linux | ||||||||||||
Whiteboard: | |||||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||||
Doc Text: | Story Points: | --- | |||||||||||
Clone Of: | Environment: | ||||||||||||
Last Closed: | 2009-07-22 23:33:12 UTC | Type: | --- | ||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||
Documentation: | --- | CRM: | |||||||||||
Verified Versions: | Category: | --- | |||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
Embargoed: | |||||||||||||
Bug Depends On: | |||||||||||||
Bug Blocks: | 443788 | ||||||||||||
Attachments: |
|
Description
Chandrasekar Kannan
2009-03-17 13:33:39 UTC
Created attachment 335524 [details]
sos report tarball
Looks like a small typo. Index: ../../base/silent/src/drm/ConfigureDRM.java =================================================================== --- ../../base/silent/src/drm/ConfigureDRM.java (revision 296) +++ ../../base/silent/src/drm/ConfigureDRM.java (working copy) @@ -510,7 +510,7 @@ "&sslserver=" + URLEncoder.encode(drm_server_cert_subject_name) + "&audit_signing=" + - URLEncoder.encode(drm_audit_signing_cert_name) + + URLEncoder.encode(drm_audit_signing_cert_subject_name) + "&urls=" + URLEncoder.encode(domain_url) + ""; Index: ../../base/silent/src/drm/ConfigureDRM.java =================================================================== --- ../../base/silent/src/drm/ConfigureDRM.java (revision 296) +++ ../../base/silent/src/drm/ConfigureDRM.java (working copy) @@ -510,7 +510,7 @@ "&sslserver=" + URLEncoder.encode(drm_server_cert_subject_name) + "&audit_signing=" + - URLEncoder.encode(drm_audit_signing_cert_name) + + URLEncoder.encode(drm_audit_signing_cert_subject_name) + "&urls=" + URLEncoder.encode(domain_url) + ""; [builder@dhcp231-124 silent]$ vi build_dogtag config/ config-ext/ pki-silent.spec .svn/ [builder@dhcp231-124 silent]$ vi pki-silent.spec [builder@dhcp231-124 silent]$ svn diff Index: pki-silent.spec =================================================================== --- pki-silent.spec (revision 296) +++ pki-silent.spec (working copy) @@ -33,7 +33,7 @@ ## Package Header Definitions %define base_name %{base_prefix}-%{base_component} %define base_version 1.0.0 -%define base_release 9 +%define base_release 10 %define base_group System Environment/Shells %define base_vendor Red Hat, Inc. %define base_license GPLv2 with exceptions @@ -234,6 +234,8 @@ ############################################################################### %changelog +* Tue Mar 17 2009 Ade Lee <alee> 1.0.0-10 +- Bugzilla Bug #490645 - DRM fails to configure * Tue Mar 10 2009 Ade Lee <alee> 1.0.0-9 - Bugzilla Bug #489057 - Add audit_signing cert to drm, ocsp, tks * Fri Feb 20 2009 Ade Lee <alee> 1.0.0-8 [builder@dhcp231-124 silent]$ svn ci -m "BZ490645: DRM fails to install" ../../base/silent pki-silent.spec Sending base/silent/src/drm/ConfigureDRM.java Sending dogtag/silent/pki-silent.spec Transmitting file data .. Committed revision 300. incidentally, Chandra - I noticed one thing that was different from my invocations and yours .. you provide token_pwd as an option (and I do not) and I provide backup_pwd (and you do not). Probably not related to your issue ... tested with today's 2nd build - 20090317 around 4pm PST. Still seeing the same problem. CA's debug log has this... [17/Mar/2009:19:20:53][http-9444-Processor25]: xx Start parsePKCS10 MIICbjCCAVYCAQAwKTEPMA0GA1UEChMGcmVkaGF0MRYwFAYDVQQDEw1wa2kta3JhLWF1ZGl0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvVkQ6m06JnQYEKKs+O9Ljlumk827Gv4bkbpQ1fIoMaSO39O/5WWmv5+r8ySAEF7eWpbFeYZmQcLsM9hecsuWQ9+IaoIcbhkEcNblBQShzOJ/C6rWkMA+NQapM1NwlOxFDQUDDeHha8tOuNF5gvPOW9IkOS9EXI7Ek2aXaIzh+YmytXCBe6xb+FY0dgfBxpcCQJgR4zUVLpL2qwTj65tTDJdc6eE88zCDG6fdMJVyNuRA+XhmMzyPkqU4U4nOMUQ25+TubQiPHel1IGl3hdmSKx7A3PqArZqtkrspf4sLjjwJSw+XSCD23La1YjyD3zGoRGDqX2nIiKqYWQUTzyBPQIDAQABoAAwDQYJKoZIhvcNAQEEBQADggEBAEv3gdsX36LW8VvEN6abfmmFVPysMaElBVeq59fEFhklSoXX8bqvkxLyajep/e6lB6y9zDW9e2c2Eo+hz2T1csnfD2+ji4zEz9UKfiMV2MW1e4Wm8KDp6F5uVmdSpjb2QEtOAGZlQOwzRFVyBqWcWYEWmdT4QkEHgrbZrqQ8mpcHIDAuhJbdRvYnorMoVfvE+5yJ/rBoLCAYtD3HT1/zVr8lsXmualS/37ivnQ+yrscLAe1rUzLAaMf7ngV9v0X/afh1x7EgVrulNXxC//WVyu2ulpSM3LAOgga6Ls6vXFwPIOfOx+k4akHelrL0nzPQ88xGRDYCX6flOKuNp+Mk2z4= [17/Mar/2009:19:20:53][http-9444-Processor25]: EnrollProfile: parsePKCS10: signature verification enabled [17/Mar/2009:19:20:53][http-9444-Processor25]: EnrollProfile: parsePKCS10 setting thread token [17/Mar/2009:19:20:53][http-9444-Processor25]: EnrollProfile: parsePKCS10 restoring thread token java.lang.NullPointerException at com.netscape.cms.profile.common.EnrollProfile.createEnrollmentRequest(EnrollProfile.java:182) at com.netscape.cms.profile.common.EnrollProfile.createRequests(EnrollProfile.java:120) at com.netscape.cms.servlet.profile.ProfileSubmitServlet.process(ProfileSubmitServlet.java:983) at com.netscape.cms.servlet.base.CMSServlet.service(CMSServlet.java:500) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:542) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685) at java.lang.Thread.run(Thread.java:636) [17/Mar/2009:19:20:53][http-9444-Processor25]: ProfileSubmitServlet: createRequests java.lang.NullPointerException + pkisilent ConfigureDRM -cs_hostname sterope.idm.lab.bos.redhat.com -cs_port 10444 -sd_hostname sterope.idm.lab.bos.redhat.com -sd_ssl_port 9444 -sd_admin_name admin -sd_admin_password Secret123 -ca_hostname sterope.idm.lab.bos.redhat.com -ca_port 9180 -ca_ssl_port 9444 -client_certdb_dir /tmp/ -client_certdb_pwd netscape -preop_pin VGoNHd96lsPI6XRiocFo -domain_name pkitest -admin_user admin -admin_password Secret123 -admin_email 'pkitest\@redhat.com' -agent_name pki-agent-kra-01 -ldap_host localhost -ldap_port 389 -bind_dn '"cn=directory' 'manager"' -bind_password Secret123 -base_dn o=kra01 -db_name kra01 -key_size 2048 -key_type rsa -token_name internal -token_pwd netscape -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=pki-agent-kra-01,O=redhat -subsystem_name pki-test-kra -drm_transport_cert_subject_name CN=pki-kra-transport,O=redhat -drm_subsystem_cert_subject_name CN=pki-kra-subsystem,O=redhat -drm_storage_cert_subject_name CN=pki-kra-storage,O=redhat -drm_server_cert_subject_name CN=sterope.idm.lab.bos.redhat.com,O=redhat -drm_audit_signing_cert_subject_name CN=pki-kra-audit,O=redhat libpath=/usr/lib [Fatal Error] :-1:-1: Premature end of file. org.xml.sax.SAXParseException: Premature end of file. at org.apache.xerces.parsers.DOMParser.parse(Unknown Source) at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source) at javax.xml.parsers.DocumentBuilder.parse(Unknown Source) at ParseXML.parse(ParseXML.java:43) at ConfigureDRM.DisplayChainPanel(ConfigureDRM.java:244) at ConfigureDRM.ConfigureDRMInstance(ConfigureDRM.java:833) at ConfigureDRM.main(ConfigureDRM.java:1170) Exception in thread "main" java.lang.IndexOutOfBoundsException: Index: 0, Size: 0 at java.util.ArrayList.rangeCheck(ArrayList.java:571) at java.util.ArrayList.get(ArrayList.java:349) at ConfigureDRM.CertSubjectPanel(ConfigureDRM.java:538) at ConfigureDRM.ConfigureDRMInstance(ConfigureDRM.java:888) at ConfigureDRM.main(ConfigureDRM.java:1170) ####################################################################### Created attachment 335745 [details]
pkisilent output
I tried a manual install and that works fine. here's how I configured the CA with pkisilent + pkisilent ConfigureCA -cs_hostname sterope.idm.lab.bos.redhat.com -cs_port 9444 -client_certdb_dir /tmp/ -client_certdb_pwd netscape -preop_pin 55Kbtg0rWKV4wyvuhfWT -domain_name pkitest -admin_user admin -admin_password Secret123 -admin_email 'pkitest\@redhat.com' -agent_name pki-agent-ca-01 -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=pki-agent-ca-01,O=redhat -ldap_host localhost -ldap_port 389 -bind_dn '"cn=directory' 'manager"' -bind_password Secret123 -base_dn o=ca01 -db_name ca01 -key_size 2048 -key_type rsa -save_p12 false -subsystem_name pki-test-ca -token_name internal -token_pwd netscape -ca_sign_cert_subject_name CN=pki-test-ca,O=redhat -ca_subsystem_cert_subject_name CN=subsystem-sterope.idm.lab.bos.redhat.com,O=redhat -ca_ocsp_cert_subject_name CN=ocsp-sterope.idm.lab.bos.redhat.com,O=redhat -ca_server_cert_subject_name CN=sterope.idm.lab.bos.redhat.com,O=redhat -ca_audit_signing_cert_subject_name CN=audit-sterope.idm.lab.bos.redhat.com,O=redhat with selinux in permissive mode, I see these during DRM configuration with silent install ... Mar 18 15:35:57 sterope yum: Installed: wsdl4j-1.5.2-4jpp.1.i386 Mar 18 15:36:02 sterope yum: Installed: axis-1.2.1-2jpp.6.i386 Mar 18 15:36:05 sterope yum: Installed: 1:mx4j-3.0.1-6jpp.4.i386 Mar 18 15:36:07 sterope yum: Installed: geronimo-specs-1.0-0.M2.2jpp.12.i386 Mar 18 15:36:08 sterope yum: Installed: jakarta-commons-modeler-1.1-8jpp.3.el5.i386 Mar 18 15:36:09 sterope yum: Installed: geronimo-specs-compat-1.0-0.M2.2jpp.12.i386 Mar 18 15:36:11 sterope yum: Installed: tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.i386 Mar 18 15:36:12 sterope yum: Installed: avalon-logkit-1.2-4jpp.3.i386 Mar 18 15:36:14 sterope yum: Installed: velocity-1.4-6jpp.1.i386 Mar 18 15:36:18 sterope yum: Installed: tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.i386 Mar 18 15:36:21 sterope yum: Installed: tomcat5-5.5.23-0jpp.7.el5_2.1.i386 Mar 18 15:36:21 sterope yum: Installed: tomcatjss-1.1.0-12.el5idm.noarch Mar 18 15:36:22 sterope yum: Installed: pki-common-8.0.0-9.alpha.noarch Mar 18 15:36:31 sterope setroubleshoot: SELinux is preventing runuser (initrc_t) "search" to <Unknown> (unlabeled_t). For complete SELinux messages. run sealert -l 28f52789-ddf0-47f6-9bdd-3198d1279cb3 Mar 18 15:36:32 sterope setroubleshoot: SELinux is preventing java (pki_ocsp_t) "getattr" to /var/lib/tomcat5/common/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 869157ad-b06c-4485-9022-4738ebc26c01 Mar 18 15:36:32 sterope setroubleshoot: SELinux is preventing java (pki_ocsp_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l ddf4d7f9-cf06-44f2-a0cf-ae55ce610106 Mar 18 15:36:32 sterope setroubleshoot: SELinux is preventing java (pki_ocsp_t) "getattr" to /var/lib/tomcat5/server/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 804ed4a8-1856-4f04-8ec7-fed051914cce Mar 18 15:36:32 sterope setroubleshoot: SELinux is preventing java (pki_ocsp_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l ddf4d7f9-cf06-44f2-a0cf-ae55ce610106 Mar 18 15:36:37 sterope yum: Installed: pki-ocsp-8.0.0-11.alpha.noarch Mar 18 15:36:47 sterope setroubleshoot: SELinux is preventing runuser (initrc_t) "search" to <Unknown> (unlabeled_t). For complete SELinux messages. run sealert -l 28f52789-ddf0-47f6-9bdd-3198d1279cb3 Mar 18 15:36:47 sterope setroubleshoot: SELinux is preventing java (pki_tks_t) "signull" to <Unknown> (pki_ocsp_t). For complete SELinux messages. run sealert -l 498ac80e-8449-4259-b40c-99bc86bfbcf1 Mar 18 15:36:48 sterope setroubleshoot: SELinux is preventing java (pki_tks_t) "signull" to <Unknown> (pki_ocsp_t). For complete SELinux messages. run sealert -l 498ac80e-8449-4259-b40c-99bc86bfbcf1 Mar 18 15:36:48 sterope setroubleshoot: SELinux is preventing java (pki_tks_t) "getattr" to /var/lib/tomcat5/common/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l de050d88-847b-49ef-bc6f-65e87147e509 Mar 18 15:36:48 sterope setroubleshoot: SELinux is preventing java (pki_tks_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 9e1d8799-eb4d-4adc-9177-8a50ba3caa84 Mar 18 15:36:48 sterope setroubleshoot: SELinux is preventing java (pki_tks_t) "getattr" to /var/lib/tomcat5/server/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 26d1df76-f356-41dc-bf37-f898dfeb7148 Mar 18 15:36:48 sterope setroubleshoot: SELinux is preventing java (pki_tks_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 9e1d8799-eb4d-4adc-9177-8a50ba3caa84 Mar 18 15:36:53 sterope yum: Installed: pki-tks-8.0.0-11.alpha.noarch Mar 18 15:36:53 sterope yum: Installed: pki-silent-8.0.0-6.alpha.noarch Mar 18 15:37:01 sterope setroubleshoot: SELinux is preventing runuser (initrc_t) "search" to <Unknown> (unlabeled_t). For complete SELinux messages. run sealert -l 28f52789-ddf0-47f6-9bdd-3198d1279cb3 Mar 18 15:37:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "signull" to <Unknown> (pki_tks_t). For complete SELinux messages. run sealert -l 7ceab370-8236-478a-beac-67a1970298c0 Mar 18 15:37:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "signull" to <Unknown> (pki_ocsp_t). For complete SELinux messages. run sealert -l f042bf00-bf92-4efa-ae61-9fbd0d7b8889 Mar 18 15:37:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "signull" to <Unknown> (pki_tks_t). For complete SELinux messages. run sealert -l 7ceab370-8236-478a-beac-67a1970298c0 Mar 18 15:37:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "signull" to <Unknown> (pki_ocsp_t). For complete SELinux messages. run sealert -l f042bf00-bf92-4efa-ae61-9fbd0d7b8889 Mar 18 15:37:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "getattr" to /var/lib/tomcat5/common/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 7e126917-27cb-4d96-8051-ff1edea02357 Mar 18 15:37:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 87eef60c-9b76-4577-b63f-be2413b6b29f Mar 18 15:37:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "getattr" to /var/lib/tomcat5/server/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l bf9b70aa-0a11-44e1-9605-dcd35506be2e Mar 18 15:37:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 87eef60c-9b76-4577-b63f-be2413b6b29f Mar 18 15:37:07 sterope yum: Installed: pki-kra-8.0.0-11.alpha.noarch Mar 18 15:37:17 sterope setroubleshoot: SELinux is preventing runuser (initrc_t) "search" to <Unknown> (unlabeled_t). For complete SELinux messages. run sealert -l 28f52789-ddf0-47f6-9bdd-3198d1279cb3 Mar 18 15:37:18 sterope setroubleshoot: SELinux is preventing java (pki_ca_t) "getattr" to /var/lib/tomcat5/common/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l f590db33-7d50-4e8e-9fc4-98baebee1770 Mar 18 15:37:18 sterope setroubleshoot: SELinux is preventing java (pki_ca_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 51b377dd-5fe0-4a78-9af6-4be23350837d Mar 18 15:37:18 sterope setroubleshoot: SELinux is preventing java (pki_ca_t) "getattr" to /var/lib/tomcat5/server/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 9ee0d875-d5a1-4baf-a4a0-7f5092016499 Mar 18 15:37:18 sterope setroubleshoot: SELinux is preventing java (pki_ca_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 51b377dd-5fe0-4a78-9af6-4be23350837d Mar 18 15:37:23 sterope yum: Installed: pki-ca-8.0.0-11.alpha.noarch Mar 18 15:41:24 sterope setroubleshoot: SELinux is preventing runuser (initrc_t) "search" to <Unknown> (unlabeled_t). For complete SELinux messages. run sealert -l 28f52789-ddf0-47f6-9bdd-3198d1279cb3 Mar 18 15:41:24 sterope setroubleshoot: SELinux is preventing java (pki_ca_t) "getattr" to /var/lib/tomcat5/common/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l f590db33-7d50-4e8e-9fc4-98baebee1770 Mar 18 15:41:24 sterope setroubleshoot: SELinux is preventing java (pki_ca_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 51b377dd-5fe0-4a78-9af6-4be23350837d Mar 18 15:41:24 sterope setroubleshoot: SELinux is preventing java (pki_ca_t) "getattr" to /var/lib/tomcat5/server/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 9ee0d875-d5a1-4baf-a4a0-7f5092016499 Mar 18 15:41:24 sterope setroubleshoot: SELinux is preventing java (pki_ca_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 51b377dd-5fe0-4a78-9af6-4be23350837d Mar 18 15:42:01 sterope setroubleshoot: SELinux is preventing runuser (initrc_t) "search" to <Unknown> (unlabeled_t). For complete SELinux messages. run sealert -l 28f52789-ddf0-47f6-9bdd-3198d1279cb3 Mar 18 15:42:01 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "signull" to <Unknown> (pki_tks_t). For complete SELinux messages. run sealert -l 7ceab370-8236-478a-beac-67a1970298c0 Mar 18 15:42:01 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "signull" to <Unknown> (pki_ocsp_t). For complete SELinux messages. run sealert -l f042bf00-bf92-4efa-ae61-9fbd0d7b8889 Mar 18 15:42:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "signull" to <Unknown> (pki_tks_t). For complete SELinux messages. run sealert -l 7ceab370-8236-478a-beac-67a1970298c0 Mar 18 15:42:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "signull" to <Unknown> (pki_ocsp_t). For complete SELinux messages. run sealert -l f042bf00-bf92-4efa-ae61-9fbd0d7b8889 Mar 18 15:42:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "getattr" to /var/lib/tomcat5/common/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 7e126917-27cb-4d96-8051-ff1edea02357 Mar 18 15:42:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 87eef60c-9b76-4577-b63f-be2413b6b29f Mar 18 15:42:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "getattr" to /var/lib/tomcat5/server/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l bf9b70aa-0a11-44e1-9605-dcd35506be2e Mar 18 15:42:02 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 87eef60c-9b76-4577-b63f-be2413b6b29f Mar 18 15:42:53 sterope setroubleshoot: SELinux is preventing runuser (initrc_t) "search" to <Unknown> (unlabeled_t). For complete SELinux messages. run sealert -l 28f52789-ddf0-47f6-9bdd-3198d1279cb3 Mar 18 15:42:54 sterope setroubleshoot: SELinux is preventing java (pki_ca_t) "getattr" to /var/lib/tomcat5/common/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l f590db33-7d50-4e8e-9fc4-98baebee1770 Mar 18 15:42:54 sterope setroubleshoot: SELinux is preventing java (pki_ca_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 51b377dd-5fe0-4a78-9af6-4be23350837d Mar 18 15:43:00 sterope setroubleshoot: SELinux is preventing runuser (initrc_t) "search" to <Unknown> (unlabeled_t). For complete SELinux messages. run sealert -l 28f52789-ddf0-47f6-9bdd-3198d1279cb3 Mar 18 15:43:00 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "signull" to <Unknown> (pki_tks_t). For complete SELinux messages. run sealert -l 7ceab370-8236-478a-beac-67a1970298c0 Mar 18 15:43:00 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "signull" to <Unknown> (pki_ocsp_t). For complete SELinux messages. run sealert -l f042bf00-bf92-4efa-ae61-9fbd0d7b8889 Mar 18 15:43:00 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "getattr" to /var/lib/tomcat5/common/lib/jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 7e126917-27cb-4d96-8051-ff1edea02357 Mar 18 15:43:00 sterope setroubleshoot: SELinux is preventing java (pki_kra_t) "read" to jdtcore.jar (rpm_var_lib_t). For complete SELinux messages. run sealert -l 87eef60c-9b76-4577-b63f-be2413b6b29f Mar 18 15:55:09 sterope dhclient: DHCPREQUEST on eth0 to 10.16.98.150 port 67 Mar 18 15:55:09 sterope dhclient: DHCPACK from 10.16.98.150 Mar 18 15:55:09 sterope dhclient: bound to 10.16.96.67 -- renewal in 10115 seconds. I wasn't restarting the CA after its pkisilent configuration. makes sense why DRM was getting its certificates. marking bug to modified again. Created attachment 349130 [details]
ca debug log output from kra silent config
Verified successful pkisilent ConfigureDRM:
Output from ca's debug log attached - no null pointer exceptions
Also attached kra.log from silent configuration
Created attachment 349131 [details]
kra silent config log
|