| Summary: | PKI-RA service won't start after install | ||
|---|---|---|---|
| Product: | [Retired] Dogtag Certificate System | Reporter: | Sergio Dennis <firgeis> |
| Component: | RA | Assignee: | Ade Lee <alee> |
| Status: | CLOSED EOL | QA Contact: | Ben Levenson <benl> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 9.0 | CC: | cfu, nkinder |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-03-27 18:34:41 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | |||
| Bug Blocks: | 530474 | ||
I can confirm, I was able to re-produce the issue as well on an up2date Fedora-16 machine.
=======================================
.
.
Installation information recorded in /var/log/pki-ra-install.log.
[debug] run_command(/bin/systemctl restart pki-rad)
[error] FAILED run_command("/bin/systemctl restart pki-rad"), exit status=1 output="Failed to issue method call: Unit pki-rad failed to load: No such file or directory. See system logs and 'systemctl status pki-rad' for details."
Before proceeding with the configuration, make sure
the firewall settings of this machine permit proper
access to this subsystem.
Please start the configuration by accessing:
https://dhcp201-193.englab.pnq.redhat.com:12890/ra/admin/console/config/login?pin=BKlnMqSX0JEhFtjmsWWg
After configuration, the server can be operated by the command:
/bin/systemctl restart pki-rad
[root@dhcp201-193 export]#
=======================================
[root@dhcp201-193 ~]# cat /etc/redhat-release
Fedora release 16 (Verne)
=======================================
[root@dhcp201-193 ~]# systemctl status pki-rad
pki-rad
Loaded: error (Reason: No such file or directory)
Active: inactive (dead)
[root@dhcp201-193 ~]#
=======================================
With SELinux in permissive, I was able to start the RA instance just fine(though not configured yet)
########################
[root@dhcp201-193 ~]# service pki-rad status
pki-ra (pid 22404) is running...
'pki-ra' must still be CONFIGURED!
(see /var/log/pki-ra-install.log)
[root@dhcp201-193 ~]#
########################
And, here is the audit message.
########################
[root@dhcp201-193 ~]# cat /var/log/audit/audit.log | audit2allow -R
require {
type ephemeral_port_t;
type pki_ra_t;
type pki_ca_t;
class tcp_socket name_connect;
}
#============= pki_ca_t ==============
allow pki_ca_t ephemeral_port_t:tcp_socket name_connect;
corenet_tcp_bind_generic_port(pki_ca_t)
corenet_tcp_connect_unreserved_ports(pki_ca_t)
#============= pki_ra_t ==============
corenet_tcp_bind_generic_port(pki_ra_t)
[root@dhcp201-193 ~]#
########################
|
Description of problem: PKI-RA service won't start after install Version-Release number of selected component (if applicable): pki-ra.noarch 9.0.4-1.fc16 How reproducible: 1. yum install pki-ra 2. pkicreate -pki_instance_root=/var/lib -pki_instance_name=pki-ra -subsystem_type=ra -secure_port=12889 -non_clientauth_secure_port=12890 -unsecure_port=12888 -user=pkiuser -group=pkiuser -redirect conf=/etc/pki-ra -redirect_logs=/var/log/pki-ra Actual results: After install, Service does not start with message: [error] FAILED run_command("/bin/systemctl restart pki-rad"), exit status=1 output="Failed to issue method call: Unit pki-rad failed to load: No such file or directory. Expected results: pki-ra service should start. Additional info: