Hide Forgot
Description of problem: Ater a fresh installation of pcp the pmcd deamon fails to start. Version-Release number of selected component (if applicable): pcp-3.8.6-1.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. systemctl start pmcd.service Actual results: The pmcd deamon is not running, unable to connect... Expected results: The daemon is up, accepting connections. Additional info: cat /var/log/pcp/pmcd/pmcd.log says: Log for pmcd on el-7-local started Wed Nov 6 06:34:20 2013 [Wed Nov 6 06:34:20] pmcd(12760) Error: Unable to set NSS export policy: Failure to load dynamic library [Wed Nov 6 06:34:20] pmcd(12760) Error: pmcd not started due to errors! Log finished Wed Nov 6 06:34:20 2013
This appears to be an NSS certificate-database configuration problem. It seems unfortunate that pmcd fails entirely upon such a problem. At worst we should allow communication without SSL/TLS, e.g. over normal TCP and definitely over local:. It is also suspicious that we should be initializing nss to the "Export" suite of ciphers, which probably unnecessarily weakens it. nss-3.15.2-7.el7.x86_64 pcp-3.8.6-1.el7.x86_64 reproducible on tofan.yyz's rhel7 vm
See bug #1001841: nss-3.15.2-6 "disable ssl2 and the export cipher suites".
See also bug #1026677. Open-coding a version of that nss patch within pcp.
(In reply to Frank Ch. Eigler from comment #1) > It seems unfortunate that pmcd fails entirely upon such a problem. At > worst we should allow communication without SSL/TLS, e.g. over normal > TCP and definitely over local:. Opened upstream bug http://oss.sgi.com/bugzilla/show_bug.cgi?id=1035 to track this.
This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request.