Red Hat Bugzilla – Bug 1027236
pmcd fails to start, nss/cert problems
Last modified: 2014-06-18 00:15:24 EDT
Description of problem:
Ater a fresh installation of pcp the pmcd deamon fails to start.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. systemctl start pmcd.service
The pmcd deamon is not running, unable to connect...
The daemon is up, accepting connections.
cat /var/log/pcp/pmcd/pmcd.log says:
Log for pmcd on el-7-local started Wed Nov 6 06:34:20 2013
[Wed Nov 6 06:34:20] pmcd(12760) Error: Unable to set NSS export policy: Failure to load dynamic library
[Wed Nov 6 06:34:20] pmcd(12760) Error: pmcd not started due to errors!
Log finished Wed Nov 6 06:34:20 2013
This appears to be an NSS certificate-database configuration problem.
It seems unfortunate that pmcd fails entirely upon such a problem. At
worst we should allow communication without SSL/TLS, e.g. over normal
TCP and definitely over local:.
It is also suspicious that we should be initializing nss to the "Export"
suite of ciphers, which probably unnecessarily weakens it.
reproducible on tofan.yyz's rhel7 vm
See bug #1001841: nss-3.15.2-6 "disable ssl2 and the export cipher suites".
See also bug #1026677.
Open-coding a version of that nss patch within pcp.
(In reply to Frank Ch. Eigler from comment #1)
> It seems unfortunate that pmcd fails entirely upon such a problem. At
> worst we should allow communication without SSL/TLS, e.g. over normal
> TCP and definitely over local:.
Opened upstream bug http://oss.sgi.com/bugzilla/show_bug.cgi?id=1035 to track this.
This request was resolved in Red Hat Enterprise Linux 7.0.
Contact your manager or support representative in case you have further questions about the request.