The TPS installation fails on RHEL 8.1 with the following message in TPS debug log: 2019-06-17 18:05:16 [https-jsse-nio-8443-exec-20] INFO: TPSConfigurator: Generating shared secret in TKS 2019-06-17 18:05:16 [https-jsse-nio-8443-exec-20] SEVERE: Unable to generate shared secret in TKS: Not Found com.netscape.certsrv.base.PKIException: Not Found at com.netscape.certsrv.client.PKIConnection.handleErrorResponse(PKIConnection.java:467) at com.netscape.certsrv.client.PKIConnection.getEntity(PKIConnection.java:439) at com.netscape.certsrv.client.PKIClient.getEntity(PKIClient.java:107) at com.netscape.certsrv.system.TPSConnectorClient.getConnector(TPSConnectorClient.java:36) at org.dogtagpki.server.tps.TPSConfigurator.getSharedSecret(TPSConfigurator.java:374) at org.dogtagpki.server.tps.TPSConfigurator.finalizeConfiguration(TPSConfigurator.java:244) at org.dogtagpki.server.rest.SystemConfigService.finalizeConfiguration(SystemConfigService.java:339) The TPS installation works fine on Fedora although it generates the following warning: 2019-06-17 20:10:16 [https-jsse-nio-8443-exec-11] INFO: TPSConfigurator: Generating shared secret in TKS 2019-06-17 20:10:16 [https-jsse-nio-8443-exec-5] WARN: RESTEASY002142: Multiple resource methods match request "GET /admin/tps-connectors/search". Selecting one. Matching methods: [public abstract javax.ws.rs.core.Response com.netscape.certsrv.system.TPSConnectorResource.getConnector(java.lang.String,java.lang.String), public abstract javax.ws.rs.core.Response com.netscape.certsrv.system.TPSConnectorResource.getConnector(java.lang.String)] It looks like TPSConnectorResource defines two methods with conflicting paths: - @Path("{id}") public Response getConnector(@PathParam("id") String id); - @Path("search") public Response getConnector(@QueryParam("host") String host, @QueryParam("port") String port); and apparently on RHEL the request is mapped into the wrong method. The second getConnector() should be merged into the findConnectors() to eliminate the path conflict.
Fixed in master branch: * https://github.com/dogtagpki/pki/commit/41c1af6710047288be3016c5f08bd6b73853bfff
PKI installation is working fine on RHEL8.2/pki-tps-10.8.0-0.5 # rpm -qi pki-tps Name : pki-tps Version : 10.8.0 Release : 0.5.module+el8pki+5471+1cc1535a Architecture: x86_64 Install Date: Monday 20 January 2020 03:35:02 PM IST Group : Unspecified Size : 1842717 License : GPLv2 and LGPLv2 Signature : RSA/SHA256, Friday 17 January 2020 07:34:01 AM IST, Key ID 199e2f91fd431d51 Source RPM : pki-extras-10.8.0-0.5.module+el8pki+5471+1cc1535a.src.rpm Build Date : Friday 17 January 2020 04:50:35 AM IST Build Host : x86-vm-08.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://www.dogtagpki.org/ Summary : PKI TPS Package
As per Pritam and my observation, we are unable to install TPS due to subprocess issues.If we use subprocess file of python 3.7 , this issue is resolved. Error: ===== 2020-02-12 02:44:59 INFO: Backing up keys into /etc/pki/topology-02-TPS/alias/tps_backup_keys.p12 2020-02-12 02:44:59 DEBUG: Command: pki-server subsystem-cert-export tps -i topology-02-TPS --pkcs12-file /etc/pki/topology-02-TPS/alias/tps_backup_keys.p12 --pkcs12-password-file /tmp/tmpov825r9o/password.txt 2020-02-12 02:45:05 INFO: Setting up security domain 2020-02-12 02:45:05 INFO: Creating security domain setup request 2020-02-12 02:45:06 INFO: Finalizing TPS configuration 2020-02-12 02:45:06 INFO: Creating finalize config request 2020-02-12 02:45:12 INFO: Setting up shared secret 2020-02-12 02:45:12 INFO: Searching for TPS connector in TKS 2020-02-12 02:45:12 INFO: Getting subsystem cert info for tps from CS.cfg 2020-02-12 02:45:12 INFO: Getting subsystem cert info for tps from NSS database 2020-02-12 02:45:12 DEBUG: Command: certutil -L -d /etc/pki/topology-02-TPS/alias -f /tmp/tmpcwz53ech/password.txt -n subsystemCert cert-topology-02-TPS -a 2020-02-12 02:45:13 DEBUG: Command: pki -U https://pki1.example.com:23443 -d /etc/pki/topology-02-TPS/alias -f /etc/pki/topology-02-TPS/password.conf -n subsystemCert cert-topology-02-TPS tks-tpsconnector-show --host pki1.example.com --port 25443 --output-format json 2020-02-12 02:45:13 ERROR: TypeError: __init__() got an unexpected keyword argument 'capture_output' File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 557, in main scriptlet.spawn(deployer) File "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/configuration.py", line 936, in spawn deployer.setup_shared_secret(instance, subsystem) File "/usr/lib/python3.6/site-packages/pki/server/deployment/__init__.py", line 497, in setup_shared_secret tps_connector = self.get_tps_connector(instance, subsystem) File "/usr/lib/python3.6/site-packages/pki/server/deployment/__init__.py", line 358, in get_tps_connector result = subprocess.run(cmd, capture_output=True, check=False) File "/usr/lib64/python3.6/subprocess.py", line 423, in run with Popen(*popenargs, **kwargs) as process:
The problem in comment #7 was caused by a recent switch to platform-python on RHEL 8 which is a Python 3.6 (Fedora has Python 3.7): * https://github.com/dogtagpki/pki/commit/997fd180420867cc40960d470aa422a6c6ebe687 The issue has now been fixed in master (10.8) branch: * https://github.com/dogtagpki/pki/commit/84111eafc806825b3baa20e0fb2372966537d3ae
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2020:2013
Issue migration from Bugzilla to Jira is in process at this time. This will be the last message in Jira copied from the Bugzilla bug.