Bug 507746 - Configure TPS/RA to listen on Ipv4 and Ipv6
Configure TPS/RA to listen on Ipv4 and Ipv6
Status: CLOSED ERRATA
Product: Dogtag Certificate System
Classification: Community
Component: TPS (Show other bugs)
1.1
All Linux
high Severity high
: ---
: ---
Assigned To: Matthew Harmsen
Chandrasekar Kannan
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2009-06-23 20:12 EDT by Jack Magne
Modified: 2015-01-05 20:19 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-22 19:36:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
IPv6 changes for RA/TPS/native-tools (24.66 KB, patch)
2009-06-24 19:40 EDT, Matthew Harmsen
no flags Details | Diff
IPv6 changes for RA/TPS/native-tools (dogtag) (3.14 KB, patch)
2009-06-24 19:41 EDT, Matthew Harmsen
no flags Details | Diff

  None (edit)
Description Jack Magne 2009-06-23 20:12:34 EDT
Description of problem:


There is a very simple change we need for the RA and TPS "nss.conf" , Apache config files to get the servers to listen on both Ipv4 and Ipv6.

It involves changing the "Listen" directives to something like this:

Listen 7890


To date, we have been using Ipv4 specific form of this directive.
Comment 1 Matthew Harmsen 2009-06-23 20:20:55 EDT
Reminder:  Also make this change to the "httpd.conf" file for the unsecure port.
Comment 2 Matthew Harmsen 2009-06-24 19:07:23 EDT
This bug will also required changing ALL "ldap_init(host,port)" calls to IPv6-aware "prldap_init(host,port,1)" calls.

Additionally, several native-tools were changed to be IPv6-aware.
Comment 3 Matthew Harmsen 2009-06-24 19:40:44 EDT
Created attachment 349317 [details]
IPv6 changes for RA/TPS/native-tools
Comment 4 Matthew Harmsen 2009-06-24 19:41:11 EDT
Created attachment 349318 [details]
IPv6 changes for RA/TPS/native-tools (dogtag)
Comment 5 Jack Magne 2009-06-24 19:49:50 EDT
Attachments (id=49317) (id=349318) +jmagne.
Comment 6 Matthew Harmsen 2009-06-24 19:57:04 EDT
cd pki/base

% svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
M      native-tools/src/sslget/sslget.c
M      native-tools/src/setpin/setpin.c
M      native-tools/src/bulkissuance/bulkissuance.c
M      native-tools/src/revoker/revoker.c
M      ra/apache/conf/httpd.conf
M      ra/apache/conf/nss.conf
M      ra/etc/init.d/httpd
M      tps/src/authentication/LDAP_Authentication.cpp
M      tps/src/include/tus/tus_db.h
M      tps/src/tus/tus_db.c
M      tps/tools/tus/test.c
M      tps/apache/conf/httpd.conf
M      tps/apache/conf/nss.conf
M      tps/etc/init.d/httpd

% svn commit
Sending        base/native-tools/src/bulkissuance/bulkissuance.c
Sending        base/native-tools/src/revoker/revoker.c
Sending        base/native-tools/src/setpin/setpin.c
Sending        base/native-tools/src/sslget/sslget.c
Sending        base/ra/apache/conf/httpd.conf
Sending        base/ra/apache/conf/nss.conf
Sending        base/ra/etc/init.d/httpd
Sending        base/tps/apache/conf/httpd.conf
Sending        base/tps/apache/conf/nss.conf
Sending        base/tps/etc/init.d/httpd
Sending        base/tps/src/authentication/LDAP_Authentication.cpp
Sending        base/tps/src/include/tus/tus_db.h
Sending        base/tps/src/tus/tus_db.c
Sending        base/tps/tools/tus/test.c
Transmitting file data ..............
Committed revision 653.


cd pki/dogtag

% svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
M      native-tools/pki-native-tools.spec
M      ra/pki-ra.spec
M      tps/pki-tps.spec

% svn commit
Sending        dogtag/native-tools/pki-native-tools.spec
Sending        dogtag/ra/pki-ra.spec
Sending        dogtag/tps/pki-tps.spec
Transmitting file data ...
Committed revision 654.
Comment 8 Kashyap Chamarthy 2009-07-05 11:31:39 EDT
RA works fine with both IPv4 & IPv6 urls in the browser....

But TPS fails at the "Authentication Directory" panel(just like on the bane machine..)



=============================================
[root@neo logs]# tail -50 /var/lib/pki-tps/error_log 
[Sun Jul 05 08:24:49 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:00 2009] [info] Subsequent (No.9) HTTPS request received for child 15 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [info] Subsequent (No.9) HTTPS request received for child 18 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:02 2009] [info] Subsequent (No.9) HTTPS request received for child 16 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [info] Subsequent (No.9) HTTPS request received for child 17 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:02 2009] [info] Subsequent (No.11) HTTPS request received for child 14 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:02 2009] [info] Subsequent (No.14) HTTPS request received for child 13 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:02 2009] [info] Subsequent (No.10) HTTPS request received for child 15 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:02 2009] [info] Subsequent (No.10) HTTPS request received for child 18 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:02 2009] [info] Subsequent (No.10) HTTPS request received for child 16 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [info] Subsequent (No.10) HTTPS request received for child 17 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:02 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:02 2009] [info] Subsequent (No.12) HTTPS request received for child 14 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:02 2009] [info] Subsequent (No.15) HTTPS request received for child 13 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:10 2009] [info] Subsequent (No.11) HTTPS request received for child 15 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:11 2009] [info] Subsequent (No.11) HTTPS request received for child 18 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:11 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:11 2009] [info] Subsequent (No.11) HTTPS request received for child 17 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:11 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:11 2009] [info] Subsequent (No.11) HTTPS request received for child 16 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:11 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:11 2009] [info] Subsequent (No.13) HTTPS request received for child 14 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:11 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:11 2009] [info] Subsequent (No.16) HTTPS request received for child 13 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:11 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:11 2009] [info] Subsequent (No.12) HTTPS request received for child 15 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:11 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:11 2009] [info] Subsequent (No.12) HTTPS request received for child 18 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:11 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:11 2009] [info] Subsequent (No.12) HTTPS request received for child 17 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:11 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:11 2009] [info] Subsequent (No.12) HTTPS request received for child 16 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:11 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:11 2009] [info] Subsequent (No.14) HTTPS request received for child 14 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:11 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:26 2009] [info] Connection to child 13 closed (server neo.dsdev.sjc.redhat.com:7890, client 10.14.1.24)
[Sun Jul 05 08:25:26 2009] [info] Connection to child 15 closed (server neo.dsdev.sjc.redhat.com:7890, client 10.14.1.24)
[Sun Jul 05 08:25:26 2009] [info] Connection to child 18 closed (server neo.dsdev.sjc.redhat.com:7890, client 10.14.1.24)
[Sun Jul 05 08:25:26 2009] [info] Connection to child 17 closed (server neo.dsdev.sjc.redhat.com:7890, client 10.14.1.24)
[Sun Jul 05 08:25:26 2009] [info] Connection to child 16 closed (server neo.dsdev.sjc.redhat.com:7890, client 10.14.1.24)
[Sun Jul 05 08:25:26 2009] [info] Connection to child 14 closed (server neo.dsdev.sjc.redhat.com:7890, client 10.14.1.24)
===================================================
Comment 9 Jack Magne 2009-07-06 12:57:58 EDT
When we tested, this all worked fine. Will look at it.
Comment 10 Kashyap Chamarthy 2009-07-07 03:14:28 EDT
Verified(on CS8 RC2). with the PKI_HOSTNAME=neo.dsdev.sjc.redhat.com and appropriate DN for authentication database did the trick.

Jack, sorry for the confusion.

Note You need to log in before you can comment on or make changes to this bug.