Bug 584917 - Can not access CA Configuration Web UI after CA installation
Summary: Can not access CA Configuration Web UI after CA installation
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: dogtag-pki
Version: 13
Hardware: All
OS: Linux
low
high
Target Milestone: ---
Assignee: Ade Lee
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-04-22 17:53 UTC by Jenny Severance
Modified: 2010-07-21 20:06 UTC (History)
5 users (show)

Fixed In Version: pki-ocsp-1.3.2-2.el5
Clone Of:
Environment:
Last Closed: 2010-07-21 19:58:31 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
pki-ca-install.log (38.66 KB, text/plain)
2010-04-25 19:10 UTC, Shawn
no flags Details
pki-ca catalina.out file (19.27 KB, text/plain)
2010-04-25 19:16 UTC, Shawn
no flags Details
Dump of rpm -qa (39.37 KB, text/plain)
2010-04-25 20:00 UTC, Shawn
no flags Details
patch to fix (7.42 KB, patch)
2010-04-26 14:46 UTC, Ade Lee
no flags Details | Diff
selinux changes needed (1.04 KB, patch)
2010-04-26 16:17 UTC, Ade Lee
no flags Details | Diff

Description Jenny Severance 2010-04-22 17:53:11 UTC
Description of problem:
After installing dogtag
# yum install dogtag-pki --enablerepo=updates-testing

Getting Server Error 500 trying to access the CA's Web UI for configuration.

please see attached log files

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Shawn 2010-04-25 19:10:48 UTC
Created attachment 408997 [details]
pki-ca-install.log

Comment 2 Shawn 2010-04-25 19:16:52 UTC
Created attachment 409000 [details]
pki-ca catalina.out file

Comment 3 Shawn 2010-04-25 19:55:09 UTC
ffffffffff.... I wrote a mile long description and added an attachment and it blew out all my comments. Here we go again.

I get the error 500 in F13 as well. I just ran the following to install "yum install pki-ca" as I just want to start small. The first thing that I noticed is that /usr/bin/pkicreate is not run automatically on install as the documentation suggests. When I ran it from the command line it seemed to run clean with the exception of the hardware components which I am not interested in at this time. The log is included as an attachment already. The options I used with pkicreate are included in the log.

When I fire up firefox 3.6.3 and connect to the URL included I get the "your certificate sucks" message. If I give it a temporary exception I some times get the error 500 page with the dog tag logo titled "Certificate System CA Error Page" and the following message

"The server encountered an unexpected condition which prevented it from fulfilling the request. Please consult your local administrator for further assistance. The Certificate System logs may provide further information."

If I do a refresh it takes me to the wizard page which is completely blank.
https://localhost:9445/ca/admin/console/config/wizard

I have included the catalina.out log from /var/log/pki-ca directory. There appear to be 2 errors. 

SEVERE: StandardWrapper.Throwable
SEVERE: Allocate exception for servlet csadmin-login

I don't know what to check for the first but for the second I checked for the servlet rpm and it is there. 

jakarta-commons-dbcp-tomcat5-1.2.1-13.7.fc12.noarch
jakarta-commons-collections-tomcat5-3.2.1-3.fc12.x86_64
tomcat5-servlet-2.4-api-5.5.27-7.4.fc12.noarch
tomcat5-common-lib-5.5.27-7.4.fc12.noarch
jakarta-commons-pool-tomcat5-1.3-13.fc13.x86_64
tomcat5-server-lib-5.5.27-7.4.fc12.noarch
tomcatjss-1.2.1-1.fc13.noarch
tomcat5-jasper-5.5.27-7.4.fc12.noarch

And a check of alternatives gives 

ls -l /etc/alternatives/servlet
/etc/alternatives/servlet -> /usr/share/java/tomcat5-servlet-2.4-api.jar

ls -l /etc/alternatives/servlet_2_4_api 
/etc/alternatives/servlet_2_4_api -> /usr/share/java/tomcat5-servlet-2.4-api.jar

A locate on csadmin-login and csadmin do not show any thing. Should there be such a file? A "yum search csadmin" doesn't turn any thing up. Am I missing some thing? After I post this I will include an attachment with the output of  "rpm -qa"

If I can help further please let me know. Thanks

Comment 4 Shawn 2010-04-25 20:00:11 UTC
Created attachment 409003 [details]
Dump of rpm -qa

Comment 5 Ade Lee 2010-04-26 14:46:57 UTC
Created attachment 409197 [details]
patch to fix

The problem here is that fc13 moved from velocity 1.4 to velocity 1.6.
Velocity 1.6 had some additional dependencies that needed to be added to the class path of the java subsystems.

This patch adds these jars to the classpath.

mharmsen, please review

Comment 6 Ade Lee 2010-04-26 16:17:02 UTC
Created attachment 409228 [details]
selinux changes needed

mharmsen, please review

Comment 7 Matthew Harmsen 2010-04-26 16:37:20 UTC
attachment (id=409197)
attachment (id=409228) +mharmsen
REMINDER:  All "dtomcat5" files should be identical for CA, KRA, OCSP, and TKS
           if a 'diff' is performed.

Comment 9 Ade Lee 2010-04-26 19:15:00 UTC
Committed to 8.1

[builder@goofy-vm4 base]$ svn ci -m "BZ584917: Can not access CA Configuration Web UI after CA installation" ca selinux tks ocsp kra
Sending        ca/shared/conf/dtomcat5
Sending        kra/shared/conf/dtomcat5
Sending        ocsp/shared/conf/dtomcat5
Sending        selinux/src/pki.if
Sending        selinux/src/pki.te
Sending        tks/shared/conf/dtomcat5
Transmitting file data ......
Committed revision 1076.

Committed to tip:

[builder@dhcp231-70 base]$ svn ci -m "BZ584917: Can not access CA Configuration Web UI after CA installation" ca selinux tks ocsp kra
Sending        ca/shared/conf/dtomcat5
Sending        kra/shared/conf/dtomcat5
Sending        ocsp/shared/conf/dtomcat5
Sending        selinux/src/pki.if
Sending        selinux/src/pki.te
Sending        tks/shared/conf/dtomcat5
Transmitting file data ......
Committed revision 1077.

Comment 10 Ade Lee 2010-04-26 21:04:59 UTC
On tip:

[builder@dhcp231-70 dogtag]$ svn ci -m "update release numbers for 584917 and 577949"
Sending        dogtag/ca/pki-ca.spec
Sending        dogtag/common/pki-common.spec
Sending        dogtag/kra/pki-kra.spec
Sending        dogtag/ocsp/pki-ocsp.spec
Sending        dogtag/selinux/pki-selinux.spec
Sending        dogtag/tks/pki-tks.spec
Transmitting file data ......
Committed revision 1081.

Comment 11 Shawn 2010-05-02 03:29:59 UTC
I grabbed pki-ca-1.3.4-2.fc13.noarch.rpm out of koji and did an upgrade with it. I did a restart on the pki-cad service and then tried connecting to the Configuration Web UI and I had the same issue. So I ran pkiremove and then ran pkicreate again and tried tried it. Now it works.

Thanks for the help.

Comment 12 Fedora Update System 2010-05-04 01:12:10 UTC
pki-ca-1.3.4-2.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/pki-ca-1.3.4-2.el5

Comment 13 Fedora Update System 2010-05-04 01:28:39 UTC
pki-kra-1.3.3-1.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/pki-kra-1.3.3-1.el5

Comment 14 Fedora Update System 2010-05-06 00:50:37 UTC
pki-ca-1.3.4-2.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update pki-ca'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/pki-ca-1.3.4-2.el5

Comment 15 Fedora Update System 2010-05-06 00:50:49 UTC
pki-kra-1.3.3-1.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update pki-kra'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/pki-kra-1.3.3-1.el5

Comment 16 Fedora Update System 2010-05-06 02:11:54 UTC
pki-ocsp-1.3.2-2.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/pki-ocsp-1.3.2-2.el5

Comment 17 Fedora Update System 2010-05-06 02:14:07 UTC
pki-selinux-1.3.5-1.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/pki-selinux-1.3.5-1.el5

Comment 18 Fedora Update System 2010-05-06 02:16:16 UTC
pki-tks-1.3.2-1.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/pki-tks-1.3.2-1.el5

Comment 19 Fedora Update System 2010-05-07 17:45:22 UTC
pki-ocsp-1.3.2-2.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update pki-ocsp'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/pki-ocsp-1.3.2-2.el5

Comment 20 Fedora Update System 2010-05-07 17:45:31 UTC
pki-tks-1.3.2-1.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update pki-tks'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/pki-tks-1.3.2-1.el5

Comment 21 Fedora Update System 2010-05-07 17:45:56 UTC
pki-selinux-1.3.5-1.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update pki-selinux'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/pki-selinux-1.3.5-1.el5

Comment 22 Bhaskar Y Reddy 2010-05-21 05:24:38 UTC
Tested on F13 and it is working fine.

Version:
--------
pki-ca-1.3.4-2.fc13.noarch
dogtag-pki-ca-ui-1.3.1-2.fc13.noarch


verification steps:
------------------
1. Install and configure the CA subsystem.


Actual Results:
--------------
Successfully installed and configured.


Expected Results:
----------------
Should be able to install and configure.

Comment 23 Fedora Update System 2010-07-21 19:58:24 UTC
pki-selinux-1.3.5-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 24 Fedora Update System 2010-07-21 20:03:05 UTC
pki-tks-1.3.2-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 25 Fedora Update System 2010-07-21 20:03:19 UTC
pki-kra-1.3.3-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 26 Fedora Update System 2010-07-21 20:05:57 UTC
pki-ocsp-1.3.2-2.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.