Bug 769296 - PKI-RA service won't start after install
Summary: PKI-RA service won't start after install
Keywords:
Status: CLOSED EOL
Alias: None
Product: Dogtag Certificate System
Classification: Retired
Component: RA
Version: 9.0
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Ade Lee
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks: 530474
TreeView+ depends on / blocked
 
Reported: 2011-12-20 13:17 UTC by Sergio Dennis
Modified: 2020-03-27 18:34 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-03-27 18:34:41 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Sergio Dennis 2011-12-20 13:17:44 UTC 
Description of problem:
PKI-RA service won't start after install 

Version-Release number of selected component (if applicable):
pki-ra.noarch 9.0.4-1.fc16

How reproducible:
1. yum install pki-ra
2. pkicreate -pki_instance_root=/var/lib  -pki_instance_name=pki-ra -subsystem_type=ra -secure_port=12889 -non_clientauth_secure_port=12890  -unsecure_port=12888 -user=pkiuser -group=pkiuser -redirect conf=/etc/pki-ra -redirect_logs=/var/log/pki-ra
  
Actual results:
After install, Service does not start with message:

[error] FAILED run_command("/bin/systemctl restart pki-rad"), exit status=1 output="Failed to issue method call: Unit pki-rad failed to load: No such file or directory.

Expected results:
pki-ra service should start.

Additional info:
Comment 1 Kashyap Chamarthy 2011-12-20 16:25:30 UTC 
I can confirm, I was able to re-produce the issue as well on an up2date Fedora-16 machine.
=======================================
.
.

Installation information recorded in /var/log/pki-ra-install.log.
[debug] run_command(/bin/systemctl restart pki-rad)
[error] FAILED run_command("/bin/systemctl restart pki-rad"), exit status=1 output="Failed to issue method call: Unit pki-rad failed to load: No such file or directory. See system logs and 'systemctl status pki-rad' for details."
Before proceeding with the configuration, make sure 
the firewall settings of this machine permit proper 
access to this subsystem. 

Please start the configuration by accessing:

https://dhcp201-193.englab.pnq.redhat.com:12890/ra/admin/console/config/login?pin=BKlnMqSX0JEhFtjmsWWg

After configuration, the server can be operated by the command:

    /bin/systemctl restart pki-rad

[root@dhcp201-193 export]# 
=======================================
[root@dhcp201-193 ~]# cat /etc/redhat-release 
Fedora release 16 (Verne)
=======================================
[root@dhcp201-193 ~]# systemctl status pki-rad
pki-rad
	  Loaded: error (Reason: No such file or directory)
	  Active: inactive (dead)
[root@dhcp201-193 ~]#
=======================================
Comment 2 Kashyap Chamarthy 2012-01-13 03:50:06 UTC 
With SELinux in permissive, I was able to start the RA instance just fine(though not configured yet)

########################
[root@dhcp201-193 ~]# service pki-rad status
pki-ra (pid  22404) is running...
    'pki-ra' must still be CONFIGURED!
    (see /var/log/pki-ra-install.log)
[root@dhcp201-193 ~]# 
########################

And, here is the audit message.
########################
[root@dhcp201-193 ~]# cat /var/log/audit/audit.log | audit2allow -R

require {
        type ephemeral_port_t;
        type pki_ra_t;
        type pki_ca_t;
        class tcp_socket name_connect;
}

#============= pki_ca_t ==============
allow pki_ca_t ephemeral_port_t:tcp_socket name_connect;
corenet_tcp_bind_generic_port(pki_ca_t)
corenet_tcp_connect_unreserved_ports(pki_ca_t)

#============= pki_ra_t ==============
corenet_tcp_bind_generic_port(pki_ra_t)
[root@dhcp201-193 ~]# 
########################
Note You need to log in before you can comment on or make changes to this bug.