Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 802396

Summary: Syntax Errors restart IPA services /var/lib/pki-ca/pki-ca: line 91
Product: Red Hat Enterprise Linux 6 Reporter: Jenny Severance <jgalipea>
Component: tomcat6Assignee: David Knox <dknox>
Status: CLOSED ERRATA QA Contact: tomcat-qe
Severity: urgent Docs Contact:
Priority: urgent    
Version: 6.3CC: dpal, jclere, jdennis, mhasko, mkosek
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: tomcat6-6.0.24-44.el6 Doc Type: Bug Fix
Doc Text:
No tech note needed
 Story Points: ---
Clone Of:
: 806046 (view as bug list) Environment:
Last Closed: 2012-06-20 14:35:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 806046    

Description Jenny Severance 2012-03-12 13:15:15 UTC 
Description of problem:

# ipactl restart
Restarting Directory Service
Shutting down dirsrv: 
    PKI-IPA...                                             [  OK  ]
    TESTRELM-COM...                                        [  OK  ]
Starting dirsrv: 
    PKI-IPA...                                             [  OK  ]
    TESTRELM-COM...                                        [  OK  ]
Restarting KDC Service
Stopping Kerberos 5 KDC:                                   [  OK  ]
Starting Kerberos 5 KDC:                                   [  OK  ]
Restarting KPASSWD Service
Stopping Kerberos 5 Admin Server:                          [  OK  ]
Starting Kerberos 5 Admin Server:                          [  OK  ]
Restarting DNS Service
Stopping named: .                                          [  OK  ]
Starting named:                                            [  OK  ]
Restarting MEMCACHE Service
Stopping ipa_memcached:                                    [  OK  ]
Starting ipa_memcached:                                    [  OK  ]
Restarting HTTP Service
Stopping httpd:                                            [  OK  ]
Starting httpd: [Mon Mar 12 09:09:59 2012] [warn] worker ajp://localhost:9447/ already used by another worker
[Mon Mar 12 09:09:59 2012] [warn] worker ajp://localhost:9447/ already used by another worker
                                                           [  OK  ]
Restarting CA Service
/var/lib/pki-ca/pki-ca: line 91: syntax error near unexpected token `('
/var/lib/pki-ca/pki-ca: line 91: `functonn version() {'
/var/lib/pki-ca/pki-ca: line 91: syntax error near unexpected token `('
/var/lib/pki-ca/pki-ca: line 91: `functonn version() {'
Failed to restart CA Service
Shutting down
Stopping Kerberos 5 KDC:                                   [  OK  ]
Stopping Kerberos 5 Admin Server:                          [  OK  ]
Stopping named: .                                          [  OK  ]
Stopping ipa_memcached:                                    [  OK  ]
Stopping httpd:                                            [  OK  ]
/var/lib/pki-ca/pki-ca: line 91: syntax error near unexpected token `('
/var/lib/pki-ca/pki-ca: line 91: `functonn version() {'
Shutting down dirsrv: 
    PKI-IPA...                                             [  OK  ]
    TESTRELM-COM...                                        [  OK  ]
Aborting ipactl


Version-Release number of selected component (if applicable):
ipa-server-2.2.0-3.el6.x86_64
389-ds-base-1.2.10.2-2.el6.x86_64
pki-ca-9.0.3-23.el6.noarch

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 2 Jenny Severance 2012-03-12 13:26:51 UTC 
Please start the configuration by accessing:

https://ipaqavmd.testrelm.com:9445/ca/admin/console/config/login?pin=X1GMoj6VeBIKA5polWUc

After configuration, the server can be operated by the command:

    /sbin/service pki-cad restart pki-ca


2012-03-12T13:20:37Z DEBUG stderr=[error] FAILED run_command("/sbin/service pki-cad restart pki-ca"), exit status=2 output="/var/lib/pki-ca/pki-ca: line 91: syntax error near unexpected token `('
/var/lib/pki-ca/pki-ca: line 91: `functonn version() {'
/var/lib/pki-ca/pki-ca: line 91: syntax error near unexpected token `('
/var/lib/pki-ca/pki-ca: line 91: `functonn version() {'"

2012-03-12T13:20:37Z DEBUG   duration: 9 seconds
2012-03-12T13:20:37Z DEBUG   [3/17]: configuring certificate server instance
2012-03-12T13:20:38Z DEBUG args=/usr/bin/perl /usr/bin/pkisilent 'ConfigureCA' '-cs_hostname' 'ipaqavmd.testrelm.com' '-cs_port' '9445' '-client_certdb_dir' '/tmp/tmp-SDs8JX' '-client_certdb_pwd' XXXXXXXX '-preop_pin' 'X1GMoj6VeBIKA5polWUc' '-domain_name' 'IPA' '-admin_user' 'admin' '-admin_email' 'root@localhost' '-admin_password' XXXXXXXX '-agent_name' 'ipa-ca-agent' '-agent_key_size' '2048' '-agent_key_type' 'rsa' '-agent_cert_subject' 'CN=ipa-ca-agent,O=TESTRELM.COM' '-ldap_host' 'ipaqavmd.testrelm.com' '-ldap_port' '7389' '-bind_dn' 'cn=Directory Manager' '-bind_password' XXXXXXXX '-base_dn' 'o=ipaca' '-db_name' 'ipaca' '-key_size' '2048' '-key_type' 'rsa' '-key_algorithm' 'SHA256withRSA' '-save_p12' 'true' '-backup_pwd' XXXXXXXX '-subsystem_name' 'pki-cad' '-token_name' 'internal' '-ca_subsystem_cert_subject_name' 'CN=CA Subsystem,O=TESTRELM.COM' '-ca_ocsp_cert_subject_name' 'CN=OCSP Subsystem,O=TESTRELM.COM' '-ca_server_cert_subject_name' 'CN=ipaqavmd.testrelm.com,O=TESTRELM.COM' '-ca_audit_signing_cert_subject_name' 'CN=CA Audit,O=TESTRELM.COM' '-ca_sign_cert_subject_name' 'CN=Certificate Authority,O=TESTRELM.COM' '-external' 'false' '-clone' 'false'
2012-03-12T13:20:38Z DEBUG stdout=libpath=/usr/lib64
#######################################################################

#######################################################################

2012-03-12T13:20:38Z DEBUG stderr=Exception in thread "main" java.lang.NoClassDefFoundError: 'ConfigureCA'
Caused by: java.lang.ClassNotFoundException: 'ConfigureCA'
	at java.net.URLClassLoader$1.run(URLClassLoader.java:217)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:321)
	at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:266)
Could not find the main class: 'ConfigureCA'. Program will exit.

2012-03-12T13:20:38Z CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent 'ConfigureCA' '-cs_hostname' 'ipaqavmd.testrelm.com' '-cs_port' '9445' '-client_certdb_dir' '/tmp/tmp-SDs8JX' '-client_certdb_pwd' XXXXXXXX '-preop_pin' 'X1GMoj6VeBIKA5polWUc' '-domain_name' 'IPA' '-admin_user' 'admin' '-admin_email' 'root@localhost' '-admin_password' XXXXXXXX '-agent_name' 'ipa-ca-agent' '-agent_key_size' '2048' '-agent_key_type' 'rsa' '-agent_cert_subject' 'CN=ipa-ca-agent,O=TESTRELM.COM' '-ldap_host' 'ipaqavmd.testrelm.com' '-ldap_port' '7389' '-bind_dn' 'cn=Directory Manager' '-bind_password' XXXXXXXX '-base_dn' 'o=ipaca' '-db_name' 'ipaca' '-key_size' '2048' '-key_type' 'rsa' '-key_algorithm' 'SHA256withRSA' '-save_p12' 'true' '-backup_pwd' XXXXXXXX '-subsystem_name' 'pki-cad' '-token_name' 'internal' '-ca_subsystem_cert_subject_name' 'CN=CA Subsystem,O=TESTRELM.COM' '-ca_ocsp_cert_subject_name' 'CN=OCSP Subsystem,O=TESTRELM.COM' '-ca_server_cert_subject_name' 'CN=ipaqavmd.testrelm.com,O=TESTRELM.COM' '-ca_audit_signing_cert_subject_name' 'CN=CA Audit,O=TESTRELM.COM' '-ca_sign_cert_subject_name' 'CN=Certificate Authority,O=TESTRELM.COM' '-external' 'false' '-clone' 'false'' returned non-zero exit status 255
2012-03-12T13:20:38Z DEBUG Configuration of CA failed
  File "/usr/sbin/ipa-server-install", line 1092, in <module>
    rval = main()

  File "/usr/sbin/ipa-server-install", line 883, in main
    subject_base=options.subject)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 531, in configure_instance
    self.start_creation("Configuring certificate server", 210)

  File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 257, in start_creation
    method()

  File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 670, in __configure_instance
    raise RuntimeError('Configuration of CA failed')
Comment 3 Jenny Severance 2012-03-12 14:10:15 UTC 
Here's the problem that fixes the issue ::

# diff /var/lib/pki-ca/pki-ca /var/lib/pki-ca/pki-ca.orig 
91c91
< function version() {
---
> functonn version() {
Comment 4 Rob Crittenden 2012-03-12 14:18:33 UTC 
This is apparently a bug in tomcat6. Re-assigning to CS team for tracking.
Comment 5 Dmitri Pal 2012-03-12 14:35:56 UTC 
# ls -l /var/lib/pki-ca/pki-ca
lrwxrwxrwx. 1 root root 24 Mar  5 12:52 /var/lib/pki-ca/pki-ca -> /etc/rc.d/init.d/tomcat6
Comment 6 Jenny Severance 2012-03-12 14:47:16 UTC 
additional permissions issues found with this file, need to uncomment

124     [ "$RETVAL" -eq "0" ] && touch $TOMCAT_LOG 2>&1 || RETVAL="4"
125     if [ "$RETVAL" -eq "0" -a "$?" -eq "0" ]; then
126       chown ${TOMCAT_USER}:${TOMCAT_USER} $TOMCAT_LOG
127     fi


changing component to Tomcat6 this is a blocking issue for IPA testing of RHEL 6.3
Comment 8 David Knox 2012-05-01 21:38:45 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No tech note needed
Comment 9 Michal Haško 2012-05-30 11:13:03 UTC 
Corresponding patches present and applied in srpm.
Package tomcat6-6.0.24-45.el6 has passed sanity testing.
Comment 11 errata-xmlrpc 2012-06-20 14:35:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0945.html