8:55 a.m.
On 23.09.2015 01:29, Timo Aaltonen wrote:
On 22.09.2015 00:38, Timo Aaltonen wrote:
>
> Hi
>
> I'm not able to build 10.2.6 with a current tomcat7 (7.0.64):
>
> com/netscape/cms/tomcat/ProxyRealm.java:22: error: ProxyRealm is not
> abstract and does not override abstract method authenticate(String) in Realm
> public class ProxyRealm implements Realm {
> ^
> 1 error
So I got past this error with the help from IRC, and tomcat7-based
packages of 10.2.6 seem to work fine for the most part. Need to look
into the tomcat8 bits with greater detail, must've missed something.
So the failure with tomcat8 seems to boil down to not getting all the bits in CS.cfg, for
instance:
internaldb.ldapconn.host=
internaldb.ldapconn.port=
internaldb.ldapconn.secureConn=false
which then results in this blurb from catalina.out:
CMS Warning: FAILURE: Cannot build CA chain. Error
java.security.cert.CertificateException: Certificate is not a PKCS #11
certificate|FAILURE: authz instance DirAclAuthz initialization failed and skipped,
error=Property internaldb.ldapconn.port missing value|
tomcat7 version gets those right, and here's a diff from pki-ca-spawn log (- tomcat7,
+tomcat8):
@@ -1371,13 +1377,17 @@
pkispawn : DEBUG ........... slot substitution: '[PKI_HOSTNAME]' ==>
'sid-test.tyrell'
pkispawn : DEBUG ........... slot substitution: '[TOMCAT_SERVER_PORT]'
==> '8005'
pkispawn : DEBUG ........... slot substitution: '[TOMCAT_SERVER_PORT]'
==> '8005'
+pkispawn : DEBUG ........... slot substitution: '[PKI_UNSECURE_PORT]'
==> '8080'
pkispawn : DEBUG ........... slot substitution:
'[PKI_UNSECURE_PORT_SERVER_COMMENT]' ==> '<!-- Share$
-pkispawn : DEBUG ........... slot substitution: '[PKI_SECURE_PORT]' ==>
'8443'
pkispawn : DEBUG ........... slot substitution:
'[PKI_UNSECURE_PORT_CONNECTOR_NAME]' ==> 'Unsecure'
pkispawn : DEBUG ........... slot substitution: '[PKI_UNSECURE_PORT]'
==> '8080'
-pkispawn : DEBUG ........... slot substitution:
'[PKI_SECURE_PORT_SERVER_COMMENT]' ==> '<!-- Shared $
pkispawn : DEBUG ........... slot substitution: '[PKI_SECURE_PORT]' ==>
'8443'
+pkispawn : DEBUG ........... slot substitution: '[PKI_UNSECURE_PORT]'
==> '8080'
+pkispawn : DEBUG ........... slot substitution: '[PKI_SECURE_PORT]' ==>
'8443'
+pkispawn : DEBUG ........... slot substitution: '[PKI_SECURE_PORT]' ==>
'8443'
+pkispawn : DEBUG ........... slot substitution:
'[PKI_SECURE_PORT_SERVER_COMMENT]' ==> '<!-- Shared $
pkispawn : DEBUG ........... slot substitution:
'[PKI_SECURE_PORT_CONNECTOR_NAME]' ==> 'Secure'
+pkispawn : DEBUG ........... slot substitution: '[PKI_SECURE_PORT]' ==>
'8443'
pkispawn : DEBUG ........... slot substitution: '[PKI_HOSTNAME]' ==>
'sid-test.tyrell'
pkispawn : DEBUG ........... slot substitution: '[PKI_AGENT_CLIENTAUTH]'
==> 'want'
pkispawn : DEBUG ........... slot substitution: '[TOMCAT_SSL_OPTIONS]'
==> 'ssl2=false,ssl3=false,tl$
@@ -1392,14 +1402,10 @@
pkispawn : DEBUG ........... slot substitution: '[PKI_INSTANCE_PATH]'
==> '/var/lib/pki/pki-tomcat'
pkispawn : DEBUG ........... slot substitution: '[PKI_AJP_PORT]' ==>
'8009'
pkispawn : DEBUG ........... slot substitution:
'[PKI_OPEN_AJP_PORT_COMMENT]' ==> '<!--'
-pkispawn : DEBUG ........... slot substitution: '[PKI_AJP_REDIRECT_PORT]'
==> '8443'
pkispawn : DEBUG ........... slot substitution: '[PKI_AJP_PORT]' ==>
'8009'
+pkispawn : DEBUG ........... slot substitution: '[PKI_AJP_REDIRECT_PORT]'
==> '8443'
pkispawn : DEBUG ........... slot substitution:
'[PKI_CLOSE_AJP_PORT_COMMENT]' ==> '-->'
pkispawn : DEBUG ........... slot substitution: '[PKI_INSTANCE_PATH]'
==> '/var/lib/pki/pki-tomcat'
-pkispawn : DEBUG ........... slot substitution: '[PKI_INSTANCE_PATH]'
==> '/var/lib/pki/pki-tomcat'
-pkispawn : DEBUG ........... slot substitution: '[PKI_INSTANCE_PATH]'
==> '/var/lib/pki/pki-tomcat'
-pkispawn : DEBUG ........... slot substitution: '[PKI_INSTANCE_PATH]'
==> '/var/lib/pki/pki-tomcat'
-pkispawn : DEBUG ........... slot substitution: '[PKI_INSTANCE_PATH]'
==> '/var/lib/pki/pki-tomcat'
pkispawn : DEBUG ........... slot substitution:
'[PKI_OPEN_TOMCAT_ACCESS_LOG_COMMENT]' ==> ''
pkispawn : DEBUG ........... slot substitution:
'[PKI_CLOSE_TOMCAT_ACCESS_LOG_COMMENT]' ==> ''
pkispawn : DEBUG ........... chmod 660 /etc/pki/pki-tomcat/server.xml
@@ -1417,7 +1423,6 @@
pkispawn : DEBUG ........... slot substitution: '[TOMCAT_PIDFILE]' ==>
'/var/run/pki/tomcat/pki-tomc$
pkispawn : DEBUG ........... slot substitution: '[TOMCAT_LOG_DIR]' ==>
'/var/log/pki/pki-tomcat'
pkispawn : DEBUG ........... slot substitution: '[APPLICATION_VERSION]'
==> '10.2.6'
-pkispawn : DEBUG ........... slot substitution: '[PKI_USER]' ==>
'pkiuser'
pkispawn : DEBUG ........... slot substitution: '[PKI_SECURITY_MANAGER]'
==> 'false'
pkispawn : DEBUG ........... chmod 660 /etc/default/pki-tomcat
pkispawn : DEBUG ........... chown 0:0 /etc/default/pki-tomcat
@@ -1431,7 +1436,6 @@
pkispawn : DEBUG ........... slot substitution: '[TOMCAT_PIDFILE]' ==>
'/var/run/pki/tomcat/pki-tomc$
pkispawn : DEBUG ........... slot substitution: '[TOMCAT_LOG_DIR]' ==>
'/var/log/pki/pki-tomcat'
pkispawn : DEBUG ........... slot substitution: '[APPLICATION_VERSION]'
==> '10.2.6'
-pkispawn : DEBUG ........... slot substitution: '[PKI_USER]' ==>
'pkiuser'
pkispawn : DEBUG ........... slot substitution: '[PKI_SECURITY_MANAGER]'
==> 'false'
pkispawn : DEBUG ........... chmod 660 /etc/pki/pki-tomcat/tomcat.conf
pkispawn : DEBUG ........... chown 110:116 /etc/pki/pki-tomcat/tomcat.conf
@@ -1474,7 +1478,7 @@
pkispawn : INFO ....... generating noise file called
'/etc/pki/pki-tomcat/ca/noise' and filling it $
pkispawn : DEBUG ........... chmod 660 /etc/pki/pki-tomcat/ca/noise
pkispawn : DEBUG ........... chown 110:116 /etc/pki/pki-tomcat/ca/noise
-pkispawn : INFO ....... executing 'certutil -S -d /etc/pki/pki-tomcat/alias -h
internal -n Server-C$
+pkispawn : INFO ....... executing 'certutil -S -d /etc/pki/pki-tomcat/alias -h
internal -n Server-C$
pkispawn : INFO ....... rm -f /etc/pki/pki-tomcat/ca/noise
pkispawn : INFO ....... rm -f /etc/pki/pki-tomcat/pfile
pkispawn : INFO ....... ln -s /lib/systemd/system/pki-tomcatd@.service
/etc/systemd/system/pki-tomc$
@@ -1496,590 +1500,113 @@
pkispawn : DEBUG ........... chown 0:0 /root/.dogtag/pki-tomcat/ca/alias
pkispawn : INFO ....... executing 'certutil -N -d
/root/.dogtag/pki-tomcat/ca/alias -f /root/.dogta$
pkispawn : INFO ....... executing '/etc/init.d/pki-tomcatd start
pki-tomcat'
-pkispawn : DEBUG ........... <?xml version="1.0"
encoding="UTF-8"?><XMLResponse><State>0</State><Typ$
-pkispawn : INFO ....... constructing PKI configuration data.
...
..
.
but I don't know if that diff is of any use, and tracing pkispawn hasn't been
useful yet.. so ideas welcome.
--
t