1:12 p.m.
I had noticed those selinux errors in the past, but I don't think they
would have prevented the server from coming up.
We'd need to look at the logs to figure out why that happened. So
please try a pkicreate again, and then look
at /var/log/pki-ca/catalina.out (or whatever files are
under /var/log/pki-ca and /var/log/messages
Thanks,
Ade
On Wed, 2012-03-28 at 13:46 -0400, Mike Mercier wrote:
Hello,
I tried to setup an instance of alpha 10 without success:
[root@localhost log]# more /etc/redhat-release
Fedora release 16 (Verne)
[root@localhost log]# rpm -qa|grep pki
pki-common-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.noarch
dogtag-pki-ca-theme-10.0.0-0.1.a1.20120315T0001z.git4f7ada5.fc16.noarch
pki-selinux-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.noarch
pki-deploy-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.noarch
pki-symkey-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.x86_64
pki-util-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.noarch
pki-setup-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.noarch
dogtag-pki-common-theme-10.0.0-0.1.a1.20120315T0001z.git4f7ada5.fc16.noarch
pki-native-tools-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.x86_64
pki-ca-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.noarch
pki-java-tools-10.0.0-0.10.a1.20120314T2243z.git4f7ada5.fc16.noarch
[root@localhost ~]# pkicreate -pki_instance_root=/var/lib
-pki_instance_name=pki-ca -subsystem_type=ca -agent_secure_port=9443
-ee_secure_port=9444 -ee_secure_client_auth_port=9446
-admin_secure_port=9445 -unsecure_port=9180 -tomcat_server_port=9701
-user=pliuser -group=pkiuser -redirect conf=/etc/pki-ca -redirect
logs=/var/log/pki-ca -verbose
I see the following errors when running the above command:
[debug] Attempting to add hardware security modules to system if
applicable ...
[debug] module name: lunasa lib:
/usr/lunasa/lib/libCryptoki2_64.so DOES NOT EXIST!
[debug] module name: nfast lib:
/opt/nfast/toolkits/pkcs11/libcknfast.so DOES NOT EXIST!
[debug] configuring SELinux ...
[error] Failed setting selinux context pki_ca_port_t for 9180. Port
already defined otherwise.
[error] Failed setting selinux context pki_ca_port_t for 9701. Port
already defined otherwise.
[error] Failed setting selinux context pki_ca_port_t for 9443. Port
already defined otherwise.
[error] Failed setting selinux context pki_ca_port_t for 9444. Port
already defined otherwise.
[error] Failed setting selinux context pki_ca_port_t for 9446. Port
already defined otherwise.
[error] Failed setting selinux context pki_ca_port_t for 9445. Port
already defined otherwise.
[debug] Selinux contexts already set. No need to run semanage.
[debug] Running restorecon commands
[error] FAILED run_command("/bin/systemctl restart
pki-cad(a)pki-ca.service"), exit status=1 output="Job failed. See system
logs and 'systemctl status' for details."
[root@localhost log]# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State
tcp 0 0 localhost.localdomain:ipp *:*
LISTEN
tcp 0 0 localhost.localdomain:smtp *:*
LISTEN
tcp 0 0 *:9830 *:*
LISTEN
tcp 0 0 *:47372 *:*
LISTEN
tcp 0 0 *:sunrpc *:*
LISTEN
tcp 0 0 *:ssh *:*
LISTEN
tcp 0 0 *:ipp *:*
LISTEN
tcp 0 0 *:45602 *:*
LISTEN
tcp 0 0 *:sunrpc *:*
LISTEN
tcp 0 0 *:ssh *:*
LISTEN
udp 0 0 *:64440 *:*
udp 0 0 *:mdns *:*
udp 0 0 *:42572 *:*
udp 0 0 *:bootpc *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:ntp *:*
udp 0 0 *:323 *:*
udp 0 0 *:51643 *:*
udp 0 0 *:ipp *:*
udp 0 0 *:entrust-kmsh *:*
udp 0 0 localhost.localdomain:733 *:*
udp 0 0 *:38474 *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:ntp *:*
udp 0 0 *:323 *:*
udp 0 0 *:23085 *:*
udp 0 0 *:entrust-kmsh *:*
Any ideas?
Note: I have already perfomed a pkiremove.
Thanks,
Mike
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users