Description of problem:
I am trying to setup CA clone with replication ports(master and clone) on non ssl port. But this fails as Clone CA seems to try the SSL port of master.
Setup:
I have 2 hosts.
pki3.example.org [Master CA]->connected to it's LDAP instance over ssl port
pki2.example.org [Clone CA] -> Connected to it's LDAP instance over non-ssl port I am trying to configure Clone CA (pki2.example.org) to configure replication over non-ssl ports
Below the clone's pkispawn configuration file being used:
[DEFAULT] pki_instance_name = FoobarCloneCA pki_https_port = 8443 pki_http_port = 8080 pki_token_password = Secret123 pki_admin_password = Secret123 pki_client_pkcs12_password = Secret123 pki_hostname = pki2.example.org pki_security_domain_hostname = pki3.example.org pki_security_domain_user = caadmin pki_security_domain_password = Secret123 pki_security_domain_https_port = 8443 [Tomcat] pki_ajp_port = 8009 pki_tomcat_server_port = 8005 pki_clone = True pki_clone_pkcs12_path = /opt/rhqa_pki/ca_backup_keys.p12 pki_clone_pkcs12_password = Secret123 pki_clone_replicate_schema = True pki_clone_uri = https://pki3.example.org:8443 pki_clone_replication_master_port = 30389 pki_clone_replication_clone_port = 30389 [CA] pki_ds_hostname = pki2.example.org pki_ds_remove_data = True pki_ds_ldap_port = 30389 pki_ds_base_dn = o=FoobarCA-CA pki_ds_password = Secret123
pkispawn fails below error:
pkispawn : INFO ....... constructing PKI configuration data. pkispawn : INFO ....... configuring PKI configuration data. pkispawn : ERROR ....... Exception from Java Configuration Servlet: 500 Server Error: Internal Server Error pkispawn : ERROR ....... ParseError: not well-formed (invalid token): line 1, column 0: {"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.PKIException","Code":500,"Message":"Error in populating database: java.io.IOException: Failed to set up replication: No connection to master"} pkispawn : DEBUG ....... Error Type: ParseError pkispawn : DEBUG ....... Error Message: not well-formed (invalid token): line 1, column 0 pkispawn : DEBUG ....... File "/usr/sbin/pkispawn", line 597, in main rv = instance.spawn(deployer) File "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py", line 116, in spawn json.dumps(data, cls=pki.encoder.CustomTypeEncoder)) File "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py", line 3872, in configure_pki_data root = ET.fromstring(e.response.text) File "/usr/lib64/python2.7/xml/etree/ElementTree.py", line 1300, in XML parser.feed(text) File "/usr/lib64/python2.7/xml/etree/ElementTree.py", line 1642, in feed self._raiseerror(v) File "/usr/lib64/python2.7/xml/etree/ElementTree.py", line 1506, in _raiseerror
Version-Release number of selected component (if applicable): pki-ca-10.2.6-9.el7pki.noarch
How reproducible:
Steps to Reproduce: 1.Need 2 hosts 2.On host1 configure Directory Server with SSL (Example ports 30389, 30636) 3.Configure CA on host1 connecting to it LDAP over ssl Example config:
[DEFAULT] pki_instance_name = FoobarCA pki_https_port = 8443 pki_http_port = 8080 pki_token_password = Secret123 pki_admin_password = Secret123 pki_hostname = pki3.example.org pki_security_domain_name = Foobar Org pki_security_domain_password = Secret123 pki_client_dir = /opt/FoobarCA pki_client_pkcs12_password = Secret123 pki_backup_keys = True pki_backup_password = Secret123 [Tomcat] pki_ajp_port = 8009 pki_tomcat_server_port = 8005 [CA] pki_import_admin_cert = False pki_ds_hostname = pki3.example.org pki_ds_ldap_port = 30389 pki_ds_password = Secret123 pki_ds_secure_connection_ca_pem_file = /opt/rhqa_pki/cacert.pem pki_ds_secure_connection = True pki_ds_ldaps_port = 30636
Actual results:
3.On host2, configure DS using ports 30389 and 30636
4.On host2 configure Clone CA to use only non-ssl port to connect to it's ldap server and also use non-ssl ports for replication with Master CA.
Expected results: pkispawn fails with below error:
pkispawn : ERROR ....... ParseError: not well-formed (invalid token): line 1, column 0: {"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.PKIException","Code":500,"Message":"Error in populating database: java.io.IOException: Failed to set up replication: No connection to master"}
Additional info:
https://bugzilla.redhat.com/show_bug.cgi?id=1276217
Metadata Update from @cipherboy: - Custom field component adjusted to None - Custom field feature adjusted to None - Custom field origin adjusted to None - Custom field proposedmilestone adjusted to None - Custom field proposedpriority adjusted to None - Custom field reviewer adjusted to None - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1276217 - Custom field type adjusted to None - Custom field version adjusted to None
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/3268
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.