Installation of subsystems fails when pkispawn has pki_token_name=Internal.
Its a regression, the original issue was fixed in https://pagure.io/dogtagpki/issue/2311
$ cat kra_instance.inf [DEFAULT] pki_instance_name=rootkra pki_https_port=30612 pki_http_port=30902 pki_user=pkiuser pki_group=pkiuser pki_audit_group=pkiaudit pki_token_name=Internal pki_token_password=Secret123 pki_client_pkcs12_password=Secret123 pki_admin_password=Secret123 pki_subsystem_key_type=rsa pki_subsystem_key_size=2048 pki_subsystem_key_algorithm=SHA512withRSA pki_subsystem_signing_algorithm=SHA512withRSA pki_subsystem_token=Internal pki_subsystem_nickname=kra3subsystemcert pki_subsystem_subject_dn=cn=PKI KRA1 SUBSYSTEM CERT,O=redhat pki_audit_signing_key_type=rsa pki_audit_signing_key_size=2048 pki_audit_signing_key_algorithm=SHA512withRSA pki_audit_signing_signing_algorithm=SHA512withRSA pki_audit_signing_token=Internal pki_sslserver_key_type=rsa pki_sslserver_key_size=2048 pki_sslserver_key_algorithm=SHA512withRSA pki_sslserver_signing_algorithm=SHA512withRSA pki_sslserver_token=Internal pki_sslserver_nickname=Server-Cert cert-pki-RootKRA pki_sslserver_subject_dn=cn=server.example.com, O=Redhat pki_client_dir=/opt/rhqa_pki pki_client_admin_cert_p12=/opt/rhqa_pki/kra3admincert.p12 pki_backup_keys=True pki_backup_password=Secret123 pki_client_database_dir=/opt/rhqa_pki/rootca/certs_db pki_client_database_password=Secret123 pki_client_database_purge=True pki_security_domain_hostname=server.example.com pki_security_domain_https_port=30042 pki_security_domain_user=caadmin pki_security_domain_password=Secret123 pki_security_domain_name=server.example.com pki_ds_ldap_port=1601 pki_ds_bind_dn=cn=Directory Manager pki_ds_password=Secret123 pki_ds_secure_connection=False pki_ds_remove_data=True [Tomcat] pki_ajp_port=30597 pki_tomcat_server_port=30769 pki_enable_access_log=True pki_enable_java_debugger=False pki_security_manager=True [KRA] pki_storage_key_type=rsa pki_storage_key_size=2048 pki_storage_key_algorithm=SHA512withRSA pki_storage_signing_algorithm=SHA512withRSA pki_storage_token=Internal pki_storage_nickname=kra3storagecert pki_storage_subject_dn=cn=PKI KRA3 STORAGE CERT,O=redhat pki_transport_key_type=rsa pki_transport_key_size=2048 pki_transport_key_algorithm=SHA512withRSA pki_transport_signing_algorithm=SHA512withRSA pki_transport_token=Internal pki_transport_nickname=kra3transportcert pki_transport_subject_dn=cn=PKI KRA1 TRANSPORT CERT pki_audit_signing_nickname=kra3auditsigningcert pki_audit_signing_subject_dn=CN=PKI KRA3 AUDIT Signing Certificate, O=Redhat pki_admin_name=kra3admin pki_admin_uid=kra3admin pki_admin_email=example@redhat.com pki_admin_dualkey=True pki_admin_key_size=2048 pki_admin_key_type=rsa pki_admin_subject_dn=cn=PKI KRA3 ADMIN CERT,O=redhat pki_admin_nickname=kra3admincert pki_import_admin_cert=False pki_issuing_ca_hostname=server.example.com pki_issuing_ca_https_port=30042 pki_issuing_ca_uri=https://server.example.com:30042 pki_ds_hostname=localhost pki_ds_base_dn =dc=pki-kra3 pki_ds_database=pki-kra3-ldap pki_restart_configured_instance=True pki_skip_configuration=False pki_skip_installation=False $ pkispawn -s KRA -f /root/kra_instance.inf Log file: /var/log/pki/pki-kra-spawn.20180301134259.log Loading deployment configuration from /root/kra_instance.inf. Installing KRA into /var/lib/pki/rootkra. Storing deployment configuration into /etc/sysconfig/pki/tomcat/rootkra/kra/deployment.cfg. Notice: Trust flag u is set automatically if the private key is present. certutil: could not find the slot Internal: SEC_ERROR_NO_TOKEN: The security card or token does not exist, needs to be initialized, or has been removed. pki.nssdb : WARNING certutil returned non-zero exit code (bug #1393668) pkispawn : ERROR ... server failed to restart Installation failed: server failed to restart
Metadata Update from @edewata: - Custom field component adjusted to None - Custom field feature adjusted to None - Custom field origin adjusted to None - Custom field proposedmilestone adjusted to None - Custom field proposedpriority adjusted to None - Custom field reviewer adjusted to None - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1550673 - Custom field type adjusted to None - Custom field version adjusted to None
@edewata do you know how / which commit regressed?
@ftweedal I do not know yet. This ticket is just to replace the Bugzilla ticket.
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/3240
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.