#3123 Token name normalization not working
Closed: migrated 3 years ago by dmoluguw. Opened 4 years ago by edewata.

Installation of subsystems fails when pkispawn has pki_token_name=Internal.

Its a regression, the original issue was fixed in https://pagure.io/dogtagpki/issue/2311

$ cat kra_instance.inf 
[DEFAULT]
pki_instance_name=rootkra
pki_https_port=30612
pki_http_port=30902
pki_user=pkiuser
pki_group=pkiuser
pki_audit_group=pkiaudit
pki_token_name=Internal
pki_token_password=Secret123
pki_client_pkcs12_password=Secret123
pki_admin_password=Secret123
pki_subsystem_key_type=rsa
pki_subsystem_key_size=2048
pki_subsystem_key_algorithm=SHA512withRSA
pki_subsystem_signing_algorithm=SHA512withRSA
pki_subsystem_token=Internal
pki_subsystem_nickname=kra3subsystemcert
pki_subsystem_subject_dn=cn=PKI KRA1 SUBSYSTEM CERT,O=redhat
pki_audit_signing_key_type=rsa
pki_audit_signing_key_size=2048
pki_audit_signing_key_algorithm=SHA512withRSA
pki_audit_signing_signing_algorithm=SHA512withRSA
pki_audit_signing_token=Internal
pki_sslserver_key_type=rsa
pki_sslserver_key_size=2048
pki_sslserver_key_algorithm=SHA512withRSA
pki_sslserver_signing_algorithm=SHA512withRSA
pki_sslserver_token=Internal
pki_sslserver_nickname=Server-Cert cert-pki-RootKRA
pki_sslserver_subject_dn=cn=server.example.com, O=Redhat
pki_client_dir=/opt/rhqa_pki
pki_client_admin_cert_p12=/opt/rhqa_pki/kra3admincert.p12
pki_backup_keys=True
pki_backup_password=Secret123
pki_client_database_dir=/opt/rhqa_pki/rootca/certs_db
pki_client_database_password=Secret123
pki_client_database_purge=True
pki_security_domain_hostname=server.example.com
pki_security_domain_https_port=30042
pki_security_domain_user=caadmin
pki_security_domain_password=Secret123
pki_security_domain_name=server.example.com
pki_ds_ldap_port=1601
pki_ds_bind_dn=cn=Directory Manager
pki_ds_password=Secret123
pki_ds_secure_connection=False
pki_ds_remove_data=True
[Tomcat]
pki_ajp_port=30597
pki_tomcat_server_port=30769
pki_enable_access_log=True
pki_enable_java_debugger=False
pki_security_manager=True
[KRA]
pki_storage_key_type=rsa
pki_storage_key_size=2048
pki_storage_key_algorithm=SHA512withRSA
pki_storage_signing_algorithm=SHA512withRSA
pki_storage_token=Internal
pki_storage_nickname=kra3storagecert
pki_storage_subject_dn=cn=PKI KRA3 STORAGE CERT,O=redhat
pki_transport_key_type=rsa
pki_transport_key_size=2048
pki_transport_key_algorithm=SHA512withRSA
pki_transport_signing_algorithm=SHA512withRSA
pki_transport_token=Internal
pki_transport_nickname=kra3transportcert
pki_transport_subject_dn=cn=PKI KRA1 TRANSPORT CERT
pki_audit_signing_nickname=kra3auditsigningcert
pki_audit_signing_subject_dn=CN=PKI KRA3 AUDIT Signing Certificate, O=Redhat
pki_admin_name=kra3admin
pki_admin_uid=kra3admin
pki_admin_email=example@redhat.com
pki_admin_dualkey=True
pki_admin_key_size=2048
pki_admin_key_type=rsa
pki_admin_subject_dn=cn=PKI KRA3 ADMIN CERT,O=redhat
pki_admin_nickname=kra3admincert
pki_import_admin_cert=False
pki_issuing_ca_hostname=server.example.com
pki_issuing_ca_https_port=30042
pki_issuing_ca_uri=https://server.example.com:30042
pki_ds_hostname=localhost
pki_ds_base_dn =dc=pki-kra3
pki_ds_database=pki-kra3-ldap
pki_restart_configured_instance=True
pki_skip_configuration=False
pki_skip_installation=False

$ pkispawn -s KRA -f /root/kra_instance.inf
Log file: /var/log/pki/pki-kra-spawn.20180301134259.log
Loading deployment configuration from /root/kra_instance.inf.
Installing KRA into /var/lib/pki/rootkra.
Storing deployment configuration into /etc/sysconfig/pki/tomcat/rootkra/kra/deployment.cfg.
Notice: Trust flag u is set automatically if the private key is present.
certutil: could not find the slot Internal: SEC_ERROR_NO_TOKEN: The security card or token does not exist, needs to be initialized, or has been removed.
pki.nssdb   : WARNING  certutil returned non-zero exit code (bug #1393668)
pkispawn    : ERROR    ... server failed to restart

Installation failed: server failed to restart

Metadata Update from @edewata:
- Custom field component adjusted to None
- Custom field feature adjusted to None
- Custom field origin adjusted to None
- Custom field proposedmilestone adjusted to None
- Custom field proposedpriority adjusted to None
- Custom field reviewer adjusted to None
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1550673
- Custom field type adjusted to None
- Custom field version adjusted to None

4 years ago

@edewata do you know how / which commit regressed?

@ftweedal I do not know yet. This ticket is just to replace the Bugzilla ticket.

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/3240

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.

Metadata