Ask Your Question

Starting Dogtag v10

asked 2013-05-02 12:03:34 -0500

jpbkslave42 gravatar image

Hey there,

Got a fedora 18 kvm with 389-ds setup and working perfectly, having trouble getting Dogtag v10 to cooperate though. The installation went well and all was great until i restarted the machine, after which i can no longer access any of the Dogtag web interfaces (CA, etc). After much googling i found that v10 has a lot of changes, and it seems that it can't be controlled with systemctl / pki-ca; i'm emarrased to say that i can't figure out how to simply start up Dogtag! Tomcat is running, not sure what the issue is.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2016-10-12 08:50:13 -0500

Hi there!, I've achieved a "partial" functing DogTag CA, unfortunately it didn't ever release a valid certificate because of a tricky error and for reasons not in my will I shut it down. Recently I bringing back this topic that I love, can we share common postive thing and discuss negative ones ? jpbkslave42 let me kindly know.

edit flag offensive delete link more

answered 2013-05-06 11:10:20 -0500

jpbkslave42 gravatar image

Turned to the #Dogtag-PKI IRC chanel and got it resolved! posting here for anyone else having this issue(s) (turned out the problem was 2 fold)

First off - starting the instance manually:

# systemctl restart pki-tomcatd@<instance_name>.service

If you used default settings, your instance name would be pki-tomcat, and the command would be:

# systemctl restart pki-tomcatd@pki-tomcat.service

It seems that pkispawn doesn't set the instance to restart at boot time. To acheive this:

# systemctl enable pki-tomcatd@<instance_name>.service

There is now a trac ticket open to have this (how to start / stop manually, and start at boot) added to the man page: (I was going to provide a link to trac, but apparently my karma is "insufficient")

The other issue is that there is a bug in SELinux policy that mislabels /root/.java as systemu:objectr:adminhomet:s0 - it should be mozillahomet. This will prevent the instance from starting. There is an issue open for this now as well, and the SELinux team is working on a fix that should release today-ish. (same deal here - can't post the link unfortunately... darn karma)

As a temporary fix you can just re-label it real quick (which doesn't survive a reboot mind you!)

# chcon -R -t mozilla_home_t /root/.java

Special thanks to alee in #dogtag-pki for walking me through all this!

edit flag offensive delete link more

Question Tools

1 follower


Asked: 2013-05-02 12:03:34 -0500

Seen: 524 times

Last updated: May 06 '13