info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#841086: pki-ca context doesn't start in tomcat
22 views
Skip to first unread message
Michal Kaspar
Oct 17, 2016, 11:20:04 AM10/17/16
to
Package: pki-ca
Version: 10.3.5-4
Severity: important
Dear Maintainer,
While upgradeing to Freeipa 4.3.2 I've encountered problem with pki-ca.
IPA tries to use CA during the upgrade, but the new version of pki-ca
doesn't start and the upgrade fails.
According to catalina.out, the error is some missing class/incorrect jar
version because the pki-tomcatd itself starts, but the /ca context fails
with error:
Oct 17, 2016 4:23:06 PM org.apache.catalina.core.ContainerBase addChildInternal
SEVERE: ContainerBase.addChild: start:
org.apache.catalina.LifecycleException: Failed to initialize component [StandardEngine[Catalina].StandardHost[localhost
].StandardContext[/ca]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:108)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:135)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:587)
at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1798)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NoClassDefFoundError: javax/ws/rs/ServiceUnavailableException
at java.lang.Class.getDeclaredConstructors0(Native Method)
at java.lang.Class.privateGetDeclaredConstructors(Class.java:2671)
at java.lang.Class.getConstructor0(Class.java:3075)
at java.lang.Class.newInstance(Class.java:412)
at org.apache.tomcat.util.digester.ObjectCreateRule.begin(ObjectCreateRule.java:117)
at org.apache.tomcat.util.digester.Digester.startElement(Digester.java:1193)
at org.apache.xerces.parsers.AbstractSAXParser.startElement(Unknown Source)
at org.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1466)
at org.apache.catalina.startup.ContextConfig.processContextConfig(ContextConfig.java:543)
at org.apache.catalina.startup.ContextConfig.contextConfig(ContextConfig.java:502)
at org.apache.catalina.startup.ContextConfig.init(ContextConfig.java:743)
at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:318)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:95)
at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:388)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:103)
... 11 more
Caused by: java.lang.ClassNotFoundException: javax.ws.rs.ServiceUnavailableException
at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
... 36 more
Oct 17, 2016 4:23:06 PM org.apache.catalina.startup.HostConfig deployDescriptor
SEVERE: Error deploying configuration descriptor /etc/pki/pki-tomcat/Catalina/localhost/ca.xml
java.lang.IllegalStateException: ContainerBase.addChild: start: org.apache.catalina.LifecycleException: Failed to initialize component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/ca]]
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:729)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:587)
at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1798)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
I've tried with tomcat7 and tomcat8 installed but the result is the same for both.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (650, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages pki-ca depends on:
ii pki-server 10.3.5-4
pki-ca recommends no packages.
Versions of packages pki-ca suggests:
ii 389-ds-base 1.3.5.13-1
-- no debconf information
Version: 10.3.5-4
Severity: important
Dear Maintainer,
While upgradeing to Freeipa 4.3.2 I've encountered problem with pki-ca.
IPA tries to use CA during the upgrade, but the new version of pki-ca
doesn't start and the upgrade fails.
According to catalina.out, the error is some missing class/incorrect jar
version because the pki-tomcatd itself starts, but the /ca context fails
with error:
Oct 17, 2016 4:23:06 PM org.apache.catalina.core.ContainerBase addChildInternal
SEVERE: ContainerBase.addChild: start:
org.apache.catalina.LifecycleException: Failed to initialize component [StandardEngine[Catalina].StandardHost[localhost
].StandardContext[/ca]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:108)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:135)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:587)
at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1798)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NoClassDefFoundError: javax/ws/rs/ServiceUnavailableException
at java.lang.Class.getDeclaredConstructors0(Native Method)
at java.lang.Class.privateGetDeclaredConstructors(Class.java:2671)
at java.lang.Class.getConstructor0(Class.java:3075)
at java.lang.Class.newInstance(Class.java:412)
at org.apache.tomcat.util.digester.ObjectCreateRule.begin(ObjectCreateRule.java:117)
at org.apache.tomcat.util.digester.Digester.startElement(Digester.java:1193)
at org.apache.xerces.parsers.AbstractSAXParser.startElement(Unknown Source)
at org.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1466)
at org.apache.catalina.startup.ContextConfig.processContextConfig(ContextConfig.java:543)
at org.apache.catalina.startup.ContextConfig.contextConfig(ContextConfig.java:502)
at org.apache.catalina.startup.ContextConfig.init(ContextConfig.java:743)
at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:318)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:95)
at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:388)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:103)
... 11 more
Caused by: java.lang.ClassNotFoundException: javax.ws.rs.ServiceUnavailableException
at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
... 36 more
Oct 17, 2016 4:23:06 PM org.apache.catalina.startup.HostConfig deployDescriptor
SEVERE: Error deploying configuration descriptor /etc/pki/pki-tomcat/Catalina/localhost/ca.xml
java.lang.IllegalStateException: ContainerBase.addChild: start: org.apache.catalina.LifecycleException: Failed to initialize component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/ca]]
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:729)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:587)
at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1798)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
I've tried with tomcat7 and tomcat8 installed but the result is the same for both.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (650, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages pki-ca depends on:
ii pki-server 10.3.5-4
pki-ca recommends no packages.
Versions of packages pki-ca suggests:
ii 389-ds-base 1.3.5.13-1
-- no debconf information
Michal Kašpar
Oct 21, 2016, 3:30:02 PM10/21/16
to
OK. It seems the problem might be related with problem described here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841086
The proposed workaround is to run manually "pki-server-upgrade -v".
I've tried it and it failed on SELinux processing (I don't use SELinux
at all). After commenting out the SELinux part of upgrade, the upgrade
finished and the ca contexts starts but fails with the same error
returned via HTTP. From the /var/log/pki/pki-tomcat/ca/debug I've found
it's missing /var/log/pki/pki-tomcat/ca/signedAudit directory and after
created, the debug log shows problem connecting ldap server on port 636
caused by Bug#841477.
--
Michal Kašpar
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841086
The proposed workaround is to run manually "pki-server-upgrade -v".
I've tried it and it failed on SELinux processing (I don't use SELinux
at all). After commenting out the SELinux part of upgrade, the upgrade
finished and the ca contexts starts but fails with the same error
returned via HTTP. From the /var/log/pki/pki-tomcat/ca/debug I've found
it's missing /var/log/pki/pki-tomcat/ca/signedAudit directory and after
created, the debug log shows problem connecting ldap server on port 636
caused by Bug#841477.
--
Michal Kašpar
Timo Aaltonen
Oct 21, 2016, 5:20:03 PM10/21/16
to
On 21.10.2016 22:21, Michal Kašpar wrote:
> OK. It seems the problem might be related with problem described here:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841086
did you mean 841477 here?
> OK. It seems the problem might be related with problem described here:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841086
> The proposed workaround is to run manually "pki-server-upgrade -v".
> I've tried it and it failed on SELinux processing (I don't use SELinux
> at all). After commenting out the SELinux part of upgrade, the upgrade
> finished and the ca contexts starts but fails with the same error
> returned via HTTP. From the /var/log/pki/pki-tomcat/ca/debug I've found
> it's missing /var/log/pki/pki-tomcat/ca/signedAudit directory and after
> created, the debug log shows problem connecting ldap server on port 636
> caused by Bug#841477.
Would be nice to know what part of the selinux upgrade breaks
--
t
Michal Kašpar
Oct 21, 2016, 5:40:02 PM10/21/16
to
On Sat, 2016-10-22 at 00:12 +0300, Timo Aaltonen wrote:
> On 21.10.2016 22:21, Michal Kašpar wrote:
> > OK. It seems the problem might be related with problem described
> > here:
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841086
>
> did you mean 841477 here?
Wrong paste. Should be
> On 21.10.2016 22:21, Michal Kašpar wrote:
> > OK. It seems the problem might be related with problem described
> > here:
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841086
>
> did you mean 841477 here?
https://www.redhat.com/archives/freeipa-users/2016-September/msg00090.html
Timo Aaltonen
Oct 26, 2016, 5:10:02 PM10/26/16
to
--
t
0 new messages