[Freeipa-users] Delete host: Unable to communicate with CMS (Not Found)
John Dennis
jdennis at redhat.com
Thu Nov 17 18:56:35 UTC 2011
On 11/17/2011 01:40 PM, Alexander Bokovoy wrote:
> On Thu, 17 Nov 2011, John Dennis wrote:
>>>> My guess is this is due to the fact these jars changed their location. The
>>>> symlinks to the jars are established by pkicreate. We have a bug open to
>>>> enchance pkicreate (or add a new tool) which will adjust the links after an
>>>> upgrade (sorry don't recall the bz number off the top of my head, could did
>>>> it up if necessary).
>>>>
>>>> You can cd to /var/lib/pki-ca
>>>>
>>>> and do an ls -l on
>>>>
>>>> common/lib
>>>>
>>>> and
>>>>
>>>> webapps/ca/WEB-INF/lib/
>>>>
>>>> and inspect the symbolic links to see if any are dangling. If so adjust the
>>>> link to point to it's new location.
>>>
>>> Success!
>>>
>>> Thanks so much.
>>>
>>> /var/lib/pki-ca/common/lib/jss4.jar
>>> /var/lib/pki-ca/webapps/ca/WEB-INF/lib/osutil.jar
>>> /var/lib/pki-ca/webapps/ca/WEB-INF/lib/symkey.jar
>>>
>>> Were all broken, pointing into /usr/lib/. Changing them to link to
>>> /usr/lib64 allowed pki to start properly and I can make changes to the
>>> host entry.
>>>
>>> It sounds like you have a fix for this in progress, or do I need to file a bug?
>>
>> Found the bugzilla, it's
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=728598
>>
>> It's filed against Red Hat Certificate System in RHEL, not dogtag in
>> Fedora. Adam do you want to clone it into Fedora?
> I'll add symlinks update into freeipa F15->F16 upgrade script. At
> worst, if 728598 will be fixed in Fedora as well, that part of the
> code will do nothing.
>
> Tickets 2103 and 2117 in upstream FreeIPA are for tracking that.
Just one thing to be careful of, you want to make sure the link points
to the preferred entry in the filesystem. What do I mean by that? There
are unversioned names in /lib which are links to the versioned entry,
the preferred name is the unversioned link name. There may be similar
redirection occurring for mulit-lib, see below.
Where am I going with this? A few months ago there was a lot of back and
forth discussion over where and how jni jars (those which have arch
specific components) would be named and located to accmodate multi-lib.
I don't recall how the Fedora java-sig folks finally resolved this
issue, mharmsen (Matt) would probably know as he responsible for the
packaging of these components and is the person who moved them, the
aforementioned bz is also assigned to Matt.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list