Yes, db.sqlite3 was owned by root
[root@PacketFence-ZEN packetfence-pki]# ls -al
total 56
drwxr-xr-x 7 pf pf 128 Dec 12 08:49 .
drwxr-xr-x. 15 root root 182 Dec 12 01:33 ..
drwxrws--- 2 pf pf 6 Nov 15 14:20 ca
drwxr-xr-x 2 pf pf 125 Dec 12 01:33 conf
*/-rw-r--r-- 1 root root 43008 Dec 12 08:44 db.sqlite3/*
drwxr-xr-x 2 pf pf 204 Dec 12 02:49 inverse
drwxrws--- 2 pf pf 90 Dec 12 01:35 logs
-rwxr--r-- 1 pf pf 250 Nov 15 14:20 manage.py
-rw-r--r-- 1 root root 6 Dec 12 08:49 packetfence-pki.pid
drwxr-xr-x 5 pf pf 4096 Dec 12 02:49 pki
Changed the file ownership to pf:pf
[root@PacketFence-ZEN packetfence-pki]# ls -al
total 100
drwxr-xr-x 7 pf pf 147 Dec 13 01:45 .
drwxr-xr-x. 15 root root 182 Dec 12 01:33 ..
drwxrws--- 2 pf pf 6 Nov 15 14:20 ca
drwxr-xr-x 2 pf pf 125 Dec 12 01:33 conf
*/-rw-r--r-- 1 pf pf 43008 Dec 13 01:45 db.sqlite3/*
/drwxr-xr-x 2 pf pf 204 Dec 12 02:49 inverse/
/drwxrws--- 2 pf pf 90 Dec 12 01:35 logs/
/-rwxr--r-- 1 pf pf 250 Nov 15 14:20 manage.py/
/-rw-r--r-- 1 root root 5 Dec 13 01:43 packetfence-pki.pid/
/drwxr-xr-x 5 pf pf 4096 Dec 12 02:49 pki/
But trying to login to the PKI webpage brings me back to the same
original error “no such table: pki_ca” which I showed earlier. I
tried to follow your previous advise about renaming the db.sqlite3
file and running migration but the behavior is consistent. Is it OK
that the PKI process ID file is also owned by root ?
*From:*Fabrice Durand [mailto:fdur...@inverse.ca]
*Sent:* Tuesday, December 12, 2017 5:35 AM
*To:* E.P.; packetfence-users@lists.sourceforge.net
*Subject:* Re: [PacketFence-users] PKI installation
Just change the owner of the sqlite file to pf and it should be ok.
Btw all these steps are made in the packaging, so it probably
failled or never finish correctly.
I will do a test on my side.
Regards
Fabrice
Le 2017-12-12 à 03:47, E.P. a écrit :
Well, we are getting closer ;)
Ran the python script to migrate the database it completed
[root@PacketFence-ZEN packetfence-pki]# python manage.py migrate
Operations to perform:
Synchronize unmigrated apps: staticfiles, rest_framework,
messages, bootstrap3
Apply all migrations: authtoken, sessions, admin, auth,
contenttypes, pki
Synchronizing apps without migrations:
Creating tables...
Running deferred SQL...
Installing custom SQL...
Running migrations:
Rendering model states... DONE
Applying contenttypes.0001_initial... OK
Applying auth.0001_initial... OK
Applying admin.0001_initial... OK
Applying contenttypes.0002_remove_content_type_name... OK
Applying auth.0002_alter_permission_name_max_length... OK
Applying auth.0003_alter_user_email_max_length... OK
Applying auth.0004_alter_user_username_opts... OK
Applying auth.0005_alter_user_last_login_null... OK
Applying auth.0006_require_contenttypes_0002... OK
Applying authtoken.0001_initial... OK
Applying pki.0001_initial... OK
Applying sessions.0001_initial... OK
But the attempt to login to PKI failed again, now with a
different error message:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
OperationalError at /
attempt to write a readonly database
*Request Method:*
POST
*Request URL:*
https://192.168.2.25:9393/
*Django Version:*
1.8.1
*Exception Type:*
OperationalError
*Exception Value:*
attempt to write a readonly database
*Exception Location:*
/usr/lib/python2.7/site-packages/django/db/backends/sqlite3/base.py
in execute, line 318
*Python Executable:*
/bin/python
*Python Version:*
2.7.5
*Python Path:*
['/usr/lib64/python27.zip',
'/usr/lib64/python2.7',
'/usr/lib64/python2.7/plat-linux2',
'/usr/lib64/python2.7/lib-tk',
'/usr/lib64/python2.7/lib-old',
'/usr/lib64/python2.7/lib-dynload',
'/usr/lib64/python2.7/site-packages',
'/usr/lib/python2.7/site-packages',
'/usr/local/packetfence-pki',
'/usr/local/packetfence-pki/inverse']
*Server time:*
Tue, 12 Dec 2017 08:45:28 +0000
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
*From:*Durand fabrice [mailto:fdur...@inverse.ca]
*Sent:* Monday, December 11, 2017 7:20 PM
*To:* E.P.; packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>
*Subject:* Re: [PacketFence-users] PKI installation
Looks that the db hasn't been initialized , can you do that in
/usr/local/packetfence-pki
rm db3.sqlite
python manage.py migrate
Regards
Fabrice
Le 2017-12-11 à 21:55, E.P. a écrit :
I was a bit premature with my report that it worked ;)
After logging into the PKI page I ended up with this error:
OperationalError at /
no such table: pki_ca
*Request Method:*
POST
*Request URL:*
https://192.168.2.25:9393/
*Django Version:*
1.8.1
*Exception Type:*
OperationalError
*Exception Value:*
no such table: pki_ca
*Exception Location:*
/usr/lib/python2.7/site-packages/django/db/backends/sqlite3/base.py
in execute, line 318
*Python Executable:*
/bin/python
*Python Version:*
2.7.5
*Python Path:*
['/usr/lib64/python27.zip',
'/usr/lib64/python2.7',
'/usr/lib64/python2.7/plat-linux2',
'/usr/lib64/python2.7/lib-tk',
'/usr/lib64/python2.7/lib-old',
'/usr/lib64/python2.7/lib-dynload',
'/usr/lib64/python2.7/site-packages',
'/usr/lib/python2.7/site-packages',
'/usr/local/packetfence-pki',
'/usr/local/packetfence-pki/inverse']
*Server time:*
Tue, 12 Dec 2017 02:53:21 +0000
And there’s a whole lot of traceback that I can show but it
will make this post unreadable
*From:*E.P. [mailto:ype...@gmail.com]
*Sent:* Monday, December 11, 2017 6:52 PM
*To:* 'Durand fabrice';
'packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>'
*Subject:* RE: [PacketFence-users] PKI installation
Hm…
I was stubbornly persisting on this service showing in the
output of netstat.
But now I can have the webpage for PKI come up. Strange…
But it looks like it is now working.
I REALLY appreciate your assistance, Fabrice, and the whole
effort you do to create and maintain this product.
I anticipate a pleasure after having it deployed and tuned
to our requirements
Eugene
*From:*E.P. [mailto:ype...@gmail.com]
*Sent:* Monday, December 11, 2017 6:44 PM
*To:* 'Durand fabrice';
packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>
*Subject:* RE: [PacketFence-users] PKI installation
Yes, Fabrice, I made sure I uncommented iptables rules for
this service.
Here’s the extract from iptables.conf file:
# PacketFence-PKI
*-A input-management-if --protocol tcp --match tcp --dport
9393 --jump ACCEPT*
-A input-management-if --protocol tcp --match tcp --dport
9292 --jump ACCEPT
Here’s the extract from the output of “iptables –L”
Chain input-management-if (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:ies-lm
ACCEPT tcp -- anywhere anywhere tcp dpt:websm
ACCEPT tcp -- anywhere anywhere tcp dpt:arcp
ACCEPT tcp -- anywhere anywhere tcp
dpt:sun-as-jpda
ACCEPT tcp -- anywhere anywhere tcp dpt:marcam-lm
ACCEPT tcp -- anywhere anywhere tcp
dpt:armtechdaemon
ACCEPT tcp -- anywhere anywhere tcp
dpt:cslistener
ACCEPT tcp -- anywhere anywhere tcp dpt:mailbox
ACCEPT tcp -- anywhere anywhere tcp
dpt:afs3-prserver
ACCEPT tcp -- anywhere anywhere tcp dpt:radius
ACCEPT udp -- anywhere anywhere udp dpt:radius
ACCEPT tcp -- anywhere anywhere tcp
dpt:radius-acct
ACCEPT udp -- anywhere anywhere udp
dpt:radius-acct
ACCEPT tcp -- anywhere anywhere tcp dpt:mmpft
ACCEPT udp -- anywhere anywhere udp dpt:mmpft
ACCEPT tcp -- anywhere anywhere tcp dpt:radsec
ACCEPT udp -- anywhere anywhere udp
dpt:snmptrap
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:9392
ACCEPT tcp -- anywhere anywhere tcp dpt:8834
*ACCEPT tcp -- anywhere anywhere tcp dpt:9393*
And nothing to listen on port 9393
[root@PacketFence-ZEN conf]# netstat -antlp | grep 9393
Press any key to continue...
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
