Just for information, i uploaded a new version of the packetfence-pki
for centos7 who fix all the install issues.
Regards
Fabrice
Le 2017-12-12 à 23:58, E.P. a écrit :
>
> Well, I’m taking my hat off in front of you, no kidding and pun
> intended ;)
>
> Do you need traceback from the error page ?
>
>
>
> *From:*Durand fabrice [mailto:fdur...@inverse.ca]
> *Sent:* Tuesday, December 12, 2017 7:02 PM
> *To:* E.P.
> *Cc:* packetfence-users@lists.sourceforge.net
> *Subject:* Re: [PacketFence-users] PKI installation
>
>
>
> ah ah don't worry , i like to have challenge like that to be able to
> fix the issue for better user experience.
>
> I coded the pki so i want to make it work.
>
>
>
>
>
> Le 2017-12-12 à 21:48, E.P. a écrit :
>
> Sure, take your time, Fabrice. I have a special knack of running
> into troubles in cases when others didn’t have any :)
>
>
> Eugene
>
> Sent from iPhone
>
>
> On Dec 12, 2017, at 18:18, Durand fabrice <fdur...@inverse.ca
> <mailto:fdur...@inverse.ca>> wrote:
>
> Ok let me try to install the pki on the zen and i will be back
> to you.
>
> i have installed the pki on 10 servers not a long time ago
> without any issue.
>
>
>
>
>
> Le 2017-12-12 à 20:52, E.P. a écrit :
>
> Yes, db.sqlite3 was owned by root
>
>
>
> [root@PacketFence-ZEN packetfence-pki]# ls -al
>
> total 56
>
> drwxr-xr-x 7 pf pf 128 Dec 12 08:49 .
>
> drwxr-xr-x. 15 root root 182 Dec 12 01:33 ..
>
> drwxrws--- 2 pf pf 6 Nov 15 14:20 ca
>
> drwxr-xr-x 2 pf pf 125 Dec 12 01:33 conf
>
> */-rw-r--r-- 1 root root 43008 Dec 12 08:44 db.sqlite3/*
>
> drwxr-xr-x 2 pf pf 204 Dec 12 02:49 inverse
>
> drwxrws--- 2 pf pf 90 Dec 12 01:35 logs
>
> -rwxr--r-- 1 pf pf 250 Nov 15 14:20 manage.py
>
> -rw-r--r-- 1 root root 6 Dec 12 08:49
> packetfence-pki.pid
>
> drwxr-xr-x 5 pf pf 4096 Dec 12 02:49 pki
>
>
>
> Changed the file ownership to pf:pf
>
>
>
> [root@PacketFence-ZEN packetfence-pki]# ls -al
>
> total 100
>
> drwxr-xr-x 7 pf pf 147 Dec 13 01:45 .
>
> drwxr-xr-x. 15 root root 182 Dec 12 01:33 ..
>
> drwxrws--- 2 pf pf 6 Nov 15 14:20 ca
>
> drwxr-xr-x 2 pf pf 125 Dec 12 01:33 conf
>
> */-rw-r--r-- 1 pf pf 43008 Dec 13 01:45 db.sqlite3/*
>
> /drwxr-xr-x 2 pf pf 204 Dec 12 02:49 inverse/
>
> /drwxrws--- 2 pf pf 90 Dec 12 01:35 logs/
>
> /-rwxr--r-- 1 pf pf 250 Nov 15 14:20 manage.py/
>
> /-rw-r--r-- 1 root root 5 Dec 13 01:43
> packetfence-pki.pid/
>
> /drwxr-xr-x 5 pf pf 4096 Dec 12 02:49 pki/
>
>
>
> But trying to login to the PKI webpage brings me back to
> the same original error “no such table: pki_ca” which I
> showed earlier. I tried to follow your previous advise
> about renaming the db.sqlite3 file and running migration
> but the behavior is consistent. Is it OK that the PKI
> process ID file is also owned by root ?
>
>
>
> *From:*Fabrice Durand [mailto:fdur...@inverse.ca]
> *Sent:* Tuesday, December 12, 2017 5:35 AM
> *To:* E.P.; packetfence-users@lists.sourceforge.net
> <mailto:packetfence-users@lists.sourceforge.net>
> *Subject:* Re: [PacketFence-users] PKI installation
>
>
>
> Just change the owner of the sqlite file to pf and it
> should be ok.
>
> Btw all these steps are made in the packaging, so it
> probably failled or never finish correctly.
>
> I will do a test on my side.
>
> Regards
>
> Fabrice
>
>
>
>
>
> Le 2017-12-12 à 03:47, E.P. a écrit :
>
> Well, we are getting closer ;)
>
> Ran the python script to migrate the database it completed
>
>
>
> [root@PacketFence-ZEN packetfence-pki]# python
> manage.py migrate
>
> Operations to perform:
>
> Synchronize unmigrated apps: staticfiles,
> rest_framework, messages, bootstrap3
>
> Apply all migrations: authtoken, sessions, admin,
> auth, contenttypes, pki
>
> Synchronizing apps without migrations:
>
> Creating tables...
>
> Running deferred SQL...
>
> Installing custom SQL...
>
> Running migrations:
>
> Rendering model states... DONE
>
> Applying contenttypes.0001_initial... OK
>
> Applying auth.0001_initial... OK
>
> Applying admin.0001_initial... OK
>
> Applying
> contenttypes.0002_remove_content_type_name... OK
>
> Applying
> auth.0002_alter_permission_name_max_length... OK
>
> Applying auth.0003_alter_user_email_max_length... OK
>
> Applying auth.0004_alter_user_username_opts... OK
>
> Applying auth.0005_alter_user_last_login_null... OK
>
> Applying auth.0006_require_contenttypes_0002... OK
>
> Applying authtoken.0001_initial... OK
>
> Applying pki.0001_initial... OK
>
> Applying sessions.0001_initial... OK
>
>
>
> But the attempt to login to PKI failed again, now with
> a different error message:
>
>
>
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
>
> OperationalError at /
>
> attempt to write a readonly database
>
> *Request Method:*
>
>
>
> POST
>
> *Request URL:*
>
>
>
> https://192.168.2.25:9393/
>
> *Django Version:*
>
>
>
> 1.8.1
>
> *Exception Type:*
>
>
>
> OperationalError
>
> *Exception Value:*
>
>
>
> attempt to write a readonly database
>
> *Exception Location:*
>
>
>
>
> /usr/lib/python2.7/site-packages/django/db/backends/sqlite3/base.py
> in execute, line 318
>
> *Python Executable:*
>
>
>
> /bin/python
>
> *Python Version:*
>
>
>
> 2.7.5
>
> *Python Path:*
>
>
>
> ['/usr/lib64/python27.zip',
>
> '/usr/lib64/python2.7',
>
> '/usr/lib64/python2.7/plat-linux2',
>
> '/usr/lib64/python2.7/lib-tk',
>
> '/usr/lib64/python2.7/lib-old',
>
> '/usr/lib64/python2.7/lib-dynload',
>
> '/usr/lib64/python2.7/site-packages',
>
> '/usr/lib/python2.7/site-packages',
>
> '/usr/local/packetfence-pki',
>
> '/usr/local/packetfence-pki/inverse']
>
> *Server time:*
>
>
>
> Tue, 12 Dec 2017 08:45:28 +0000
>
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
>
>
> *From:*Durand fabrice [mailto:fdur...@inverse.ca]
> *Sent:* Monday, December 11, 2017 7:20 PM
> *To:* E.P.; packetfence-users@lists.sourceforge.net
> <mailto:packetfence-users@lists.sourceforge.net>
> *Subject:* Re: [PacketFence-users] PKI installation
>
>
>
> Looks that the db hasn't been initialized , can you do
> that in /usr/local/packetfence-pki
>
> rm db3.sqlite
>
> python manage.py migrate
>
> Regards
>
> Fabrice
>
>
>
>
>
> Le 2017-12-11 à 21:55, E.P. a écrit :
>
> I was a bit premature with my report that it worked ;)
>
> After logging into the PKI page I ended up with
> this error:
>
>
>
> OperationalError at /
>
> no such table: pki_ca
>
> *Request Method:*
>
>
>
> POST
>
> *Request URL:*
>
>
>
> https://192.168.2.25:9393/
>
> *Django Version:*
>
>
>
> 1.8.1
>
> *Exception Type:*
>
>
>
> OperationalError
>
> *Exception Value:*
>
>
>
> no such table: pki_ca
>
> *Exception Location:*
>
>
>
>
> /usr/lib/python2.7/site-packages/django/db/backends/sqlite3/base.py
> in execute, line 318
>
> *Python Executable:*
>
>
>
> /bin/python
>
> *Python Version:*
>
>
>
> 2.7.5
>
> *Python Path:*
>
>
>
> ['/usr/lib64/python27.zip',
>
> '/usr/lib64/python2.7',
>
> '/usr/lib64/python2.7/plat-linux2',
>
> '/usr/lib64/python2.7/lib-tk',
>
> '/usr/lib64/python2.7/lib-old',
>
> '/usr/lib64/python2.7/lib-dynload',
>
> '/usr/lib64/python2.7/site-packages',
>
> '/usr/lib/python2.7/site-packages',
>
> '/usr/local/packetfence-pki',
>
> '/usr/local/packetfence-pki/inverse']
>
> *Server time:*
>
>
>
> Tue, 12 Dec 2017 02:53:21 +0000
>
>
>
>
>
> And there’s a whole lot of traceback that I can
> show but it will make this post unreadable
>
>
>
>
>
> *From:*E.P. [mailto:ype...@gmail.com]
> *Sent:* Monday, December 11, 2017 6:52 PM
> *To:* 'Durand fabrice';
> 'packetfence-users@lists.sourceforge.net
> <mailto:packetfence-users@lists.sourceforge.net>'
> *Subject:* RE: [PacketFence-users] PKI installation
>
>
>
> Hm…
>
> I was stubbornly persisting on this service
> showing in the output of netstat.
>
> But now I can have the webpage for PKI come up.
> Strange…
>
> But it looks like it is now working.
>
> I REALLY appreciate your assistance, Fabrice, and
> the whole effort you do to create and maintain
> this product.
>
> I anticipate a pleasure after having it deployed
> and tuned to our requirements
>
>
>
> Eugene
>
>
>
> *From:*E.P. [mailto:ype...@gmail.com]
> *Sent:* Monday, December 11, 2017 6:44 PM
> *To:* 'Durand fabrice';
> packetfence-users@lists.sourceforge.net
> <mailto:packetfence-users@lists.sourceforge.net>
> *Subject:* RE: [PacketFence-users] PKI installation
>
>
>
> Yes, Fabrice, I made sure I uncommented iptables
> rules for this service.
>
> Here’s the extract from iptables.conf file:
>
>
>
> # PacketFence-PKI
>
> *-A input-management-if --protocol tcp --match tcp
> --dport 9393 --jump ACCEPT*
>
> -A input-management-if --protocol tcp --match tcp
> --dport 9292 --jump ACCEPT
>
>
>
> Here’s the extract from the output of “iptables –L”
>
>
>
>
>
> Chain input-management-if (1 references)
>
> target prot opt source
> destination
>
> ACCEPT tcp -- anywhere
> anywhere state NEW tcp dpt:ssh
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:http
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:https
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:ies-lm
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:websm
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:arcp
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:sun-as-jpda
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:marcam-lm
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:armtechdaemon
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:cslistener
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:mailbox
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:afs3-prserver
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:radius
>
> ACCEPT udp -- anywhere
> anywhere udp dpt:radius
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:radius-acct
>
> ACCEPT udp -- anywhere
> anywhere udp dpt:radius-acct
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:mmpft
>
> ACCEPT udp -- anywhere
> anywhere udp dpt:mmpft
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:radsec
>
> ACCEPT udp -- anywhere
> anywhere udp dpt:snmptrap
>
> ACCEPT udp -- anywhere
> anywhere udp dpt:bootps
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:bootps
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:9392
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:8834
>
> *ACCEPT tcp -- anywhere
> anywhere tcp dpt:9393*
>
>
>
> And nothing to listen on port 9393
>
>
>
> [root@PacketFence-ZEN conf]# netstat -antlp | grep
> 9393
>
> Press any key to continue...
>
>
>
>
>
>
> --
>
> Fabrice Durand
>
> fdur...@inverse.ca <mailto:fdur...@inverse.ca> ::
> +1.514.447.4918 (x135) :: www.inverse.ca <http://www.inverse.ca>
>
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
> PacketFence (http://packetfence.org)
>
>
>
>
>
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
