Great, will try to do it a bit later
Thanks, Fabrice
From: Fabrice Durand [mailto:fdur...@inverse.ca]
Sent: Wednesday, January 03, 2018 12:26 PM
To: E.P.
Cc: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] PKI installation
Just for information, i uploaded a new version of the packetfence-pki for
centos7 who fix all the install issues.
Regards
Fabrice
Le 2017-12-12 à 23:58, E.P. a écrit :
Well, I’m taking my hat off in front of you, no kidding and pun intended ;)
Do you need traceback from the error page ?
From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: Tuesday, December 12, 2017 7:02 PM
To: E.P.
Cc: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] PKI installation
ah ah don't worry , i like to have challenge like that to be able to fix the
issue for better user experience.
I coded the pki so i want to make it work.
Le 2017-12-12 à 21:48, E.P. a écrit :
Sure, take your time, Fabrice. I have a special knack of running into troubles
in cases when others didn’t have any :)
Eugene
Sent from iPhone
On Dec 12, 2017, at 18:18, Durand fabrice <fdur...@inverse.ca> wrote:
Ok let me try to install the pki on the zen and i will be back to you.
i have installed the pki on 10 servers not a long time ago without any issue.
Le 2017-12-12 à 20:52, E.P. a écrit :
Yes, db.sqlite3 was owned by root
[root@PacketFence-ZEN packetfence-pki]# ls -al
total 56
drwxr-xr-x 7 pf pf 128 Dec 12 08:49 .
drwxr-xr-x. 15 root root 182 Dec 12 01:33 ..
drwxrws--- 2 pf pf 6 Nov 15 14:20 ca
drwxr-xr-x 2 pf pf 125 Dec 12 01:33 conf
-rw-r--r-- 1 root root 43008 Dec 12 08:44 db.sqlite3
drwxr-xr-x 2 pf pf 204 Dec 12 02:49 inverse
drwxrws--- 2 pf pf 90 Dec 12 01:35 logs
-rwxr--r-- 1 pf pf 250 Nov 15 14:20 manage.py
-rw-r--r-- 1 root root 6 Dec 12 08:49 packetfence-pki.pid
drwxr-xr-x 5 pf pf 4096 Dec 12 02:49 pki
Changed the file ownership to pf:pf
[root@PacketFence-ZEN packetfence-pki]# ls -al
total 100
drwxr-xr-x 7 pf pf 147 Dec 13 01:45 .
drwxr-xr-x. 15 root root 182 Dec 12 01:33 ..
drwxrws--- 2 pf pf 6 Nov 15 14:20 ca
drwxr-xr-x 2 pf pf 125 Dec 12 01:33 conf
-rw-r--r-- 1 pf pf 43008 Dec 13 01:45 db.sqlite3
drwxr-xr-x 2 pf pf 204 Dec 12 02:49 inverse
drwxrws--- 2 pf pf 90 Dec 12 01:35 logs
-rwxr--r-- 1 pf pf 250 Nov 15 14:20 manage.py
-rw-r--r-- 1 root root 5 Dec 13 01:43 packetfence-pki.pid
drwxr-xr-x 5 pf pf 4096 Dec 12 02:49 pki
But trying to login to the PKI webpage brings me back to the same original
error “no such table: pki_ca” which I showed earlier. I tried to follow your
previous advise about renaming the db.sqlite3 file and running migration but
the behavior is consistent. Is it OK that the PKI process ID file is also
owned by root ?
From: Fabrice Durand [mailto:fdur...@inverse.ca]
Sent: Tuesday, December 12, 2017 5:35 AM
To: E.P.; packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] PKI installation
Just change the owner of the sqlite file to pf and it should be ok.
Btw all these steps are made in the packaging, so it probably failled or never
finish correctly.
I will do a test on my side.
Regards
Fabrice
Le 2017-12-12 à 03:47, E.P. a écrit :
Well, we are getting closer ;)
Ran the python script to migrate the database it completed
[root@PacketFence-ZEN packetfence-pki]# python manage.py migrate
Operations to perform:
Synchronize unmigrated apps: staticfiles, rest_framework, messages, bootstrap3
Apply all migrations: authtoken, sessions, admin, auth, contenttypes, pki
Synchronizing apps without migrations:
Creating tables...
Running deferred SQL...
Installing custom SQL...
Running migrations:
Rendering model states... DONE
Applying contenttypes.0001_initial... OK
Applying auth.0001_initial... OK
Applying admin.0001_initial... OK
Applying contenttypes.0002_remove_content_type_name... OK
Applying auth.0002_alter_permission_name_max_length... OK
Applying auth.0003_alter_user_email_max_length... OK
Applying auth.0004_alter_user_username_opts... OK
Applying auth.0005_alter_user_last_login_null... OK
Applying auth.0006_require_contenttypes_0002... OK
Applying authtoken.0001_initial... OK
Applying pki.0001_initial... OK
Applying sessions.0001_initial... OK
But the attempt to login to PKI failed again, now with a different error
message:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
OperationalError at /
attempt to write a readonly database
Request Method:
POST
Request URL:
https://192.168.2.25:9393/
Django Version:
1.8.1
Exception Type:
OperationalError
Exception Value:
attempt to write a readonly database
Exception Location:
/usr/lib/python2.7/site-packages/django/db/backends/sqlite3/base.py in execute,
line 318
Python Executable:
/bin/python
Python Version:
2.7.5
Python Path:
['/usr/lib64/python27.zip',
'/usr/lib64/python2.7',
'/usr/lib64/python2.7/plat-linux2',
'/usr/lib64/python2.7/lib-tk',
'/usr/lib64/python2.7/lib-old',
'/usr/lib64/python2.7/lib-dynload',
'/usr/lib64/python2.7/site-packages',
'/usr/lib/python2.7/site-packages',
'/usr/local/packetfence-pki',
'/usr/local/packetfence-pki/inverse']
Server time:
Tue, 12 Dec 2017 08:45:28 +0000
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: Monday, December 11, 2017 7:20 PM
To: E.P.; packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] PKI installation
Looks that the db hasn't been initialized , can you do that in
/usr/local/packetfence-pki
rm db3.sqlite
python manage.py migrate
Regards
Fabrice
Le 2017-12-11 à 21:55, E.P. a écrit :
I was a bit premature with my report that it worked ;)
After logging into the PKI page I ended up with this error:
OperationalError at /
no such table: pki_ca
Request Method:
POST
Request URL:
https://192.168.2.25:9393/
Django Version:
1.8.1
Exception Type:
OperationalError
Exception Value:
no such table: pki_ca
Exception Location:
/usr/lib/python2.7/site-packages/django/db/backends/sqlite3/base.py in execute,
line 318
Python Executable:
/bin/python
Python Version:
2.7.5
Python Path:
['/usr/lib64/python27.zip',
'/usr/lib64/python2.7',
'/usr/lib64/python2.7/plat-linux2',
'/usr/lib64/python2.7/lib-tk',
'/usr/lib64/python2.7/lib-old',
'/usr/lib64/python2.7/lib-dynload',
'/usr/lib64/python2.7/site-packages',
'/usr/lib/python2.7/site-packages',
'/usr/local/packetfence-pki',
'/usr/local/packetfence-pki/inverse']
Server time:
Tue, 12 Dec 2017 02:53:21 +0000
And there’s a whole lot of traceback that I can show but it will make this post
unreadable
From: E.P. [mailto:ype...@gmail.com]
Sent: Monday, December 11, 2017 6:52 PM
To: 'Durand fabrice'; 'packetfence-users@lists.sourceforge.net'
Subject: RE: [PacketFence-users] PKI installation
Hm…
I was stubbornly persisting on this service showing in the output of netstat.
But now I can have the webpage for PKI come up. Strange…
But it looks like it is now working.
I REALLY appreciate your assistance, Fabrice, and the whole effort you do to
create and maintain this product.
I anticipate a pleasure after having it deployed and tuned to our requirements
Eugene
From: E.P. [mailto:ype...@gmail.com]
Sent: Monday, December 11, 2017 6:44 PM
To: 'Durand fabrice'; packetfence-users@lists.sourceforge.net
Subject: RE: [PacketFence-users] PKI installation
Yes, Fabrice, I made sure I uncommented iptables rules for this service.
Here’s the extract from iptables.conf file:
# PacketFence-PKI
-A input-management-if --protocol tcp --match tcp --dport 9393 --jump ACCEPT
-A input-management-if --protocol tcp --match tcp --dport 9292 --jump ACCEPT
Here’s the extract from the output of “iptables –L”
Chain input-management-if (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:ies-lm
ACCEPT tcp -- anywhere anywhere tcp dpt:websm
ACCEPT tcp -- anywhere anywhere tcp dpt:arcp
ACCEPT tcp -- anywhere anywhere tcp
dpt:sun-as-jpda
ACCEPT tcp -- anywhere anywhere tcp dpt:marcam-lm
ACCEPT tcp -- anywhere anywhere tcp
dpt:armtechdaemon
ACCEPT tcp -- anywhere anywhere tcp dpt:cslistener
ACCEPT tcp -- anywhere anywhere tcp dpt:mailbox
ACCEPT tcp -- anywhere anywhere tcp
dpt:afs3-prserver
ACCEPT tcp -- anywhere anywhere tcp dpt:radius
ACCEPT udp -- anywhere anywhere udp dpt:radius
ACCEPT tcp -- anywhere anywhere tcp
dpt:radius-acct
ACCEPT udp -- anywhere anywhere udp
dpt:radius-acct
ACCEPT tcp -- anywhere anywhere tcp dpt:mmpft
ACCEPT udp -- anywhere anywhere udp dpt:mmpft
ACCEPT tcp -- anywhere anywhere tcp dpt:radsec
ACCEPT udp -- anywhere anywhere udp dpt:snmptrap
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:9392
ACCEPT tcp -- anywhere anywhere tcp dpt:8834
ACCEPT tcp -- anywhere anywhere tcp dpt:9393
And nothing to listen on port 9393
[root@PacketFence-ZEN conf]# netstat -antlp | grep 9393
Press any key to continue...
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
