Hi, As far as I see, port 8443 is not occupied and tomcat6 is running: root@host /usr/share/oat-client/script # netstat -anp | grep 8443 root@host /usr/share/oat-client/script # service tomcat6 status tomcat6 (pid 30950) is running... [ OK ] Also, just in case, I've checked if disabling iptables helps, and it doesn't; In the error trace, there is a line: *java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file or directory)* and indeed, there is not file aik.cer at /usr/share/oat-client/aik.cer; when is it supposed to be generated? cheers, /Nicolae On 14 November 2013 04:32, Wei, Gang <gang.wei@intel.com> wrote:
And you need to copy files from server to client before you try to run provisioner.sh every time you run OAT_configure.sh again.
Jimmy
-----Original Message----- From: Wei, Gang Sent: Thursday, November 14, 2013 11:26 AM To: Nicolae Paladi Cc: Doron Fediuck; users@ovirt.org; Wei, Gang Subject: RE: [Users] Trusted Pools and CentOS 6 packages
Can you try netstat -anp | grep 8443? Maybe it is occupied by apache.
Meanwhile check whether tomcat is up.
Jimmy
-----Original Message----- From: Nicolae Paladi [mailto:n.paladi@gmail.com] Sent: Wednesday, November 13, 2013 10:43 PM To: Wei, Gang Cc: Doron Fediuck; users@ovirt.org Subject: Re: [Users] Trusted Pools and CentOS 6 packages
Hi,
I am using port 8443, since no other process -- as far as I know -- is using it;
below you will find all of the requested configuration files:
Contents of /etc/oat_client/*: log4j.properties: http://pastebin.com/MQLM68vs OAT.properties: http://pastebin.com/LwHihxah OATprovisioner.properties: http://pastebin.com/0x5TShtZ TPMModule.properties: http://pastebin.com/hvw9gfRE
server.xml: http://pastebin.com/VZ9Vk6iC OAT_client.sh: http://pastebin.com/St4yCGcF
provisioner.sh: http://pastebin.com/RedqQt8V
cheers, /Nicolae.
On 13 November 2013 14:47, Wei, Gang <gang.wei@intel.com> wrote:
This time it failed earlier. Looks like the PCA webservice2 was not listening on 8443 port. Have you replaced the port 8443 with 8442 in server side ($TOMCAT_HOME/conf/server.xml) but not change it in client side (/usr/share/oat-client/script/OAT_client.sh)? Or the 8443 port is occupied by another app?
Please copy the content from your current server.xml, OAT_client.sh, provisioner.sh and /etc/oat-client/* into the content of your reply for analysis. (don't attach *.sh as attachments, that will get filtered by my company's mailing system).
Thanks Jimmy
> -----Original Message----- > From: Nicolae Paladi [mailto:n.paladi@gmail.com] > Sent: Wednesday, November 13, 2013 7:01 PM > To: Wei, Gang > Cc: Doron Fediuck; users@ovirt.org > Subject: Re: [Users] Trusted Pools and CentOS 6 packages >
> Hi, > > thank you for the feedback; > I've gone through the steps again, but obtained the exactly same problem: > > 1. I removed all of the previously installed packaged related to OAT. > > 2. I followed the tutorial, until this command: > > bash provisioner.sh > > provisioner.sh: line 7: systemctl: command not found > ### ecStorage = NVRAM### > Performing TPM provisioning...FAILED > javax.xml.ws.WebServiceException: Failed to access the WSDL at: >
https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor
> yService?wsdl. It failed with: > Connection refused. > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP
> arser.java:162) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
> ava:144) > at >
com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav
> a:265) > at >
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228)
> at >
com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176)
> at >
com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.jav
a:104 > ) > at javax.xml.ws.Service.<init>(Service.java:77) > at >
gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWe
bSer >
vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryService
Servi > ce.java:42) > at >
gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWe
bSer >
vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli
> entInvoker.java:32) > at >
gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205)
> Caused by: java.net.ConnectException: Connection refused > at java.net.PlainSocketImpl.socketConnect(Native Method) > at >
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.jav
a:339 > ) > at >
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketI
mpl.j > ava:200) > at >
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
> at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) > at java.net.Socket.connect(Socket.java:579) > at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618) > at > sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160) > at
sun.net.NetworkClient.doConnect(NetworkClient.java:180)
> at sun.net.www.http.HttpClient.openServer(HttpClient.java:432) > at sun.net.www.http.HttpClient.openServer(HttpClient.java:527) > at >
sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)
> at > sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371) > at >
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt
> tpClient(AbstractDelegateHttpsURLConnection.java:191) > at >
sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec
> tion.java:932) > at >
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A
> bstractDelegateHttpsURLConnection.java:177) > at >
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn
> ection.java:1300) > at >
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU
> RLConnectionImpl.java:254) > at java.net.URL.openStream(URL.java:1037) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD
> LParser.java:804) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL
> Parser.java:262) > at >
com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
> ava:129) > ... 8 more > Failed to initialize the TPM, error 1 > Performing HIS identity provisioning...FAILED > gov.niarl.his.privacyca.TpmModule$TpmModuleException: > TpmModule.getCredential returned nonzero error: 2() > at >
gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)
> at >
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j
ava: > 217) > Failed to receive AIC from Privacy CA, error 1 > Registering identity with server...FAILED > java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No
such file
or > directory) > at java.io.FileInputStream.open(Native Method) > at
java.io.FileInputStream.<init>(FileInputStream.java:146)
> at
java.io.FileInputStream.<init>(FileInputStream.java:101)
> at gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612) > at >
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
9 ) > Failed to register identity with appraiser, error 1 >
> Should I have updated anything else? > > cheers, > /Nicolae. > > > > On 1 November 2013 10:14, Wei, Gang <gang.wei@intel.com> wrote: > > > This is indeed an issue caused by the incompatibility between OAT tpm > access > code & tpm-tools(tpm_takeownership -z). It has already been fixed. > Please > follow below wiki and try again. >
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
> Recipe. > > Thanks > Jimmy > > Nicolae Paladi wrote on 2013-10-28: > > > Hi, I've followed the recipe > > >
( https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec
> > > i pe) but didn't get it to run yet; I think a step is
missing --
the AIK > > > is not available is /usr/share/oat-client (it was not
available in
> > /var/lig/oat-appraiser/ClientFiles either); when I try to
run
> > provisioner.sh, I get the following: provisioner.sh: line
7:
systemctl: > > command not found ### ecStorage = NVRAM### Performing TPM > > provisioning...710 DONE Successfully initialized TPM Performing HIS > > identity provisioning...FAILED java.util.NoSuchElementException > > at > java.util.StringTokenizer.nextToken(StringTokenizer.java:349) > > at > > >
gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21
> > 5) > > at > > >
gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29
> > 2) > > at > >
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione
> > > r.java: 225) Failed to receive AIC from Privacy CA, error
1
Registering > > > identity with server...FAILED
java.io.FileNotFoundException:
> > /usr/share/oat-client/aik.cer (No such file or directory) > > at java.io.FileInputStream.open(Native Method) > > at java.io.FileInputStream.<init>(FileInputStream.java:137) > > at java.io.FileInputStream.<init>(FileInputStream.java:96) > > at >
gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)
> > at > > >
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
> 9 > ) > > Failed to register identity with appraiser, error 1 > > > > > > > > Thanks, > > /Nicolae > > > > > > On 27 October 2013 22:55, Nicolae Paladi <n.paladi@gmail.com> wrote: > > > > > > Awesome, thanks! > > > > I'll try this out in the morning > > > > /Nicolae > > > > > > On 27 October 2013 17:03, Wei, Gang <gang.wei@intel.com> > wrote: > > > > > > Please refer to > > > > >
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
> > Recipe. > > > > Jimmy > >