[Users] Trusted Pools and CentOS 6 packages

Wei, Gang gang.wei at intel.com
Thu Nov 14 03:25:36 UTC 2013


Can you try netstat -anp | grep 8443? Maybe it is occupied by apache.

Meanwhile check whether tomcat is up.

Jimmy


> -----Original Message-----
> From: Nicolae Paladi [mailto:n.paladi at gmail.com]
> Sent: Wednesday, November 13, 2013 10:43 PM
> To: Wei, Gang
> Cc: Doron Fediuck; users at ovirt.org
> Subject: Re: [Users] Trusted Pools and CentOS 6 packages
> 
> Hi,
> 
> I am using port 8443, since no other process -- as far as I know -- is
using it;
> 
> below you will find all of the requested configuration files:
> 
> Contents of /etc/oat_client/*:
> log4j.properties: http://pastebin.com/MQLM68vs
> OAT.properties: http://pastebin.com/LwHihxah
> OATprovisioner.properties: http://pastebin.com/0x5TShtZ
> TPMModule.properties: http://pastebin.com/hvw9gfRE
> 
> 
> server.xml: http://pastebin.com/VZ9Vk6iC
> OAT_client.sh: http://pastebin.com/St4yCGcF
> 
> provisioner.sh: http://pastebin.com/RedqQt8V
> 
> 
> cheers,
> /Nicolae.
> 
> 
> On 13 November 2013 14:47, Wei, Gang <gang.wei at intel.com> wrote:
> 
> 
> 	This time it failed earlier. Looks like the PCA webservice2 was not
> 	listening on 8443 port. Have you replaced the port 8443 with 8442 in
> server
> 	side ($TOMCAT_HOME/conf/server.xml) but not change it in client side
> 	(/usr/share/oat-client/script/OAT_client.sh)? Or the 8443 port is
occupied
> 	by another app?
> 
> 	Please copy the content from your current server.xml, OAT_client.sh,
> 	provisioner.sh and /etc/oat-client/* into the content of your reply
for
> 	analysis. (don't attach *.sh as attachments, that will get filtered
by my
> 	company's mailing system).
> 
> 	Thanks
> 	Jimmy
> 
> 
> 
> 	> -----Original Message-----
> 	> From: Nicolae Paladi [mailto:n.paladi at gmail.com]
> 	> Sent: Wednesday, November 13, 2013 7:01 PM
> 	> To: Wei, Gang
> 	> Cc: Doron Fediuck; users at ovirt.org
> 	> Subject: Re: [Users] Trusted Pools and CentOS 6 packages
> 	>
> 
> 	> Hi,
> 	>
> 	> thank you for the feedback;
> 	> I've gone through the steps again, but obtained the exactly same
> problem:
> 	>
> 	> 1. I removed all of the previously installed packaged related to
OAT.
> 	>
> 	> 2. I followed the tutorial, until this command:
> 	>
> 	> bash provisioner.sh
> 	>
> 	> provisioner.sh: line 7: systemctl: command not found
> 	> ### ecStorage = NVRAM###
> 	> Performing TPM provisioning...FAILED
> 	> javax.xml.ws.WebServiceException: Failed to access the WSDL at:
> 	>
> https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor
> 	> yService?wsdl. It failed with:
> 	>         Connection refused.
> 	>         at
> 	>
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP
> 	> arser.java:162)
> 	>         at
> 	>
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
> 	> ava:144)
> 	>         at
> 	>
> com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav
> 	> a:265)
> 	>         at
> 	>
> com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:228)
> 	>         at
> 	>
> com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:176)
> 	>         at
> 	>
>
com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.jav
> a:104
> 	> )
> 	>         at javax.xml.ws.Service.<init>(Service.java:77)
> 	>         at
> 	>
>
gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWe
> bSer
> 	>
>
vice2FactoryServiceService.<init>(HisPrivacyCAWebService2FactoryService
> Servi
> 	> ce.java:42)
> 	>         at
> 	>
>
gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWe
> bSer
> 	>
> vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli
> 	> entInvoker.java:32)
> 	>         at
> 	>
> gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205)
> 	> Caused by: java.net.ConnectException: Connection refused
> 	>         at java.net.PlainSocketImpl.socketConnect(Native Method)
> 	>         at
> 	>
>
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.jav
> a:339
> 	> )
> 	>         at
> 	>
>
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketI
> mpl.j
> 	> ava:200)
> 	>         at
> 	>
> java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
> 	>         at
> java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
> 	>         at java.net.Socket.connect(Socket.java:579)
> 	>         at
> sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)
> 	>         at
> 	>
> sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160)
> 	>         at sun.net.NetworkClient.doConnect(NetworkClient.java:180)
> 	>         at
> sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
> 	>         at
> sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
> 	>         at
> 	>
sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:275)
> 	>         at
> 	> sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371)
> 	>         at
> 	>
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt
> 	> tpClient(AbstractDelegateHttpsURLConnection.java:191)
> 	>         at
> 	>
> sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec
> 	> tion.java:932)
> 	>         at
> 	>
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A
> 	> bstractDelegateHttpsURLConnection.java:177)
> 	>         at
> 	>
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn
> 	> ection.java:1300)
> 	>         at
> 	>
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU
> 	> RLConnectionImpl.java:254)
> 	>         at java.net.URL.openStream(URL.java:1037)
> 	>         at
> 	>
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD
> 	> LParser.java:804)
> 	>         at
> 	>
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL
> 	> Parser.java:262)
> 	>         at
> 	>
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j
> 	> ava:129)
> 	>         ... 8 more
> 	> Failed to initialize the TPM, error 1
> 	> Performing HIS identity provisioning...FAILED
> 	> gov.niarl.his.privacyca.TpmModule$TpmModuleException:
> 	> TpmModule.getCredential returned nonzero error: 2()
> 	>         at
> 	>
gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)
> 	>         at
> 	>
>
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j
> 	ava:
> 	> 217)
> 	> Failed to receive AIC from Privacy CA, error 1
> 	> Registering identity with server...FAILED
> 	> java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No
such file
> 	or
> 	> directory)
> 	>         at java.io.FileInputStream.open(Native Method)
> 	>         at
java.io.FileInputStream.<init>(FileInputStream.java:146)
> 	>         at
java.io.FileInputStream.<init>(FileInputStream.java:101)
> 	>         at
> 	gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)
> 	>         at
> 	>
> 
>
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
> 9
> 	)
> 	> Failed to register identity with appraiser, error 1
> 	>
> 
> 	> Should I have updated anything else?
> 	>
> 	> cheers,
> 	> /Nicolae.
> 	>
> 	>
> 	>
> 	> On 1 November 2013 10:14, Wei, Gang <gang.wei at intel.com> wrote:
> 	>
> 	>
> 	>       This is indeed an issue caused by the incompatibility
between
> OAT
> 	tpm
> 	> access
> 	>       code & tpm-tools(tpm_takeownership -z). It has already been
> fixed.
> 	> Please
> 	>       follow below wiki and try again.
> 	>
>
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
> 	> Recipe.
> 	>
> 	>       Thanks
> 	>       Jimmy
> 	>
> 	>       Nicolae Paladi wrote on 2013-10-28:
> 	>
> 	>       > Hi, I've followed the recipe
> 	>       >
> 	>
> (https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec
> 	>
> 	>       > i pe) but didn't get it to run yet; I think a step is
missing --
> 	the AIK
> 	>
> 	>       > is not available is /usr/share/oat-client (it was not
available in
> 	>       > /var/lig/oat-appraiser/ClientFiles either); when I try to
run
> 	>       > provisioner.sh, I get the following: provisioner.sh: line
7:
> 	systemctl:
> 	>       > command not found ### ecStorage = NVRAM### Performing
> TPM
> 	>       > provisioning...710 DONE Successfully initialized TPM
> Performing
> 	HIS
> 	>       > identity provisioning...FAILED
> java.util.NoSuchElementException
> 	>       >         at
> 	> java.util.StringTokenizer.nextToken(StringTokenizer.java:349)
> 	>       >         at
> 	>       >
> 	>
> gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21
> 	>       > 5)
> 	>       >         at
> 	>       >
> 	>
> gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29
> 	>       > 2)
> 	>       >         at
> 	>       >
>
gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione
> 	>
> 	>       > r.java: 225) Failed to receive AIC from Privacy CA, error
1
> 	Registering
> 	>
> 	>       > identity with server...FAILED
java.io.FileNotFoundException:
> 	>       > /usr/share/oat-client/aik.cer (No such file or directory)
> 	>       >         at java.io.FileInputStream.open(Native Method)
> 	>       >         at
> 	java.io.FileInputStream.<init>(FileInputStream.java:137)
> 	>       >         at
> java.io.FileInputStream.<init>(FileInputStream.java:96)
> 	>       >         at
> 	>
gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)
> 	>       >         at
> 	>       >
> 	>
>
gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9
> 	> 9
> 	>       )
> 	>       > Failed to register identity with appraiser, error 1
> 	>       >
> 	>       >
> 	>       >
> 	>       > Thanks,
> 	>       > /Nicolae
> 	>       >
> 	>       >
> 	>       > On 27 October 2013 22:55, Nicolae Paladi
> <n.paladi at gmail.com>
> 	wrote:
> 	>       >
> 	>       >
> 	>       >       Awesome, thanks!
> 	>       >
> 	>       >       I'll try this out in the morning
> 	>       >
> 	>       >       /Nicolae
> 	>       >
> 	>       >
> 	>       >       On 27 October 2013 17:03, Wei, Gang
> <gang.wei at intel.com>
> 	> wrote:
> 	>       >
> 	>       >
> 	>       >               Please refer to
> 	>       >
> 	>       >
> 	>
>
https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-
> 	>       > Recipe.
> 	>       >
> 	>       >               Jimmy
> 	>
> 	>
> 
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 9634 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20131114/e075e682/attachment-0001.p7s>


More information about the Users mailing list