Does the CN component in the .pem need to be a fqdn?<br><br>And the CN is koji (I thought it needed to be the auth user)<br><br>Right now I am under the impression that the user in kojid.conf needs to be a fqdn and that the CN in the .pem file needs to match, is this correct?<br>
<br># /usr/sbin/kojid --force-lock --verbose --fg<br><br>2009-02-26 11:01:51,706 [INFO] {4098} koji.build:66 Starting up<br>Traceback (most recent call last):<br> File "/usr/sbin/kojid", line 2730, in ?<br> main()<br>
File "/usr/sbin/kojid", line 67, in main<br> tm = TaskManager()<br> File "/usr/sbin/kojid", line 530, in __init__<br> self.host_id = session.host.getID()<br> File "/usr/lib/python2.4/site-packages/koji/__init__.py", line 1133, in __call__<br>
return self.__func(self.__name,args,opts)<br> File "/usr/lib/python2.4/site-packages/koji/__init__.py", line 1378, in _callMethod<br> raise err<br>koji.AuthError: No host specified<br><br><br><br><div class="gmail_quote">
On Thu, Feb 26, 2009 at 10:59 AM, Mike Bonnet <span dir="ltr"><<a href="mailto:mikeb@redhat.com">mikeb@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">Thomas Hatch wrote:<br>
> I keep having problems with it telling me the system is locked until I run a<br>
> restart, but service kojid status keeps returning the same error<br>
><br>
> service kojid status<br>
> kojid dead but subsys locked<br>
><br>
> kojid also seems to be dying but the logs yield no real data<br>
><br>
> I think I have a problem in my configs:<br>
<br>
</div>What is the output of<br>
<br>
openssl x509 -noout -subject -in /etc/pki/koji/kojibuilder1.pem<br>
<br>
The CN component needs to match the hostname you added with "koji<br>
add-host", in your case <a href="http://koji.bcinfra.net" target="_blank">koji.bcinfra.net</a>. Also, that same certificate<br>
may not be used to authenticate any other services or users to the system.<br>
<br>
You can also run<br>
<br>
/usr/sbin/kojid --force-lock --verbose --fg<br>
<br>
as root to run kojid in the foreground and see what errors are reported.<br>
<div><div></div><div class="Wj3C7c"><br>
> kojid.conf:<br>
><br>
> [kojid]<br>
> ; The number of seconds to sleep between tasks<br>
> ; sleeptime=15<br>
><br>
> ; The maximum number of jobs that kojid will handle at a time<br>
> ; maxjobs=10<br>
><br>
> ; The minimum amount of free space (in MBs) required for each build root<br>
> ; minspace=8192<br>
><br>
> ; The directory root where work data can be found from the koji hub<br>
> ; topdir=/mnt/koji<br>
><br>
> ; The directory root for temporary storage<br>
> workdir=/tmp/koji<br>
><br>
> ; The directory root for mock<br>
> mockdir=/var/lib/mock<br>
><br>
> ; The user to run as when doing builds<br>
> mockuser=kojibuilder<br>
><br>
> ; The vendor to use in rpm headers<br>
> ; vendor=Koji<br>
><br>
> ; The packager to use in rpm headers<br>
> ; packager=Koji<br>
><br>
> ; The _host string to use in mock<br>
> ; mockhost=koji-linux-gnu<br>
><br>
> ; The URL for the xmlrpc server<br>
> server=<a href="http://sunlight.pp.bcinfra.net/kojihub" target="_blank">http://sunlight.pp.bcinfra.net/kojihub</a><br>
><br>
> user=<a href="http://koji.bcinfra.net" target="_blank">koji.bcinfra.net</a><br>
><br>
> ; The URL for the packages tree<br>
> pkgurl=<a href="http://sunlight.pp.bcinfra.net/pkg/packages" target="_blank">http://sunlight.pp.bcinfra.net/pkg/packages</a><br>
><br>
> ; A space-separated list of hostname:repository[:use_common] tuples that<br>
> kojid is authorized to checkout from (no quotes).<br>
> ; Wildcards (as supported by fnmatch) are allowed.<br>
> ; If use_common is specified and is one of "false", "no", or "0" (without<br>
> quotes), then kojid will not attempt to checkout<br>
> ; a common/ dir when checking out sources from the source control system.<br>
> Otherwise, it will attempt to checkout a common/<br>
> ; dir, and will raise an exception if it cannot.<br>
> ;allowed_scms=scm.example.com:/cvs/example git.example.org:/example<br>
> svn.example.org:/users/*:no<br>
><br>
> ; The mail host to use for sending email notifications<br>
> smtphost=<a href="http://sunlight.pp.bcinfra.net" target="_blank">sunlight.pp.bcinfra.net</a><br>
><br>
> ; The From address used when sending email notifications<br>
> from_addr=Koji Build System <<a href="mailto:koji@koji.bcinfra.net">koji@koji.bcinfra.net</a>><br>
><br>
> ;configuration for SSL athentication<br>
><br>
> ;client certificate<br>
> cert = /etc/pki/koji/kojibuilder1.pem<br>
><br>
> ;certificate of the CA that issued the client certificate<br>
> ca = /etc/pki/koji/koji_ca_cert.crt<br>
><br>
> ;certificate of the CA that issued the HTTP server certificate<br>
> serverca = /etc/pki/koji/koji_ca_cert.crt<br>
><br>
><br>
><br>
><br>
><br>
><br>
> On Thu, Feb 26, 2009 at 10:32 AM, Jeffrey Ollie <<a href="mailto:jeff@ocjtech.us">jeff@ocjtech.us</a>> wrote:<br>
><br>
>> On Thu, Feb 26, 2009 at 11:29 AM, Thomas Hatch <<a href="mailto:thatch65@gmail.com">thatch65@gmail.com</a>> wrote:<br>
>>> I run "koji list-hosts --channel=createrepo" and get:<br>
>>><br>
>>> Hostname Enb Rdy Load/Cap Arches Last<br>
>> Update<br>
>>> <a href="http://koji.bcinfra.net" target="_blank">koji.bcinfra.net</a> Y N 0.0/8.0 i386,x86_64 -<br>
>>><br>
>>> Seems it is enabled and in the channel, but not ready?<br>
>> Is kojid running? That's the service that does the actual building...<br>
>><br>
>> --<br>
>> Jeff Ollie<br>
>> Marcus to Franklin in Babylon 5: "A Late Delivery from Avalon"<br>
>><br>
>> --<br>
>> Fedora-buildsys-list mailing list<br>
>> <a href="mailto:Fedora-buildsys-list@redhat.com">Fedora-buildsys-list@redhat.com</a><br>
>> <a href="https://www.redhat.com/mailman/listinfo/fedora-buildsys-list" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-buildsys-list</a><br>
>><br>
><br>
><br>
</div></div>> ------------------------------------------------------------------------<br>
<div><div></div><div class="Wj3C7c">><br>
> --<br>
> Fedora-buildsys-list mailing list<br>
> <a href="mailto:Fedora-buildsys-list@redhat.com">Fedora-buildsys-list@redhat.com</a><br>
> <a href="https://www.redhat.com/mailman/listinfo/fedora-buildsys-list" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-buildsys-list</a><br>
<br>
--<br>
Fedora-buildsys-list mailing list<br>
<a href="mailto:Fedora-buildsys-list@redhat.com">Fedora-buildsys-list@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/fedora-buildsys-list" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-buildsys-list</a><br>
</div></div></blockquote></div><br>