Uploaded image for project: 'ONAP Operations Manager'
  1. ONAP Operations Manager
  2. OOM-2904

EJBCA fails to restart due to issue in ejbca-config.sh execution

XMLWordPrintable

    • Hide

      In case of a restart of the ejbca pod, in the postStart phase the script ejbca-config.sh will be executed.
      As the CA has been already initialized during the 1st startup, some calls within the script will report an ERROR, but will continue, e.g. "ejbca.sh ca init".
      The problem is that the final step "ejbca.sh roles addrolemember.."
      will also return an ERROR, as the member also exists, but in this case the postStart will fail and the pod gets restarted.

      Warning  FailedPostStartHook  3m39s                kubelet  Exec lifecycle hook ([/bin/sh -c /opt/primekey/scripts/ejbca-config.sh]) for Container "ejbca-ejbca" in Pod "contrib-ejbca-77c95dff98-hp7dx_onap(8be7c66b-4943-46f2-9544-fc5beb93f9d0)" failed - error: command '/bin/sh -c /opt/primekey/scripts/ejbca-config.sh' exited with 1: , message: "2021-12-28 11:20:29,917+0000 ERROR [org.ejbca.ui.cli.ca.CaInitCommand] (main) Error: CA 'ManagementCA' exists already\n2021-12-28 11:20:36,595+0000 INFO  [org.ejbca.ui.cli.config.cmp.AddAliasCommand] (main) Alias 'cmpRA' already exists.\n2021-12-28 11:20:40,665+0000 INFO  [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.operationmode=ra\n2021-12-28 11:20:40,694+0000 INFO  [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.operationmode=ra\n2021-12-28 11:20:44,716+0000 INFO  [org.ejbca.ui.cli.ca.CaEditCaCommand] (main) Modifying 'ManagementCA'...\n2021-12-28 11:20:44,790+0000 INFO  [org.ejbca.ui.cli.ca.CaEditCaCommand] (main) Current value of cmpRaAuthSecret is 'Vabq6'HiwjCuci'.\n2021-12-28 11:20:44,791+0000 INFO  [org.ejbca.ui.cli.ca.CaEditCaCommand] (main) Storing modified CA info for CA 'ManagementCA'...\n2021-12-28 11:20:45,064+0000 INFO  [org.ejbca.ui.cli.ca.CaEditCaCommand] (main) Reading modified value for verification...\n2021-12-28 11:20:45,088+0000 INFO  [org.ejbca.ui.cli.ca.CaEditCaCommand] (main) cmpRaAuthSecret returned value 'Vabq6'HiwjCuci'.\n2021-12-28 11:20:49,660+0000 INFO  [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.responseprotection=signature\n2021-12-28 11:20:49,694+0000 INFO  [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.responseprotection=signature\n2021-12-28 11:20:54,660+0000 INFO  [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.authenticationmodule=HMAC;EndEntityCertificate\n2021-12-28 11:20:55,621+0000 INFO  [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.authenticationmodule=HMAC;EndEntityCertificate\n2021-12-28 11:20:59,662+0000 INFO  [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.authenticationparameters=-;ManagementCA\n2021-12-28 11:20:59,712+0000 INFO  [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.authenticationparameters=-;ManagementCA\n2021-12-28 11:21:03,632+0000 INFO  [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.allowautomatickeyupdate=true\n2021-12-28 11:21:03,684+0000 INFO  [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.allowautomatickeyupdate=true\n2021-12-28 11:21:08,625+0000 INFO  [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Importing certificate and end entity profiles: \n2021-12-28 11:21:08,663+0000 INFO  [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Filename: '..2021_12_28_10_15_23.644665446'\n2021-12-28 11:21:08,663+0000 INFO  [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Filename: '..data'\n2021-12-28 11:21:08,664+0000 INFO  [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Filename: 'certprofile_CUSTOM_ENDUSER-1834889499.xml'\n2021-12-28 11:21:09,591+0000 ERROR [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Certificate profile 'CUSTOM_ENDUSER' already exist in database.\n2021-12-28 11:21:09,591+0000 INFO  [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Filename: 'entityprofile_Custom_EndEntity-1356531849.xml'\n2021-12-28 11:21:10,601+0000 ERROR [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Entity profile 'Custom_EndEntity' already exist in database.\n2021-12-28 11:21:14,971+0000 INFO  [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.ra.certificateprofile=CUSTOM_ENDUSER\n2021-12-28 11:21:15,010+0000 INFO  [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.ra.certificateprofile=CUSTOM_ENDUSER\n2021-12-28 11:21:19,654+0000 INFO  [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.ra.endentityprofileid=1356531849\n2021-12-28 11:21:19,699+0000 INFO  [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.ra.endentityprofileid=1356531849\n2021-12-28 11:21:28,663+0000 INFO  [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.defaultca=UID=12345,CN=ManagementCA,O=EJBCA Container Quickstart\n2021-12-28 11:21:28,703+0000 INFO  [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.defaultca=UID=12345,CN=ManagementCA,O=EJBCA Container Quickstart\n2021-12-28 11:21:32,657+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.ra.endentitycertificate.omitverifications = false\n2021-12-28 11:21:32,660+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.response.extracertsca = \n2021-12-28 11:21:32,660+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.certreqhandler.class = \n2021-12-28 11:21:32,661+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.ra.endentityprofileid = 1356531849\n2021-12-28 11:21:32,661+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.allowraverifypopo = false\n2021-12-28 11:21:32,662+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.allowservergenkeys = false\n2021-12-28 11:21:32,662+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.defaultca = UID=12345,CN=ManagementCA,O=EJBCA Container Quickstart\n2021-12-28 11:21:32,663+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.vendorcertificatemode = false\n2021-12-28 11:21:32,663+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.ra.passwordgenparams = random\n2021-12-28 11:21:32,663+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.ra.namegenerationpostfix = \n2021-12-28 11:21:32,663+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.ra.namegenerationscheme = DN\n2021-12-28 11:21:32,664+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.ra.endentityprofile = EMPTY\n2021-12-28 11:21:32,664+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.ra.caname = ManagementCA\n2021-12-28 11:21:32,664+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.ra.namegenerationprefix = \n2021-12-28 11:21:32,665+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.extractusernamecomponent = DN\n2021-12-28 11:21:32,665+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.authenticationparameters = -;ManagementCA\n2021-12-28 11:21:32,666+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.ra.namegenerationparameters = CN\n2021-12-28 11:21:32,666+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.ra.allowcustomcertserno = false\n2021-12-28 11:21:32,666+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.racertificatepath = \n2021-12-28 11:21:32,667+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.ra.certificateprofile = CUSTOM_ENDUSER\n2021-12-28 11:21:32,667+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.allowupdatewithsamekey = true\n2021-12-28 11:21:32,667+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.responseprotection = signature\n2021-12-28 11:21:32,667+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.operationmode = ra\n2021-12-28 11:21:32,667+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.authenticationmodule = HMAC;EndEntityCertificate\n2021-12-28 11:21:32,667+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.vendorca = \n2021-12-28 11:21:32,667+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.allowautomatickeyupdate = true\n2021-12-28 11:21:32,667+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmpRA.response.capubsca = \n2021-12-28 11:21:36,637+0000 INFO  [org.ejbca.ui.cli.config.cmp.AddAliasCommand] (main) Alias 'cmp' already exists.\n2021-12-28 11:21:41,625+0000 INFO  [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmp.allowautomatickeyupdate=true\n2021-12-28 11:21:42,612+0000 INFO  [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmp.allowautomatickeyupdate=true\n2021-12-28 11:21:46,975+0000 INFO  [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmp.responseprotection=pbe\n2021-12-28 11:21:47,005+0000 INFO  [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmp.responseprotection=pbe\n2021-12-28 11:21:51,813+0000 INFO  [org.ejbca.ui.cli.ra.AddEndEntityCommand] (main) Using certificate profile: ENDUSER, with id: 1\n2021-12-28 11:21:51,821+0000 ERROR [org.ejbca.ui.cli.ra.AddEndEntityCommand] (main) ERROR: User 'Node123' already exists in the database.\n2021-12-28 11:21:56,629+0000 INFO  [org.ejbca.ui.cli.ra.SetCleartextPasswordCommand] (main) Setting clear text password for user Node123\n2021-12-28 11:22:00,637+0000 INFO  [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmp.extractusernamecomponent=CN\n2021-12-28 11:22:00,686+0000 INFO  [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmp.extractusernamecomponent=CN\n2021-12-28 11:22:04,656+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.ra.passwordgenparams = random\n2021-12-28 11:22:04,658+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.vendorca = \n2021-12-28 11:22:04,659+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.ra.certificateprofile = ENDUSER\n2021-12-28 11:22:04,659+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.operationmode = client\n2021-12-28 11:22:04,660+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.racertificatepath = \n2021-12-28 11:22:04,660+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.response.extracertsca = \n2021-12-28 11:22:04,661+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.ra.caname = ManagementCA\n2021-12-28 11:22:04,661+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.ra.endentityprofileid = 1\n2021-12-28 11:22:04,661+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.authenticationparameters = -;-\n2021-12-28 11:22:04,662+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.responseprotection = pbe\n2021-12-28 11:22:04,662+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.allowupdatewithsamekey = true\n2021-12-28 11:22:04,663+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.allowraverifypopo = false\n2021-12-28 11:22:04,663+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.vendorcertificatemode = false\n2021-12-28 11:22:04,664+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.ra.namegenerationpostfix = \n2021-12-28 11:22:04,664+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.ra.endentityprofile = EMPTY\n2021-12-28 11:22:04,665+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.response.capubsca = \n2021-12-28 11:22:04,665+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.authenticationmodule = RegTokenPwd;HMAC\n2021-12-28 11:22:04,666+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.ra.namegenerationprefix = \n2021-12-28 11:22:04,666+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.allowautomatickeyupdate = true\n2021-12-28 11:22:04,667+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.ra.namegenerationparameters = CN\n2021-12-28 11:22:04,667+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.extractusernamecomponent = CN\n2021-12-28 11:22:04,667+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.ra.namegenerationscheme = DN\n2021-12-28 11:22:04,668+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.defaultca = \n2021-12-28 11:22:04,668+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.ra.allowcustomcertserno = false\n2021-12-28 11:22:04,669+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.ra.endentitycertificate.omitverifications = false\n2021-12-28 11:22:04,669+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.certreqhandler.class = \n2021-12-28 11:22:04,669+0000 INFO  [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main)  cmp.allowservergenkeys = false\n2021-12-28 11:22:14,643+0000 ERROR [org.ejbca.ui.cli.roles.AddRoleCommand] (main) ERROR: Role of name Certificate Update Admin already exists.\n2021-12-28 11:22:19,184+0000 INFO  [org.ejbca.ui.cli.roles.ChangeRuleCommand] (main) Replaces existing access rule with allow rule for resource '/ca/ManagementCA/'.\n2021-12-28 11:22:24,003+0000 INFO  [org.ejbca.ui.cli.roles.ChangeRuleCommand] (main) Replaces existing access rule with allow rule for resource '/ca_functionality/create_certificate/'.\n2021-12-28 11:22:28,745+0000 INFO  [org.ejbca.ui.cli.roles.ChangeRuleCommand] (main) Replaces existing access rule with allow rule for resource '/endentityprofilesrules/Custom_EndEntity/'.\n2021-12-28 11:22:32,847+0000 INFO  [org.ejbca.ui.cli.roles.ChangeRuleCommand] (main) Replaces existing access rule with allow rule for resource '/ra_functionality/edit_end_entity/'.\n2021-12-28 11:22:36,664+0000 INFO  [org.ejbca.ui.cli.roles.AddRoleMemberCommand] (main) Match TokenType is assumed to be 'CertificateAuthenticationToken'.\n2021-12-28 11:22:36,786+0000 ERROR [org.ejbca.ui.cli.roles.AddRoleMemberCommand] (main) The role member Linux-Foundation was not added because it already exists in the role Certificate Update Admin\n"

      Solution is adding at the end of the script an "exit 0"

      Show
      In case of a restart of the ejbca pod, in the postStart phase the script ejbca-config.sh will be executed. As the CA has been already initialized during the 1st startup, some calls within the script will report an ERROR, but will continue, e.g. "ejbca.sh ca init". The problem is that the final step "ejbca.sh roles addrolemember.." will also return an ERROR, as the member also exists, but in this case the postStart will fail and the pod gets restarted. Warning FailedPostStartHook 3m39s kubelet Exec lifecycle hook ([/bin/sh -c /opt/primekey/scripts/ejbca-config.sh]) for Container "ejbca-ejbca" in Pod "contrib-ejbca-77c95dff98-hp7dx_onap(8be7c66b-4943-46f2-9544-fc5beb93f9d0)" failed - error: command '/bin/sh -c /opt/primekey/scripts/ejbca-config.sh' exited with 1: , message: "2021-12-28 11:20:29,917+0000 ERROR [org.ejbca.ui.cli.ca.CaInitCommand] (main) Error: CA 'ManagementCA' exists already\n2021-12-28 11:20:36,595+0000 INFO [org.ejbca.ui.cli.config.cmp.AddAliasCommand] (main) Alias 'cmpRA' already exists.\n2021-12-28 11:20:40,665+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.operationmode=ra\n2021-12-28 11:20:40,694+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.operationmode=ra\n2021-12-28 11:20:44,716+0000 INFO [org.ejbca.ui.cli.ca.CaEditCaCommand] (main) Modifying 'ManagementCA' ...\n2021-12-28 11:20:44,790+0000 INFO [org.ejbca.ui.cli.ca.CaEditCaCommand] (main) Current value of cmpRaAuthSecret is 'Vabq6' HiwjCuci '.\n2021-12-28 11:20:44,791+0000 INFO [org.ejbca.ui.cli.ca.CaEditCaCommand] (main) Storing modified CA info for CA ' ManagementCA '...\n2021-12-28 11:20:45,064+0000 INFO [org.ejbca.ui.cli.ca.CaEditCaCommand] (main) Reading modified value for verification...\n2021-12-28 11:20:45,088+0000 INFO [org.ejbca.ui.cli.ca.CaEditCaCommand] (main) cmpRaAuthSecret returned value ' Vabq6 'HiwjCuci' .\n2021-12-28 11:20:49,660+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.responseprotection=signature\n2021-12-28 11:20:49,694+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.responseprotection=signature\n2021-12-28 11:20:54,660+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.authenticationmodule=HMAC;EndEntityCertificate\n2021-12-28 11:20:55,621+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.authenticationmodule=HMAC;EndEntityCertificate\n2021-12-28 11:20:59,662+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.authenticationparameters=-;ManagementCA\n2021-12-28 11:20:59,712+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.authenticationparameters=-;ManagementCA\n2021-12-28 11:21:03,632+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.allowautomatickeyupdate= true \n2021-12-28 11:21:03,684+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.allowautomatickeyupdate= true \n2021-12-28 11:21:08,625+0000 INFO [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Importing certificate and end entity profiles: \n2021-12-28 11:21:08,663+0000 INFO [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Filename: '..2021_12_28_10_15_23.644665446' \n2021-12-28 11:21:08,663+0000 INFO [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Filename: '..data' \n2021-12-28 11:21:08,664+0000 INFO [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Filename: 'certprofile_CUSTOM_ENDUSER-1834889499.xml' \n2021-12-28 11:21:09,591+0000 ERROR [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Certificate profile 'CUSTOM_ENDUSER' already exist in database.\n2021-12-28 11:21:09,591+0000 INFO [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Filename: 'entityprofile_Custom_EndEntity-1356531849.xml' \n2021-12-28 11:21:10,601+0000 ERROR [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Entity profile 'Custom_EndEntity' already exist in database.\n2021-12-28 11:21:14,971+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.ra.certificateprofile=CUSTOM_ENDUSER\n2021-12-28 11:21:15,010+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.ra.certificateprofile=CUSTOM_ENDUSER\n2021-12-28 11:21:19,654+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.ra.endentityprofileid=1356531849\n2021-12-28 11:21:19,699+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.ra.endentityprofileid=1356531849\n2021-12-28 11:21:28,663+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmpRA.defaultca=UID=12345,CN=ManagementCA,O=EJBCA Container Quickstart\n2021-12-28 11:21:28,703+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmpRA.defaultca=UID=12345,CN=ManagementCA,O=EJBCA Container Quickstart\n2021-12-28 11:21:32,657+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.ra.endentitycertificate.omitverifications = false \n2021-12-28 11:21:32,660+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.response.extracertsca = \n2021-12-28 11:21:32,660+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.certreqhandler.class = \n2021-12-28 11:21:32,661+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.ra.endentityprofileid = 1356531849\n2021-12-28 11:21:32,661+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.allowraverifypopo = false \n2021-12-28 11:21:32,662+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.allowservergenkeys = false \n2021-12-28 11:21:32,662+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.defaultca = UID=12345,CN=ManagementCA,O=EJBCA Container Quickstart\n2021-12-28 11:21:32,663+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.vendorcertificatemode = false \n2021-12-28 11:21:32,663+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.ra.passwordgenparams = random\n2021-12-28 11:21:32,663+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.ra.namegenerationpostfix = \n2021-12-28 11:21:32,663+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.ra.namegenerationscheme = DN\n2021-12-28 11:21:32,664+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.ra.endentityprofile = EMPTY\n2021-12-28 11:21:32,664+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.ra.caname = ManagementCA\n2021-12-28 11:21:32,664+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.ra.namegenerationprefix = \n2021-12-28 11:21:32,665+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.extractusernamecomponent = DN\n2021-12-28 11:21:32,665+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.authenticationparameters = -;ManagementCA\n2021-12-28 11:21:32,666+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.ra.namegenerationparameters = CN\n2021-12-28 11:21:32,666+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.ra.allowcustomcertserno = false \n2021-12-28 11:21:32,666+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.racertificatepath = \n2021-12-28 11:21:32,667+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.ra.certificateprofile = CUSTOM_ENDUSER\n2021-12-28 11:21:32,667+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.allowupdatewithsamekey = true \n2021-12-28 11:21:32,667+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.responseprotection = signature\n2021-12-28 11:21:32,667+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.operationmode = ra\n2021-12-28 11:21:32,667+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.authenticationmodule = HMAC;EndEntityCertificate\n2021-12-28 11:21:32,667+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.vendorca = \n2021-12-28 11:21:32,667+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.allowautomatickeyupdate = true \n2021-12-28 11:21:32,667+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmpRA.response.capubsca = \n2021-12-28 11:21:36,637+0000 INFO [org.ejbca.ui.cli.config.cmp.AddAliasCommand] (main) Alias 'cmp' already exists.\n2021-12-28 11:21:41,625+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmp.allowautomatickeyupdate= true \n2021-12-28 11:21:42,612+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmp.allowautomatickeyupdate= true \n2021-12-28 11:21:46,975+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmp.responseprotection=pbe\n2021-12-28 11:21:47,005+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmp.responseprotection=pbe\n2021-12-28 11:21:51,813+0000 INFO [org.ejbca.ui.cli.ra.AddEndEntityCommand] (main) Using certificate profile: ENDUSER, with id: 1\n2021-12-28 11:21:51,821+0000 ERROR [org.ejbca.ui.cli.ra.AddEndEntityCommand] (main) ERROR: User 'Node123' already exists in the database.\n2021-12-28 11:21:56,629+0000 INFO [org.ejbca.ui.cli.ra.SetCleartextPasswordCommand] (main) Setting clear text password for user Node123\n2021-12-28 11:22:00,637+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration was: cmp.extractusernamecomponent=CN\n2021-12-28 11:22:00,686+0000 INFO [org.ejbca.ui.cli.config.cmp.UpdateCommand] (main) Configuration updated: cmp.extractusernamecomponent=CN\n2021-12-28 11:22:04,656+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.ra.passwordgenparams = random\n2021-12-28 11:22:04,658+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.vendorca = \n2021-12-28 11:22:04,659+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.ra.certificateprofile = ENDUSER\n2021-12-28 11:22:04,659+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.operationmode = client\n2021-12-28 11:22:04,660+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.racertificatepath = \n2021-12-28 11:22:04,660+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.response.extracertsca = \n2021-12-28 11:22:04,661+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.ra.caname = ManagementCA\n2021-12-28 11:22:04,661+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.ra.endentityprofileid = 1\n2021-12-28 11:22:04,661+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.authenticationparameters = -;-\n2021-12-28 11:22:04,662+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.responseprotection = pbe\n2021-12-28 11:22:04,662+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.allowupdatewithsamekey = true \n2021-12-28 11:22:04,663+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.allowraverifypopo = false \n2021-12-28 11:22:04,663+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.vendorcertificatemode = false \n2021-12-28 11:22:04,664+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.ra.namegenerationpostfix = \n2021-12-28 11:22:04,664+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.ra.endentityprofile = EMPTY\n2021-12-28 11:22:04,665+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.response.capubsca = \n2021-12-28 11:22:04,665+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.authenticationmodule = RegTokenPwd;HMAC\n2021-12-28 11:22:04,666+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.ra.namegenerationprefix = \n2021-12-28 11:22:04,666+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.allowautomatickeyupdate = true \n2021-12-28 11:22:04,667+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.ra.namegenerationparameters = CN\n2021-12-28 11:22:04,667+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.extractusernamecomponent = CN\n2021-12-28 11:22:04,667+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.ra.namegenerationscheme = DN\n2021-12-28 11:22:04,668+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.defaultca = \n2021-12-28 11:22:04,668+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.ra.allowcustomcertserno = false \n2021-12-28 11:22:04,669+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.ra.endentitycertificate.omitverifications = false \n2021-12-28 11:22:04,669+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.certreqhandler.class = \n2021-12-28 11:22:04,669+0000 INFO [org.ejbca.ui.cli.config.cmp.DumpAliasCommand] (main) cmp.allowservergenkeys = false \n2021-12-28 11:22:14,643+0000 ERROR [org.ejbca.ui.cli.roles.AddRoleCommand] (main) ERROR: Role of name Certificate Update Admin already exists.\n2021-12-28 11:22:19,184+0000 INFO [org.ejbca.ui.cli.roles.ChangeRuleCommand] (main) Replaces existing access rule with allow rule for resource '/ca/ManagementCA/' .\n2021-12-28 11:22:24,003+0000 INFO [org.ejbca.ui.cli.roles.ChangeRuleCommand] (main) Replaces existing access rule with allow rule for resource '/ca_functionality/create_certificate/' .\n2021-12-28 11:22:28,745+0000 INFO [org.ejbca.ui.cli.roles.ChangeRuleCommand] (main) Replaces existing access rule with allow rule for resource '/endentityprofilesrules/Custom_EndEntity/' .\n2021-12-28 11:22:32,847+0000 INFO [org.ejbca.ui.cli.roles.ChangeRuleCommand] (main) Replaces existing access rule with allow rule for resource '/ra_functionality/edit_end_entity/' .\n2021-12-28 11:22:36,664+0000 INFO [org.ejbca.ui.cli.roles.AddRoleMemberCommand] (main) Match TokenType is assumed to be 'CertificateAuthenticationToken' .\n2021-12-28 11:22:36,786+0000 ERROR [org.ejbca.ui.cli.roles.AddRoleMemberCommand] (main) The role member Linux-Foundation was not added because it already exists in the role Certificate Update Admin\n" Solution is adding at the end of the script an "exit 0"

          andreasgeissler Andreas Geissler
          andreasgeissler Andreas Geissler
          Votes:
          0 Vote for this issue
          Watchers:
          1 Start watching this issue

            Created:
            Updated:
            Resolved: