Error in importing transport cert. KRA may not be enabled

asked 2020-04-08 12:13:42 -0500

jmora gravatar image

Openstack Train | EL7

Configuring barbican to backend to freeipa. Using simple crypto barbican works fine, but when i change backend to dogtag i run into issue. From what the error is showing i am assuming this is a certificate issue, but not sure.

KRA is installed on freeipa server.

See below for error and barbican.conf

Wed Apr 08 17:00:40.752512 2020] [wsgi:error] [pid 9391] 2020-04-08 17:00:40.752 9391 WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.\x1b[00m
[Wed Apr 08 17:00:46.022854 2020] [wsgi:error] [pid 9391] [remote 10.2.30.90:37566] 2020-04-08 17:00:46.020 9391 ERROR barbican.plugin.dogtag [req-01d15f60-6629-4f57-93c9-830fcb30c984 ca0816a1f8eb4497b2d72e123698c266 ba6f2b182bed4d86aa38fcd62bab2bbe - default default] Error in importing transport cert. KRA may not be enabled: [('PEM routines', 'get_name', 'no start line'), ('SSL routines', 'use_certificate_chain_file', 'PEM lib')]: OpenSSL.SSL.Error: [('PEM routines', 'get_name', 'no start line'), ('SSL routines', 'use_certificate_chain_file', 'PEM lib')]\x1b[00m
[Wed Apr 08 17:00:46.060612 2020] [wsgi:error] [pid 9391] [remote 10.2.30.90:37566] 2020-04-08 17:00:46.059 9391 ERROR barbican.plugin.util.utils [req-01d15f60-6629-4f57-93c9-830fcb30c984 ca0816a1f8eb4497b2d72e123698c266 ba6f2b182bed4d86aa38fcd62bab2bbe - default default] Problem seen creating plugin: 'dogtag_crypto': nss.error.NSPRError: (SEC_ERROR_BAD_DATABASE) security library: bad database.
[Wed Apr 08 17:00:46.060632 2020] [wsgi:error] [pid 9391] [remote 10.2.30.90:37566] 2020-04-08 17:00:46.059 9391 ERROR barbican.plugin.util.utils Traceback (most recent call last):
[Wed Apr 08 17:00:46.060637 2020] [wsgi:error] [pid 9391] [remote 10.2.30.90:37566] 2020-04-08 17:00:46.059 9391 ERROR barbican.plugin.util.utils   File "/usr/local/lib/python3.6/site-packages/barbican/plugin/util/utils.py", line 41, in instantiate_plugins
[Wed Apr 08 17:00:46.060641 2020] [wsgi:error] [pid 9391] [remote 10.2.30.90:37566] 2020-04-08 17:00:46.059 9391 ERROR barbican.plugin.util.utils     plugin_instance = ext.plugin(*invoke_args, **invoke_kwargs)
[Wed Apr 08 17:00:46.060672 2020] [wsgi:error] [pid 9391] [remote 10.2.30.90:37566] 2020-04-08 17:00:46.059 9391 ERROR barbican.plugin.util.utils   File "/usr/local/lib/python3.6/site-packages/barbican/plugin/dogtag.py", line 192, in __init__
[Wed Apr 08 17:00:46.060677 2020] [wsgi:error] [pid 9391] [remote 10.2.30.90:37566] 2020-04-08 17:00:46.059 9391 ERROR barbican.plugin.util.utils     self.keyclient.set_transport_cert(KRA_TRANSPORT_NICK)
[Wed Apr 08 17:00:46.060680 2020] [wsgi:error] [pid 9391] [remote 10.2.30.90:37566] 2020-04-08 17:00:46.059 9391 ERROR barbican.plugin.util.utils   File "/usr/local/lib/python3.6/site-packages/pki/key.py", line 494, in set_transport_cert
[Wed Apr 08 17:00:46.060692 2020] [wsgi:error] [pid 9391] [remote 10.2.30.90:37566] 2020-04-08 17:00:46.059 9391 ERROR barbican.plugin.util.utils     self.transport_cert = self.crypto.get_cert(transport_cert_nick)
[Wed Apr 08 17:00:46.060697 2020] [wsgi:error] [pid 9391] [remote 10 ...
(more)
edit retag flag offensive close merge delete