fred-users December 2016

fred-users@lists.nic.cz

3 participants
4 discussions

Setting up a CA and signing certificates with it

by Mario Guerra

I have done this, according to http://www.tc.umn.edu/~brams006/selfsign.html, part 1B (generating your own CA): a) create a CA authority (ca.key and ca.crt) b) make a certificate request (server.csr) c) sign the certificate request (server.crt and server.key) with the new CA authority d) change the server key so it does not ask for a passphrase. Afterwards, the server.crt and server.key files are included in /usr/share/fred-client/ssl directory, and the fred-client configuration file is modified like this: ssl_cert = %(dir)s/server.crt ssl_key = %(dir)s/server.key Now, if I try to run fred-client this is the result: ERROR: socket.sslerror: [Errno 1] _ssl.c:480: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (200.107.82.18:700) Certificate not signed by verified certificate authority What should I do for fred-client to identify these certificates as valid?. Thanks in advance. Note: the new fred-client is perfectly compatible with FRED 2.2. -- Mario Guerra <mguerra(a)nic.cr>

2 years, 5 months

Maximum renewal period in FRED

by Dr Paulos B Nyirenda

Jaromir, Just one or two more clarifications on FRED: 1. Is there a default maximum number of years (or months) for renewing a domain ? I see that in .cz this is required to be 10 years - is this burned into FRED or can it be modified? See: https://www.nic.cz/files/nic/doc/Registration_rules_CZ.pdf Regards, Paulos ====================== Dr Paulos B Nyirenda NIC.MW & .mw ccTLD http://www.registrar.mw

8 years, 7 months

IDN in fred? Howto

by Torkil Zachariassen

We are to try out having a few extra national characters áýúíóæøåð and in uppercase these are ÁÝÚÍÓÆØÅÐ in ccTLD names (.fo) We found the 'allow_idn' in server.conf and have it set as 'true' (allow_idn = true), but this seems not to be enough, and does not really fullfill the requirements. IDN is mentioned an option in fred, but where/how can we turn this on, and what should we be aware of ? ...torkil...

8 years, 11 months

On Ubuntu 16.04.1 LTS - updating broke fred

by Torkil Zachariassen

Sorry for this lengthy message, but a bugfix is provided with a description of the issue in the latest packages of fred for ubunto Have a nice day On Ubuntu 16.04.1 LTS - just updated and upgraded everything including fred, broke fred # systemctl status fred-logd ● fred-logd.service - FRED logging daemon Loaded: loaded (/lib/systemd/system/fred-logd.service; enabled; vendor preset: enabled) Active: inactive (dead) (Result: exit-code) since Fri 2016-12-30 16:56:12 WET; 17min ago Process: 3653 ExecStart=/usr/sbin/fred-logd -ORBendPoint giop:tcp::2226 -ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-logd.conf (code=exited, status=1/FAILURE) Main PID: 3653 (code=exited, status=1/FAILURE) Dec 30 16:56:12 fred-ubunto-16 systemd[1]: fred-logd.service: Failed with result 'exit-code'. Dec 30 16:56:12 fred-ubunto-16 systemd[1]: fred-logd.service: Service hold-off time over, scheduling restart. Dec 30 16:56:12 fred-ubunto-16 systemd[1]: Stopped FRED logging daemon. Dec 30 16:56:12 fred-ubunto-16 systemd[1]: fred-logd.service: Start request repeated too quickly. Dec 30 16:56:12 fred-ubunto-16 systemd[1]: Failed to start FRED logging daemon. Hmm where is fred-logd.conf ? In /etc/init/fred-logd.conf ! BUGFIX # cd /etc/fred # ln -s ../init/fred-logd.conf root@fred-ubunto-16:/etc/fred# systemctl start fred-logd root@fred-ubunto-16:/etc/fred# systemctl status fred-logd ● fred-logd.service - FRED logging daemon Loaded: loaded (/lib/systemd/system/fred-logd.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2016-12-30 17:22:57 WET; 2s ago Main PID: 4600 (fred-logd) Tasks: 3 Memory: 2.5M CPU: 25ms CGroup: /system.slice/fred-logd.service └─4600 /usr/sbin/fred-logd -ORBendPoint giop:tcp::2226 -ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-logd.conf Dec 30 17:22:57 fred-ubunto-16 systemd[1]: Started FRED logging daemon. So the bugfix worked :-) Next issue: # systemctl status fred-rifd ● fred-rifd.service - FRED registrar interface daemon Loaded: loaded ( ; enabled; vendor preset: enabled) Active: inactive (dead) (Result: exit-code) since Fri 2016-12-30 16:50:26 WET; 35min ago Process: 3321 ExecStart=/usr/sbin/fred-rifd -ORBendPoint giop:tcp::2224 -ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-rifd.conf (code=exited, status=1/FAILURE) Main PID: 3321 (code=exited, status=1/FAILURE) Dec 30 16:50:25 fred-ubunto-16 systemd[1]: fred-rifd.service: Main process exited, code=exited, status=1/FAILURE Dec 30 16:50:25 fred-ubunto-16 systemd[1]: fred-rifd.service: Unit entered failed state. Dec 30 16:50:25 fred-ubunto-16 systemd[1]: fred-rifd.service: Failed with result 'exit-code'. Dec 30 16:50:26 fred-ubunto-16 systemd[1]: fred-rifd.service: Service hold-off time over, scheduling restart. Dec 30 16:50:26 fred-ubunto-16 systemd[1]: Stopped FRED registrar interface daemon. Dec 30 16:50:26 fred-ubunto-16 systemd[1]: fred-rifd.service: Start request repeated too quickly. Dec 30 16:50:26 fred-ubunto-16 systemd[1]: Failed to start FRED registrar interface daemon. Again /lib/systemd/system/fred-rifd.service specifies fred-rifd.conf to be in /etc/fred, were as it is in /etc/init :-/ BUGFIX # cd /etc/fred # ln -s ../init/fred-rifd.conf # cd # systemctl start fred-rifd # systemctl status fred-rifd ● fred-rifd.service - FRED registrar interface daemon Loaded: loaded (/lib/systemd/system/fred-rifd.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2016-12-30 17:30:01 WET; 6s ago Main PID: 4777 (fred-rifd) Tasks: 3 Memory: 3.3M CPU: 31ms CGroup: /system.slice/fred-rifd.service └─4777 /usr/sbin/fred-rifd -ORBendPoint giop:tcp::2224 -ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-rifd.conf Dec 30 17:30:01 fred-ubunto-16 systemd[1]: Started FRED registrar interface daemon. So the bugfix worked :-) Next issue: # systemctl status fred-pifd ● fred-pifd.service - FRED public interface daemon Loaded: loaded (/lib/systemd/system/fred-pifd.service; enabled; vendor preset: enabled) Active: inactive (dead) (Result: exit-code) since Fri 2016-12-30 16:28:07 WET; 1h 7min ago Process: 1334 ExecStart=/usr/sbin/fred-pifd -ORBendPoint giop:tcp::2223 -ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-pifd.conf (code=exited, status=1/FAILURE) Main PID: 1334 (code=exited, status=1/FAILURE) Tasks: 0 Memory: 0B CPU: 0 CGroup: /system.slice/fred-pifd.service Dec 30 16:28:07 fred-ubunto-16 systemd[1]: fred-pifd.service: Main process exited, code=exited, status=1/FAILURE Dec 30 16:28:07 fred-ubunto-16 systemd[1]: fred-pifd.service: Unit entered failed state. Dec 30 16:28:07 fred-ubunto-16 systemd[1]: fred-pifd.service: Failed with result 'exit-code'. Dec 30 16:28:07 fred-ubunto-16 systemd[1]: fred-pifd.service: Service hold-off time over, scheduling restart. Dec 30 16:28:07 fred-ubunto-16 systemd[1]: Stopped FRED public interface daemon. Dec 30 16:28:07 fred-ubunto-16 systemd[1]: fred-pifd.service: Start request repeated too quickly. Dec 30 16:28:07 fred-ubunto-16 systemd[1]: Failed to start FRED public interface daemon. BUGFIX # cd /etc/fred # ln -s ../init/fred-pifd.conf # cd # systemctl start fred-pifd # systemctl status fred-pifd ● fred-pifd.service - FRED public interface daemon Loaded: loaded (/lib/systemd/system/fred-pifd.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2016-12-30 17:36:47 WET; 10ms ago Main PID: 4941 (fred-pifd) Tasks: 1 Memory: 1.1M CPU: 5ms CGroup: /system.slice/fred-pifd.service └─4941 /usr/sbin/fred-pifd -ORBendPoint giop:tcp::2223 -ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-pifd.conf Dec 30 17:36:47 fred-ubunto-16 systemd[1]: Started FRED public interface daemon. So the bugfix worked :-) Next issue: # systemctl status fred-msgd ● fred-msgd.service - FRED messaging daemon Loaded: loaded (/lib/systemd/system/fred-msgd.service; enabled; vendor preset: enabled) Active: inactive (dead) (Result: exit-code) since Fri 2016-12-30 16:28:06 WET; 1h 9min ago Process: 1258 ExecStart=/usr/sbin/fred-msgd -ORBendPoint giop:tcp::2228 -ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-msgd.conf (code=exited, status=1/FAILURE) Main PID: 1258 (code=exited, status=1/FAILURE) Dec 30 16:28:05 fred-ubunto-16 systemd[1]: fred-msgd.service: Unit entered failed state. Dec 30 16:28:05 fred-ubunto-16 systemd[1]: fred-msgd.service: Failed with result 'exit-code'. Dec 30 16:28:06 fred-ubunto-16 systemd[1]: fred-msgd.service: Service hold-off time over, scheduling restart. Dec 30 16:28:06 fred-ubunto-16 systemd[1]: Stopped FRED messaging daemon. Dec 30 16:28:06 fred-ubunto-16 systemd[1]: fred-msgd.service: Start request repeated too quickly. Dec 30 16:28:06 fred-ubunto-16 systemd[1]: Failed to start FRED messaging daemon. Same thing BUGFIX # cd /etc/init # ln -s ../init/fred-msgd.conf # cd # systemctl start fred-msgd # systemctl status fred-msgd ● fred-msgd.service - FRED messaging daemon Loaded: loaded (/lib/systemd/system/fred-msgd.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2016-12-30 17:38:59 WET; 4s ago Main PID: 5016 (fred-msgd) Tasks: 3 Memory: 1.6M CPU: 20ms CGroup: /system.slice/fred-msgd.service └─5016 /usr/sbin/fred-msgd -ORBendPoint giop:tcp::2228 -ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-msgd.conf Dec 30 17:38:59 fred-ubunto-16 systemd[1]: Started FRED messaging daemon. So the bugfix worked :-) Next issue: # systemctl status fred-adifd ● fred-adifd.service - FRED administration interface daemon Loaded: loaded (/lib/systemd/system/fred-adifd.service; enabled; vendor preset: enabled) Active: inactive (dead) (Result: exit-code) since Fri 2016-12-30 16:28:08 WET; 1h 12min ago Process: 1352 ExecStart=/usr/sbin/fred-adifd -ORBendPoint giop:tcp::2222 -ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-adifd.conf (code=exited, status=1/FAILURE) Main PID: 1352 (code=exited, status=1/FAILURE) Dec 30 16:28:07 fred-ubunto-16 systemd[1]: fred-adifd.service: Unit entered failed state. Dec 30 16:28:07 fred-ubunto-16 systemd[1]: fred-adifd.service: Failed with result 'exit-code'. Dec 30 16:28:08 fred-ubunto-16 systemd[1]: fred-adifd.service: Service hold-off time over, scheduling restart. Dec 30 16:28:08 fred-ubunto-16 systemd[1]: Stopped FRED administration interface daemon. Dec 30 16:28:08 fred-ubunto-16 systemd[1]: fred-adifd.service: Start request repeated too quickly. Dec 30 16:28:08 fred-ubunto-16 systemd[1]: Failed to start FRED administration interface daemon. Again same thing BUGFIX # cd /etc/fred # ln -s ../init/fred-adifd.conf # cd # root@fred-ubunto-16:~# systemctl start fred-adifd # root@fred-ubunto-16:~# systemctl status fred-adifd ● fred-adifd.service - FRED administration interface daemon Loaded: loaded (/lib/systemd/system/fred-adifd.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2016-12-30 17:41:42 WET; 4s ago Main PID: 5128 (fred-adifd) Tasks: 4 Memory: 3.3M CPU: 29ms CGroup: /system.slice/fred-adifd.service └─5128 /usr/sbin/fred-adifd -ORBendPoint giop:tcp::2222 -ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-adifd.conf Dec 30 17:41:42 fred-ubunto-16 systemd[1]: Started FRED administration interface daemon. Final check # fred-status && echo ok ok DONE :-) NOTE fred-status is a local script which looks like this: ####################################################################### #!/bin/sh # File: fred-status.sh # Purpose: Check that fred runs all the 7 required processes # Author: Torkil Zachariassen # Date: 20161209 CMD="ps -u fred --no-headers" count=`$CMD|wc -l` if [ $count -ne 7 ]; then echo ERROR Wrong number of processes $CMD exit 1 fi # return ok return 0 NOTE $ ps -u fred should return the following processes PID TTY TIME CMD 1096 ? 00:01:32 fred-webadmin 1181 ? 00:00:03 fred-logd 1182 ? 00:00:00 fred-rifd 1217 ? 00:00:00 fred-pifd 1218 ? 00:00:01 fred-adifd 3574 ? 00:00:00 fred-msgd 3685 ? 00:00:05 fred-pyfred ####################################################################### It seems that the problem are the following lines in fred-* in /lib/systemd/system: # grep /fred/fred /lib/systemd/system/fred-* /lib/systemd/system/fred-adifd.service:ExecStart=/usr/sbin/fred-adifd -ORBendPoint giop:tcp::2222 -ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-adifd.conf /lib/systemd/system/fred-logd.service:ExecStart=/usr/sbin/fred-logd -ORBendPoint giop:tcp::2226 -ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-logd.conf /lib/systemd/system/fred-msgd.service:ExecStart=/usr/sbin/fred-msgd -ORBendPoint giop:tcp::2228 -ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-msgd.conf /lib/systemd/system/fred-pifd.service:ExecStart=/usr/sbin/fred-pifd -ORBendPoint giop:tcp::2223 -ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-pifd.conf /lib/systemd/system/fred-rifd.service:ExecStart=/usr/sbin/fred-rifd -ORBendPoint giop:tcp::2224 -ORBnativeCharCodeSet UTF-8 --config /etc/fred/fred-rifd.conf as these references configuration files in /etc/fred, whereas the actual configuration files are installed in /etc/init As I am unsure of what the correct solution might be I will leave this issue to the packager Have a nice day :-)

8 years, 11 months

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

fred-users December 2016