Licensed under the Apache License, version 2.0. See also: TypeStatus Plus Providers License 11:55:52 (62.Wow, apparently it’s real and it exists? And this is the code? WARNING: cannot verify 's certificate, issued by ‘/O=TESTRELM.TEST/CN=Certificate Authority’: I'll create upstream bug for the hostname issue. In this case, the error message is correct. There is a bug in ipa-server-install that it internally uses wrong hostname after it sets the new one. Workaround is to set correct hostname before installation. Tasks.backup_and_replace_hostname(fstore, sstore, host_name)īut it doesn't update the information used by the dogtag check which then leads to the failure. # configure /etc/sysconfig/network to contain the custom hostname Root_bug("Chosen hostname (%s) differs from system hostname (%s) - change it" \ Ipa-server-install notices that the hostname differs and sets the correct one: ('ca_host', FQDN), # Set in Env._finalize_core() The CA check code wants to contact ca stored in _host, which is initialized upon api initialization. Set the 'ServerName' directive globally to suppress this message DEBUG stderr=AH00557: httpd: apr_sockaddr_info_get() failed for ipaserver1-example-comĪH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. The probable cause is initial hostname of the machine - I assume: ipaserver1-example-com I till have the VM available, was about to scratch it for another test, so I will wait until you are done with it (and use another one for my other testing) It is possible that VM may not have have the newer rpm, and I could not solve this problem for some other testing I needed, so I opened this report. I can use openssl s_client to use the CA, no apparent problems on it. └─1739 java -DRESTEASY_LIB=/usr/share/java/resteasy-base -classpath /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/var/lib/pki/pki-tomcat =/usr/share/tomcat = -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp .file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.ut.įeb 25 16:11:33 server: 4:11:33 PM .HostConfig deployDescriptorįeb 25 16:11:33 server: INFO: Deployment of configuration descriptor /etc/pki/pki-tomcat/Catalina/localhost/ca.xml has finished in 18,262 msįeb 25 16:11:33 server: 4:11:33 PM startįeb 25 16:11:33 server: INFO: Starting ProtocolHandler įeb 25 16:11:34 server: 4:11:34 PM startįeb 25 16:11:34 server: INFO: Starting ProtocolHandler įeb 25 16:11:34 server: 4:11:34 PM .Catalina startįeb 25 16:11:34 server: INFO: Server startup in 28330 ~]# Process: 1594 ExecStartPre=/usr/bin/pkidaemon start tomcat %i (code=exited, status=0/SUCCESS)ĬGroup: /system.slice/system-pki\x2dtomcatd.slice/pki-tomcatd Pki-tomcatd - PKI Tomcat Server pki-tomcatĪctive: active (running) since Wed 16:11:02 PST 6 days ago In my case, there is no CA crash, the CA instance is up and running, and OK: So in upstream 4885, one problem may be if there is some sort of network issue, the CA is seen as down, while it may be up and running. Red Hat Enterprise Linux Server release 7.1 (Maipo) Version-Release number of selected component (if applicable): DEBUG The CA status is: check interrupted DEBUG The httpd proxy is not installed, wait on local port DEBUG wait_for_open_ports: localhost timeout 300 DEBUG args='/bin/systemctl' 'is-active' 'pki-tomcatd.target' DEBUG args='/bin/systemctl' 'start' 'pki-tomcatd.target' Is misleading, it is more like the script cold not connect to the CA, for some reason, and timed out. " ipa-server-install command failed, exception: RuntimeError: CA did not start in 300.0s" The CA is up and running, the problem is wait_for_open_ports in /usr/lib/python2.7/site-packages/ipapython/ipautil.py seem to fail using the TLS range and TLSv1.2 DEBUG The ipa-server-install command failed, exception: RuntimeError: CA did not start in 300.0sīecause the CA is perfectly up and running as per the previous step 3/26 until the begining of step8/27Īnd manually reading the CA status works: DEBUG : starting certificate server instance The error message returned by ipa-server-install in step Having errors while running RHEL 7.1 ipa-server-install after the CA restartīz 1158410 - ipa-server-install failing with error message - CA did not start in 300.0s
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |