On Tue, 28 Jul 2015, Jan Pazdziora wrote:


Hello,

ever since I started to run FreeIPA 4.2 installations (from upstream
copr repo on Fedora 22), I often (but not always) get

 [13/25]: setting audit signing renewal to 2 years
 [14/25]: restarting certificate server
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart the 
Dogtag instance.See the installation log for details.
 [15/25]: requesting RA certificate from CA
 [error] error: [Errno 111] Connection refused

In the ipaserver-install.log, there is

2015-07-28T11:15:42Z DEBUG Starting external process
2015-07-28T11:15:42Z DEBUG args='/bin/systemctl' 'is-active' 
'pki-tomcatd@pki-tomcat.service'
2015-07-28T11:15:42Z DEBUG Process finished, return code=0
2015-07-28T11:15:42Z DEBUG stdout=active

2015-07-28T11:15:42Z DEBUG stderr=
2015-07-28T11:15:42Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 
300
2015-07-28T11:20:42Z DEBUG Traceback (most recent call last):
 File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", 
line 183, in rest
art_instance
   self.restart(self.dogtag_constants.PKI_INSTANCE_NAME)
 File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
316, in restart
   self.service.restart(instance_name, capture_output=capture_output, wait=wait)
 File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line 
250, in restart
   instance_name, capture_output=capture_output, wait=wait)
 File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 
317, in restart
   self.wait_for_open_ports(self.service_instance(instance_name))
 File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 
272, in wait_for_op
en_ports
   self.api.env.startup_timeout)
 File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1180, in 
wait_for_open_port
s
   raise socket.timeout("Timeout exceeded")
timeout: Timeout exceeded

I do run it in container so it could be related, so I'm mostly looking
for blind hints about what might have changed in the installer or
in dogtag itself in 4.2 that could cause this. For example, did we make
the timeout shorter?    

The timeout is 300:
2015-07-28T11:15:42Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 
300

You can look at dogtag's catalina-<date>.log, to see how long did it
take:
# grep 'Server startup' /var/log/pki/pki-tomcat/catalina.2015-07-24.log INFO: Server startup in 27159 ms
INFO: Server startup in 11323 ms
INFO: Server startup in 10472 ms
INFO: Server startup in 11158 ms
INFO: Server startup in 11194 ms

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to