Hello,

Today I realized that the https certificate for my freeipa web ui has
expired.
I tried to renew it using:
#ipa-cacert-manage renew
Renewing CA certificate, please wait


CA certificate successfully renewed
The ipa-cacert-manage command was successful

So it seemed to went well. I tried to restart ipa but it failed:
# ipactl start
Starting Directory Service
Starting krb5kdc Service
Starting kadmin Service
Starting named Service
Starting ipa_memcached Service
Starting httpd Service
Job for httpd.service failed because the control process exited with error
code. See "systemctl status httpd.service" and "journalctl -xe" for details.
Failed to start httpd Service
Shutting down


What went wrong ? I'm running in a freeipa-server docker on a linux
server...
It is quite a big deal since I can not run my master freeipa anymore even
from a backup !

Moreover, even after starting from a backup of the ipa data, the httpd
service still fails.
Could it be caused by the replica server ?

Thanks.

logs
===


# systemctl status httpd.service
* httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service)
  Drop-In: /usr/lib/systemd/system/httpd.service.d
           `-abc.conf
   Active: failed (Result: exit-code) since Tue 2017-07-11 17:21:57 CEST;
3min 52s ago
  Process: 28719 ExecStopPost=/usr/bin/kdestroy -A (code=exited,
status=0/SUCCESS)
  Process: 28717 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
(code=exited, status=1/FAILURE)
  Process: 28716 ExecStartPre=/usr/libexec/ipa/ipa-httpd-kdcproxy
(code=exited, status=0/SUCCESS)
 Main PID: 28717 (code=exited, status=1/FAILURE)

Jul 11 17:21:56 ipa.quartzbio.com systemd[1]: Starting The Apache HTTP
Server...
Jul 11 17:21:56 ipa.quartzbio.com ipa-httpd-kdcproxy[28716]: ipa         :
INFO     KDC proxy enabled
Jul 11 17:21:57 ipa.quartzbio.com systemd[1]: httpd.service: Main process
exited, code=exited, status=1/FAILURE
Jul 11 17:21:57 ipa.quartzbio.com systemd[1]: Failed to start The Apache
HTTP Server.
Jul 11 17:21:57 ipa.quartzbio.com systemd[1]: httpd.service: Unit entered
failed state.
Jul 11 17:21:57 ipa.quartzbio.com systemd[1]: httpd.service: Failed with
result 'exit-code'.
Jul 11 17:21:57 ipa.quartzbio.com systemd[1]: Stopped The Apache HTTP
Server.


and (excerpt from journalctl -xe)

-- The start-up result is done.
Jul 11 17:29:15 ipa.quartzbio.com polkitd[28301]: Unregistered
Authentication Agent for unix-process:28918:604682378 (system bus
name :1.41, object path /org/freedesktop/PolicyKit1/AuthenticationAgent,
locale C) (disconnected from bus)
Jul 11 17:29:15 ipa.quartzbio.com polkitd[28301]: Registered Authentication
Agent for unix-process:28932:604682393 (system bus na
me :1.42 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path
/org/freedesktop/PolicyKit1/AuthenticationAgent, locale C)
Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: systemd-hwdb-update.service:
Cannot add dependency job, ignoring: Unit systemd-hwdb
-update.service is masked.
Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: dev-hugepages.mount: Cannot
add dependency job, ignoring: Unit dev-hugepages.mount
is masked.
Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: ldconfig.service: Cannot add
dependency job, ignoring: Unit ldconfig.service is mas
ked.
Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: swap.target: Cannot add
dependency job, ignoring: Unit swap.target is masked.
Jul 11 17:29:15 ipa.quartzbio.com systemd[1]:
sys-fs-fuse-connections.mount: Cannot add dependency job, ignoring: Unit
sys-fs-fus
e-connections.mount is masked.
Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: local-fs.target: Cannot add
dependency job, ignoring: Unit local-fs.target is maske
d.
Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: systemd-update-done.service:
Cannot add dependency job, ignoring: Unit systemd-upda
te-done.service is masked.
Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: slices.target: Cannot add
dependency job, ignoring: Unit slices.target is masked.

Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: dnf-makecache.timer: Cannot
add dependency job, ignoring: Unit dnf-makecache.timer
is masked.
Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: fedora-autorelabel-mark.service:
Cannot add dependency job, ignoring: Unit fedora-a
utorelabel-mark.service is masked.
Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: rpcbind.socket: Cannot add
dependency job, ignoring: Unit rpcbind.socket is masked.

Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: Starting The Apache HTTP
Server...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit httpd.service has begun starting up.
Jul 11 17:29:15 ipa.quartzbio.com named-pkcs11[28910]: checkhints: unable
to get root NS rrset from cache: not found
Jul 11 17:29:15 ipa.quartzbio.com named-pkcs11[28910]: zone
70.9.10.in-addr.arpa/IN: sending notifies (serial 1499786955)
Jul 11 17:29:15 ipa.quartzbio.com named-pkcs11[28910]: zone
70.9.10.in-addr.arpa/IN: loaded serial 1499786955
Jul 11 17:29:15 ipa.quartzbio.com named-pkcs11[28910]: zone
0.17.172.in-addr.arpa/IN: sending notifies (serial 1499786955)
Jul 11 17:29:15 ipa.quartzbio.com named-pkcs11[28910]: zone
0.17.172.in-addr.arpa/IN: loaded serial 1499786955
Jul 11 17:29:15 ipa.quartzbio.com named-pkcs11[28910]: zone quartzbio.com/IN:
sending notifies (serial 1499786955)
Jul 11 17:29:15 ipa.quartzbio.com named-pkcs11[28910]: zone quartzbio.com/IN:
loaded serial 1499786955
Jul 11 17:29:15 ipa.quartzbio.com named-pkcs11[28910]: 3 master zones from
LDAP instance 'ipa' loaded (3 zones defined, 0 inactive, 0 f
ailed to load)
Jul 11 17:29:15 ipa.quartzbio.com named-pkcs11[28910]: checkhints: unable
to get root NS rrset from cache: not found
Jul 11 17:29:16 ipa.quartzbio.com ns-slapd[28813]: GSSAPI client step 1
Jul 11 17:29:16 ipa.quartzbio.com ns-slapd[28813]: GSSAPI client step 1
Jul 11 17:29:16 ipa.quartzbio.com ipa-httpd-kdcproxy[28938]: ipa         :
INFO     KDC proxy enabled
Jul 11 17:29:16 ipa.quartzbio.com systemd[1]: httpd.service: Main process
exited, code=exited, status=1/FAILURE
Jul 11 17:29:16 ipa.quartzbio.com systemd[1]: Failed to start The Apache
HTTP Server.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit httpd.service has failed.
-- 
-- The result is failed.
Jul 11 17:29:16 ipa.quartzbio.com systemd[1]: httpd.service: Unit entered
failed state.
Jul 11 17:29:16 ipa.quartzbio.com systemd[1]: httpd.service: Failed with
result 'exit-code'.
Jul 11 17:29:16 ipa.quartzbio.com polkitd[28301]: Unregistered
Authentication Agent for unix-process:28932:604682393 (system bus
name :1.42, object path /org/freedesktop/PolicyKit1/AuthenticationAgent,
locale C) (disconnected from bus)
Jul 11 17:29:16 ipa.quartzbio.com polkitd[28301]: Registered Authentication
Agent for unix-process:28944:604682474 (system bus na
me :1.43 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path
/org/freedesktop/PolicyKit1/AuthenticationAgent, locale C)
Jul 11 17:29:16 ipa.quartzbio.com systemd[1]: Stopping Kerberos 5 KDC...
-- Subject: Unit krb5kdc.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to