[Freeipa-users] Re: c9s - Java update brakes IPA - ?

Wed, 20 Apr 2022 06:16:09 -0700 


On 20/04/2022 13:58, Alexander Bokovoy wrote:

On ke, 20 huhti 2022, lejeczek via FreeIPA-users wrote:

Hi guys.


@devel perhaps could comment if it's Java among package 
updates which breaks PKI ?


...

ipa-pki-wait-running: Connection failed: 
HTTPConnectionPool(host='whale.mine.private', port=8080): 
Max retries exceeded with url: /ca/admin/ca/getStatus 
(Caused by 
NewConnectionError('<urllib3.connection.HTTPConnection 
object at 0x7f9c31d7ba60>: Failed to establish a new 
connection: [Errno 111] Connection refused'))
WARNING: Some of the specified [protocols] are not 
supported by the SSL engine and have been skipped: 
[[TLSv1, TLSv1.1]]
SEVERE: Error deploying deployment descriptor 
[/etc/pki/pki-tomcat/Catalina/localhost/ca.xml]

java.lang.IllegalStateException: Error starting child

    at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:720)



    at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:720)



    at 
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:129)



    at 
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:150)



    at 
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:140)



    at 
java.base/java.security.AccessController.doPrivileged(Native 
Method)
    at 
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:688) 




    at 
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:706) 



...
...

    at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:717)


    ... 41 more

Caused by: java.lang.UnsupportedClassVersionError: 
netscape/ldap/LDAPException has been compiled by a more 
recent version of the Java Runtime (class file version 
61.0), this version of the Java Runtime only recognizes 
class file versions up to 55.0
    at 
java.base/java.lang.ClassLoader.defineClass1(Native Method)
    at 
java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1017) 



...

SEVERE: One or more listeners failed to start. Full 
details will be found in the appropriate container log file
SEVERE: Context [/acme] startup failed due to previous 
errors

WARNING: An illegal reflective access operation has occurred

WARNING: Illegal reflective access by 
org.apache.catalina.loader.WebappClassLoaderBase 
(file:/usr/share/java/tomcat/catalina.jar) to field 
java.io.ObjectStreamClass$Caches.localDescs
WARNING: Please consider reporting this to the 
maintainers of 
org.apache.catalina.loader.WebappClassLoaderBase
WARNING: Use --illegal-access=warn to enable warnings of 
further illegal reflective access operations

...

java-11-openjdk-devel-11.0.15.0.1-0.1.ea.el9.x86_64
ipa-server-4.9.8-6.el9.x86_64

or this is some issue irrespective of java?



It looks like some inconsistency between PKI and Java 
packages.



I also noticed you have a previous CentOS 9 Stream compose 
as ipa-server
4.9.8-8.el9 is now available. Perhaps, many packages were 
upgraded in it

as well and you might get a better chance?


sorry, wrong c&p from me, that 4.9.8-8.el9 went in along 
with other updates, that was when PKI broke.



Anyway, I asked PKI developers to check what's up with 
these different

bytecode versions.


_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure






















					Reply via email to