Roberto Cornacchia via FreeIPA-users wrote: > Oh. I hadn't forgotten. This is what happened. > > These are my settings: > > [root@ipa02 etc]# cat sysctl.conf | grep -v '#' > net.ipv6.conf.all.disable_ipv6=0 > net.ipv6.conf.default.disable_ipv6=0 > > These will overwrite my settings: > > [root@ipa02 etc]# cat sysctl.d/anaconda.conf > # Anaconda disabling ipv6 (noipv6 option) > net.ipv6.conf.all.disable_ipv6=1 > net.ipv6.conf.default.disable_ipv6=1 > > Two questions: > - Does FreeIPA (or, some components therein) really require ipv6? During > installation, it forced me to enable it.
ipv6 can listen to both ipv4 and ipv6. It is required. > - If so, these anaconda settings look like a trivial way to break the > system. I didn't install anaconda, but it was probably part of some > dependencies. Can something be done to make this more robust? It isn't a common issue. rob > > Best, Roberto > > On Thu, 17 Nov 2022 at 19:06, Roberto Cornacchia > <[email protected] <mailto:[email protected]>> wrote: > > I found it! > > dirsrv listens on ipv6 only. > I had set net.ipv6.conf.all.disable_ipv6 > and net.ipv6.conf.all.disable_ipv6 to 0, but apparently forgot to > make the change permanent, so after the reboot ipv6 was disabled. > > > > On Thu, 17 Nov 2022 at 18:50, Roberto Cornacchia > <[email protected] <mailto:[email protected]>> > wrote: > > This, however, works: > > # ldapsearch -H ldap://localhost:389 -x uid=roberto > # extended LDIF > # > # LDAPv3 > # base <dc=hq,dc=spinque,dc=com> (default) with scope subtree > # filter: uid=roberto > # requesting: ALL > # > > # roberto, users, compat, hq.spinque.com <http://hq.spinque.com> > dn: uid=roberto,cn=users,cn=compat,dc=hq,dc=spinque,dc=com > [.. omitted ..] > > > On Thu, 17 Nov 2022 at 18:44, Roberto Cornacchia > <[email protected] > <mailto:[email protected]>> wrote: > > > You still have a replication agreement, and until its > removed you will keep seeing these messages. However > it's not related to this issue though. > > > Good to know. I hope there is a way to force removal of that > agreement. > >> - sometimes, but not always, this log also shows: >> ERR - bdb_version_write - Could not open file >> "/dev/shm/slapd-HQ-SPINQUE-COM/DBVERSION" for writing >> Netscape Portable Runtime -5950 (File not found.) > > This might happen after a system reboot. It should be > safe to ignore as long as the server still starts :) > > Again, good to know, thanks > > So looking at the error log it looks like the server is > started. Schema compat plugin is doing its > initialization which is very resource intensive, but the > server should still be working. > > Try doing a ldapsearch just to see if it's responding: > > ldapsearch -H ldap://localhost:389 -b "" -s base -D > "cn=directory manager" -W > > Ouch, I don't have the directory manager password with me at > the moment, I'll have to wait till tomorrow when I go to the > office. > The server is up and listening: > > # netstat -tulnp | grep 389 > tcp6 0 0 :::389 :::* > LISTEN 3575/ns-slapd > > However, it's not just a slow start. > I can start all the other services via systemctl, so things > seem ok, but when much later I do ipactl stop I get: > > # ipactl stop > Failed to read data from Directory Service: Timeout exceeded > Shutting down > > So, it's really not cooperating. > > > > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
