Hello! On one of our ipa masters (alma9.2, ipa 4.10.1, CA renewal master) we
have some problems with pki-tomcat, on neighbour master (alma9.2, ipa 4.10.1,
ca role) there are no same problems. ipactl status and ipa-healthcheck reports
all ok, restarting of services also goes normally. But in pki debug log have
some flood about java exeption:
[root@dc1 ~]# tail -n 57 /var/log/pki/pki-tomcat/pki/debug.2023-05-23.log
2023-05-23 14:30:21 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-2] ERROR:
RESTEASY002010: Failed to execute
javax.ws.rs.ServiceUnavailableException: ACME service is disabled
at
org.dogtagpki.acme.server.ACMERequestFilter.filter(ACMERequestFilter.java:48)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:263)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:764)
at jdk.internal.reflect.GeneratedMethodAccessor49.invoke(Unknown Source)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at
org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:280)
at
java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
at
java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:584)
at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:222)
at
org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:146)
at
java.base/java.security.AccessController.doPrivileged(AccessController.java:569)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at jdk.internal.reflect.GeneratedMethodAccessor51.invoke(Unknown Source)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at
org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:280)
at
java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
at
java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:584)
at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:188)
at
org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:146)
at
java.base/java.security.AccessController.doPrivileged(AccessController.java:569)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
at
com.netscape.cms.tomcat.ExternalAuthenticationValve.invoke(ExternalAuthenticationValve.java:83)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)
at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:433)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1724)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:833)
Also have some flood in systemctl status [email protected] like:
[root@dc1 ~]# journalctl -u [email protected] --no-pager|tail -n 4
May 23 14:30:17 dc1.id.netrika server[4743]: WARNING: The SHA-1 algorithm used
in org.mozilla.jss.netscape.security.util.CertPrettyPrint::X509toString:329 is
deprecated. Use a more secure algorithm.
May 23 14:30:17 dc1.id.netrika server[4743]: WARNING: The MD2 algorithm used in
org.mozilla.jss.netscape.security.util.CertPrettyPrint::X509toString:329 is
deprecated. Use a more secure algorithm.
May 23 14:30:17 dc1.id.netrika server[4743]: WARNING: The MD5 algorithm used in
org.mozilla.jss.netscape.security.util.CertPrettyPrint::X509toString:329 is
deprecated. Use a more secure algorithm.
May 23 14:30:17 dc1.id.netrika server[4743]: WARNING: The SHA-1 algorithm used
in org.mozilla.jss.netscape.security.util.CertPrettyPrint::X509toString:329 is
deprecated. Use a more secure algorithm.
What could be the reason for these messages? And how to fix it? Thank you in
advance!
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
