Hi,
On Tue, May 23, 2023 at 1:40 PM Georgy Safronov via FreeIPA-users <
[email protected]> wrote:
> Hello! On one of our ipa masters (alma9.2, ipa 4.10.1, CA renewal master)
> we have some problems with pki-tomcat, on neighbour master (alma9.2, ipa
> 4.10.1, ca role) there are no same problems. ipactl status and
> ipa-healthcheck reports all ok, restarting of services also goes normally.
> But in pki debug log have some flood about java exeption:
>
> [root@dc1 ~]# tail -n 57 /var/log/pki/pki-tomcat/pki/debug.2023-05-23.log
> 2023-05-23 14:30:21 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-2] ERROR:
> RESTEASY002010: Failed to execute
> javax.ws.rs.ServiceUnavailableException: ACME service is disabled
>
What is the output of
# ipa-acme-manage status
If it shows "ACME is disabled", it means that the ACME functionality is not
enabled and those logs can safely be ignored.
at
> org.dogtagpki.acme.server.ACMERequestFilter.filter(ACMERequestFilter.java:48)
> at
> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:263)
> at
> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
> at
> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236)
> at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406)
> at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213)
> at
> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228)
> at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
> at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:764)
> at jdk.internal.reflect.GeneratedMethodAccessor49.invoke(Unknown
> Source)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:568)
> at
> org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:280)
> at
> java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
> at
> java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:584)
> at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311)
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:222)
> at
> org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:146)
> at
> java.base/java.security.AccessController.doPrivileged(AccessController.java:569)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
> at
> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
> at jdk.internal.reflect.GeneratedMethodAccessor51.invoke(Unknown
> Source)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:568)
> at
> org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:280)
> at
> java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
> at
> java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:584)
> at
> org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311)
> at
> org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:188)
> at
> org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:146)
> at
> java.base/java.security.AccessController.doPrivileged(AccessController.java:569)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
> at
> com.netscape.cms.tomcat.ExternalAuthenticationValve.invoke(ExternalAuthenticationValve.java:83)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
> at
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)
> at
> org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:433)
> at
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
> at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893)
> at org.apache.tomcat.util.net
> .NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1724)
> at org.apache.tomcat.util.net
> .SocketProcessorBase.run(SocketProcessorBase.java:49)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.base/java.lang.Thread.run(Thread.java:833)
>
> Also have some flood in systemctl status [email protected]
> like:
>
> [root@dc1 ~]# journalctl -u [email protected]
> --no-pager|tail -n 4
> May 23 14:30:17 dc1.id.netrika server[4743]: WARNING: The SHA-1 algorithm
> used in
> org.mozilla.jss.netscape.security.util.CertPrettyPrint::X509toString:329 is
> deprecated. Use a more secure algorithm.
> May 23 14:30:17 dc1.id.netrika server[4743]: WARNING: The MD2 algorithm
> used in
> org.mozilla.jss.netscape.security.util.CertPrettyPrint::X509toString:329 is
> deprecated. Use a more secure algorithm.
> May 23 14:30:17 dc1.id.netrika server[4743]: WARNING: The MD5 algorithm
> used in
> org.mozilla.jss.netscape.security.util.CertPrettyPrint::X509toString:329 is
> deprecated. Use a more secure algorithm.
> May 23 14:30:17 dc1.id.netrika server[4743]: WARNING: The SHA-1 algorithm
> used in
> org.mozilla.jss.netscape.security.util.CertPrettyPrint::X509toString:329 is
> deprecated. Use a more secure algorithm.
>
For the above messages, I would ask help from dogtag at
[email protected]
<https://lists.dogtagpki.org/archives/list/[email protected]/>
flo
> What could be the reason for these messages? And how to fix it? Thank you
> in advance!
> _______________________________________________
> FreeIPA-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/[email protected]
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
