george he wrote:

There's only one conf file in /etc/ipa/, which is default.conf. ca_host
is not defined there. But I think my CA is the IPA server.

Everything is reported running:
# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING

but when I try # ipactl restart, it reports:
Starting httpd: [Tue Sep 04 08:19:10 2012] [warn] worker
ajp://localhost:9447/ already used by another worker
[Tue Sep 04 08:19:10 2012] [warn] worker ajp://localhost:9447/ already
used by another worker

This can be ignored, it is a known issue in Apache and doesn't mean anything is wrong. We're tracking an upstream fix for this, https://fedorahosted.org/freeipa/ticket/1853


I would set debug = True in /etc/ipa/default.conf and restart Apache. Then try the host-del again and examine /var/log/httpd/error_log. We currently only log CS connection issues when in debug mode (there is a ticket on that too). The CA log in /var/log/pki-ca/debug may have some tips too.

When a host is deleted we try to revoke its certificate. If we can't talk to the CA then the delete fails.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to