I would agree with Rob, entropy is likely not one of your root issues.
It may still do you good to have a bit more as it can cause system
slowdown during SSL generation loads.
It's really up to you how you go about generating entropy.
Here is a link with some suggestions
I would suggest you just
yum install haveged
It's worked good for me so far.
On 02/17/2015 12:38 PM, Rob Crittenden wrote:
Thomas Raehalme wrote:
On Tue, Feb 17, 2015 at 6:35 PM, Chris Mohler <cmoh...@oberlin.edu
As I wrote earlier we are having some serious problems with IPA
right now. dirsrv seems to hang every 15 minutes or so, but that's
Are you running in a VM? If so check your entropy.
It should be ~1k less than 50 is not great and caused me some issues
in the past.
Yes, the server is a VM. Entropy value is 135 at the moment. Do you know
how to increase the value?
I don't think that's an issue. It is more a problem during initial
installation than during operation AFAIK.
It seems that slapd/dirsrv is now only listening on port 389 for
LDAP and socket for LDAPI requests. Any idea what could have
caused previously available LDAPS port 636 to disappear?
Did your certificates expire? I usually check the web interface and
look at the SSL Cert in the browser to see when it expires. I bet
there is a better way to check but I don't know it off hand.
No, at least for the web interface certificates expire in August.
It turned out the nsslapd-security was 'off' when it should have been
'on'. I really don't know what had changed the value.
Now I only wish we could resolve what's causing the dirsrv process to
hang (wrote about that in another message last Sunday) about 10 minutes
after IPA services were started.
Evidence suggests that the last upgrade failed so I'd start there. It is
possible some plugins aren't configured properly, for example.
You can try to re-run the upgrade manually. Note that the updater will
disable all listeners while it is running. This is where things went
# /usr/sbin/ipa-ldap-updater --upgrade
If that succeeds:
# ipactl restart
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project