On 11/12/2015 02:17 PM, Terry John wrote:
> I had a working freeipa setup on a CentOS release 6.7 machine. All was well
> until I did a yum update. Now I have multiple issue apparently based around
> the CMS (Service Unavailable) issue.
> My current version of ipa-server is 3.0.0-47
> Certmonger crashes with a segmentation fault at boot time and crashes every
> time I try to restart it when ipa is running.
It of course should not crash, it would be useful to have a backtrace from the
core file that was generated.
> If I stop ipa the start certmonger it starts ok and continues to run when I
> start ipa again but as soon as any requests are made like "getcert list" then
> it crashes again.
> With certmonger still running I can do a request
> # ipa cert-status
> Request id: 20140417164153
> ipa: ERROR: Certificate operation cannot be completed: Unable to communicate
> with CMS (Service Unavailable)
> # service certmonger status
> certmonger (pid 3030) is running...
It looks like PKI cannot be contacted. I would recommend checking
/var/log/httpd/error_log, it may have more details. I would also recommend
checking "ipa cert-show 1", it will probably fail with the same bug.
Next steps may include checking that dogtag service really runs, there is no
SELinux AVC. If neither of this helps, you can check PKI logs /var/log/pki...
to see what went wrong.
Some pointers to logs are for example here:
> This fault with the "Service Unavailable" originally came up when I tried to
> delete a host from the freeip gui
> In the file /var/log/dirsrv/slapd-PKI-IPA/errors file there was a Warning
> about nsslapd-cachememsize not being big enough but I don't know how to
> change it if, indeed this is anything to do with it.
This should not cause this error, it is more about performance tuning, AFAIK.
> Any pointers of where to look next would be much appreciated.
> The Manheim group of companies within the UK comprises: Manheim Europe
> Limited (registered number: 03183918), Manheim Auctions Limited (registered
> number: 00448761), Manheim Retail Services Limited (registered number:
> 02838588), Motors.co.uk Limited (registered number: 05975777), Real Time
> Communications Limited (registered number: 04277845) and Complete Automotive
> Solutions Limited (registered number: 05302535). Each of these companies is
> registered in England and Wales with the registered office address of Central
> House, Leeds Road, Rothwell, Leeds LS26 0JE. The Manheim group of companies
> operates under various brand/trading names including Manheim Inspection
> Services, Manheim Auctions, Manheim Direct, Manheim De-fleet and Manheim
> Aftersales Solutions.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project