subject:"Re\: \[Freeipa\-devel\] 4.2\: ipa.ipaserver.install.cainstance.CAInstance\: CRITICAL Failed to restart the Dogtag instance."

Re: [Freeipa-devel] 4.2: ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart the Dogtag instance.

2015-07-28 Thread Jan Pazdziora

On Tue, Jul 28, 2015 at 03:56:47PM +0200, Jan Pazdziora wrote:
> 
> INFO: Server startup in 5444 ms
> INFO: Server startup in 5936 ms
> INFO: Server startup in 5804 ms

Running netstat at the time when the tomcat should have restarted and
be ready shows

# /usr/bin/netstat -tln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address   Foreign Address State  
tcp6   0  0 127.0.0.1:8005  :::*LISTEN 
tcp6   0  0 :::389  :::*LISTEN 
tcp6   0  0 127.0.0.1:8009  :::*LISTEN 
tcp6   0  0 :::8443 :::*LISTEN 

The :::8080 is missing. Will try to figure out what causes 8443
listen to happen but not 8080.

-- 
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] 4.2: ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart the Dogtag instance.

2015-07-28 Thread Jan Pazdziora

On Tue, Jul 28, 2015 at 03:25:50PM +0300, Alexander Bokovoy wrote:
> On Tue, 28 Jul 2015, Jan Pazdziora wrote:
> >
> >I do run it in container so it could be related, so I'm mostly looking
> >for blind hints about what might have changed in the installer or
> >in dogtag itself in 4.2 that could cause this. For example, did we make
> >the timeout shorter? 
> 
> The timeout is 300:
> >2015-07-28T11:15:42Z DEBUG wait_for_open_ports: localhost [8080, 8443] 
> >timeout 300
> 
> You can look at dogtag's catalina-.log, to see how long did it
> take:
> # grep 'Server startup' /var/log/pki/pki-tomcat/catalina.2015-07-24.log
> INFO: Server startup in 27159 ms
> INFO: Server startup in 11323 ms
> INFO: Server startup in 10472 ms
> INFO: Server startup in 11158 ms
> INFO: Server startup in 11194 ms

INFO: Server startup in 5444 ms
INFO: Server startup in 5936 ms
INFO: Server startup in 5804 ms

-- 
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] 4.2: ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart the Dogtag instance.

2015-07-28 Thread Alexander Bokovoy


On Tue, 28 Jul 2015, Jan Pazdziora wrote:


Hello,

ever since I started to run FreeIPA 4.2 installations (from upstream
copr repo on Fedora 22), I often (but not always) get

 [13/25]: setting audit signing renewal to 2 years
 [14/25]: restarting certificate server
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart the 
Dogtag instance.See the installation log for details.
 [15/25]: requesting RA certificate from CA
 [error] error: [Errno 111] Connection refused

In the ipaserver-install.log, there is

2015-07-28T11:15:42Z DEBUG Starting external process
2015-07-28T11:15:42Z DEBUG args='/bin/systemctl' 'is-active' 
'pki-tomcatd@pki-tomcat.service'
2015-07-28T11:15:42Z DEBUG Process finished, return code=0
2015-07-28T11:15:42Z DEBUG stdout=active

2015-07-28T11:15:42Z DEBUG stderr=
2015-07-28T11:15:42Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 
300
2015-07-28T11:20:42Z DEBUG Traceback (most recent call last):
 File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", 
line 183, in rest
art_instance
   self.restart(self.dogtag_constants.PKI_INSTANCE_NAME)
 File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 
316, in restart
   self.service.restart(instance_name, capture_output=capture_output, wait=wait)
 File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line 
250, in restart
   instance_name, capture_output=capture_output, wait=wait)
 File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 
317, in restart
   self.wait_for_open_ports(self.service_instance(instance_name))
 File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 
272, in wait_for_op
en_ports
   self.api.env.startup_timeout)
 File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1180, in 
wait_for_open_port
s
   raise socket.timeout("Timeout exceeded")
timeout: Timeout exceeded

I do run it in container so it could be related, so I'm mostly looking
for blind hints about what might have changed in the installer or
in dogtag itself in 4.2 that could cause this. For example, did we make
the timeout shorter?


The timeout is 300:

2015-07-28T11:15:42Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 
300


You can look at dogtag's catalina-.log, to see how long did it
take:
# grep 'Server startup' /var/log/pki/pki-tomcat/catalina.2015-07-24.log 
INFO: Server startup in 27159 ms

INFO: Server startup in 11323 ms
INFO: Server startup in 10472 ms
INFO: Server startup in 11158 ms
INFO: Server startup in 11194 ms

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] 4.2: ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart the Dogtag instance.

Re: [Freeipa-devel] 4.2: ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart the Dogtag instance.

Re: [Freeipa-devel] 4.2: ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart the Dogtag instance.

3 matches

Site Navigation

Mail list logo

Footer information