On Tue, 28 Jul 2015, Jan Pazdziora wrote:
Hello,
ever since I started to run FreeIPA 4.2 installations (from upstream
copr repo on Fedora 22), I often (but not always) get
[13/25]: setting audit signing renewal to 2 years
[14/25]: restarting certificate server
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart the
Dogtag instance.See the installation log for details.
[15/25]: requesting RA certificate from CA
[error] error: [Errno 111] Connection refused
In the ipaserver-install.log, there is
2015-07-28T11:15:42Z DEBUG Starting external process
2015-07-28T11:15:42Z DEBUG args='/bin/systemctl' 'is-active'
'pki-tomcatd@pki-tomcat.service'
2015-07-28T11:15:42Z DEBUG Process finished, return code=0
2015-07-28T11:15:42Z DEBUG stdout=active
2015-07-28T11:15:42Z DEBUG stderr=
2015-07-28T11:15:42Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout
300
2015-07-28T11:20:42Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py",
line 183, in rest
art_instance
self.restart(self.dogtag_constants.PKI_INSTANCE_NAME)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
316, in restart
self.service.restart(instance_name, capture_output=capture_output, wait=wait)
File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line
250, in restart
instance_name, capture_output=capture_output, wait=wait)
File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line
317, in restart
self.wait_for_open_ports(self.service_instance(instance_name))
File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line
272, in wait_for_op
en_ports
self.api.env.startup_timeout)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1180, in
wait_for_open_port
s
raise socket.timeout("Timeout exceeded")
timeout: Timeout exceeded
I do run it in container so it could be related, so I'm mostly looking
for blind hints about what might have changed in the installer or
in dogtag itself in 4.2 that could cause this. For example, did we make
the timeout shorter?
The timeout is 300:
2015-07-28T11:15:42Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout
300
You can look at dogtag's catalina-.log, to see how long did it
take:
# grep 'Server startup' /var/log/pki/pki-tomcat/catalina.2015-07-24.log
INFO: Server startup in 27159 ms
INFO: Server startup in 11323 ms
INFO: Server startup in 10472 ms
INFO: Server startup in 11158 ms
INFO: Server startup in 11194 ms
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code