subject:"\[Freeipa\-users\] ipa fails to start hangs on pki\-tomcatd"

Re: [Freeipa-users] ipa fails to start hangs on pki-tomcatd

2016-12-02 Thread Rob Verduijn

2016-12-01 19:44 GMT+01:00 Rob Verduijn :

>
>
> 2016-12-01 17:20 GMT+01:00 Rob Crittenden :
>
>> Rob Verduijn wrote:
>> >
>> >
>> > 2016-12-01 15:41 GMT+01:00 Rob Crittenden > > >:
>> >
>> > Rob Verduijn wrote:
>> > > Hello,
>> > >
>> > > For some reason my ipa server no longer boots.
>> > > It keeps trying to start pki-tomcat service.
>> > >
>> > > Does anybody know where I should start looking to get this fixed ?
>> > >
>> > > Rob Verduijn
>> > >
>> > > ipactl -d start gives this output:
>> > > ipa: DEBUG: The CA status is: check interrupted due to error:
>> Command
>> > > ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30'
>> '--no-check-certificate'
>> > > 'https://freeipa02.tjako.thuis:8443/ca/admin/ca/getStatus
>> > ''
>> returned
>> > > non-zero exit status 8
>> > > ipa: DEBUG: Waiting for CA to start...
>> > > ipa: DEBUG: Starting external process
>> > > ipa: DEBUG: args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30'
>> > > '--no-check-certificate'
>> > > 'https://freeipa02.tjako.thuis:8443/ca/admin/ca/getStatus
>> > '
>> > > ipa: DEBUG: Process finished, return code=8
>> > > ipa: DEBUG: stdout=
>> > > ipa: DEBUG: stderr=--2016-12-01 11:06:12--
>> > > https://freeipa02.tjako.thuis:8443/ca/admin/ca/getStatus
>> > 
>> > > Resolving freeipa02.tjako.thuis (freeipa02.tjako.thuis)...
>> 172.16.1.13
>> > > Connecting to freeipa02.tjako.thuis
>> > > (freeipa02.tjako.thuis)|172.16.1.13|:8443... connected.
>> > > HTTP request sent, awaiting response...
>> > >   HTTP/1.1 500 Internal Server Error
>> > >   Server: Apache-Coyote/1.1
>> > >   Content-Type: text/html;charset=utf-8
>> > >   Content-Language: en
>> > >   Content-Length: 2134
>> > >   Date: Thu, 01 Dec 2016 10:06:13 GMT
>> > >   Connection: close
>> > > 2016-12-01 11:06:13 ERROR 500: Internal Server Error.
>> > >
>> > > There are also some java warnings in the logs, but its java and I
>> can
>> > > never tell if its a serious error when java gives a warning.
>> > > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
>> > > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > > Dec  1 09:53:59 freeipa02 server: WARNING:
>> > > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > > 'serverCertNickFile' to
>> > > '/var/lib/pki/pki-tomcat/conf/serverCertNick.conf' did not find a
>> > > matching property.
>> > > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
>> > > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > > Dec  1 09:53:59 freeipa02 server: WARNING:
>> > > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > > 'passwordFile' to '/var/lib/pki/pki-tomcat/conf/password.conf'
>> did not
>> > > find a matching property.
>> > > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
>> > > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > > Dec  1 09:53:59 freeipa02 server: WARNING:
>> > > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > > 'passwordClass' to 'org.apache.tomcat.util.net
>> > .jss.PlainPasswordFile'
>> > > did not find a matching property.
>> > > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
>> > > org.apache.catalina.startup.SetAllPropertiesRule begin
>> > > Dec  1 09:53:59 freeipa02 server: WARNING:
>> > > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> > > 'certdbDir' to '/var/lib/pki/pki-tomcat/alias' did not find a
>> matching
>> > > property.
>> > > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
>> > > org.apache.tomcat.util.digester.SetPropertiesRule begin
>> > > Dec  1 09:53:59 freeipa02 server: WARNING:
>> > > [SetPropertiesRule]{Server/Service/Engine/Host} Setting property
>> > > 'xmlValidation' to 'false' did not find a matching property.
>> > > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
>> > > org.apache.tomcat.util.digester.SetPropertiesRule begin
>> > > Dec  1 09:53:59 freeipa02 server: WARNING:
>> > > [SetPropertiesRule]{Server/Service/Engine/Host} Setting property
>> > > 'xmlNamespaceAware' to 'false' did not find a matching property.
>> > >
>> > >
>> > > I'm running centos7.2 x86_64 with the latest patches applied.
>> > > some package versions below
>> > > rpm -qa|egrep "ipa|tomcat"|sort
>> > > ipa-admintools-4.2.0-15.0.1.el7.centos.19.x86_64
>> > > ipa-client-4.2.0-15.0.1.el7.centos.19.x86_64
>> > >

Re: [Freeipa-users] ipa fails to start hangs on pki-tomcatd

2016-12-01 Thread Rob Verduijn

2016-12-01 17:20 GMT+01:00 Rob Crittenden :

> Rob Verduijn wrote:
> >
> >
> > 2016-12-01 15:41 GMT+01:00 Rob Crittenden  > >:
> >
> > Rob Verduijn wrote:
> > > Hello,
> > >
> > > For some reason my ipa server no longer boots.
> > > It keeps trying to start pki-tomcat service.
> > >
> > > Does anybody know where I should start looking to get this fixed ?
> > >
> > > Rob Verduijn
> > >
> > > ipactl -d start gives this output:
> > > ipa: DEBUG: The CA status is: check interrupted due to error:
> Command
> > > ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30'
> '--no-check-certificate'
> > > 'https://freeipa02.tjako.thuis:8443/ca/admin/ca/getStatus
> > ''
> returned
> > > non-zero exit status 8
> > > ipa: DEBUG: Waiting for CA to start...
> > > ipa: DEBUG: Starting external process
> > > ipa: DEBUG: args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30'
> > > '--no-check-certificate'
> > > 'https://freeipa02.tjako.thuis:8443/ca/admin/ca/getStatus
> > '
> > > ipa: DEBUG: Process finished, return code=8
> > > ipa: DEBUG: stdout=
> > > ipa: DEBUG: stderr=--2016-12-01 11:06:12--
> > > https://freeipa02.tjako.thuis:8443/ca/admin/ca/getStatus
> > 
> > > Resolving freeipa02.tjako.thuis (freeipa02.tjako.thuis)...
> 172.16.1.13
> > > Connecting to freeipa02.tjako.thuis
> > > (freeipa02.tjako.thuis)|172.16.1.13|:8443... connected.
> > > HTTP request sent, awaiting response...
> > >   HTTP/1.1 500 Internal Server Error
> > >   Server: Apache-Coyote/1.1
> > >   Content-Type: text/html;charset=utf-8
> > >   Content-Language: en
> > >   Content-Length: 2134
> > >   Date: Thu, 01 Dec 2016 10:06:13 GMT
> > >   Connection: close
> > > 2016-12-01 11:06:13 ERROR 500: Internal Server Error.
> > >
> > > There are also some java warnings in the logs, but its java and I
> can
> > > never tell if its a serious error when java gives a warning.
> > > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> > > org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Dec  1 09:53:59 freeipa02 server: WARNING:
> > > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> > > 'serverCertNickFile' to
> > > '/var/lib/pki/pki-tomcat/conf/serverCertNick.conf' did not find a
> > > matching property.
> > > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> > > org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Dec  1 09:53:59 freeipa02 server: WARNING:
> > > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> > > 'passwordFile' to '/var/lib/pki/pki-tomcat/conf/password.conf'
> did not
> > > find a matching property.
> > > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> > > org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Dec  1 09:53:59 freeipa02 server: WARNING:
> > > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> > > 'passwordClass' to 'org.apache.tomcat.util.net
> > .jss.PlainPasswordFile'
> > > did not find a matching property.
> > > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> > > org.apache.catalina.startup.SetAllPropertiesRule begin
> > > Dec  1 09:53:59 freeipa02 server: WARNING:
> > > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> > > 'certdbDir' to '/var/lib/pki/pki-tomcat/alias' did not find a
> matching
> > > property.
> > > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> > > org.apache.tomcat.util.digester.SetPropertiesRule begin
> > > Dec  1 09:53:59 freeipa02 server: WARNING:
> > > [SetPropertiesRule]{Server/Service/Engine/Host} Setting property
> > > 'xmlValidation' to 'false' did not find a matching property.
> > > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> > > org.apache.tomcat.util.digester.SetPropertiesRule begin
> > > Dec  1 09:53:59 freeipa02 server: WARNING:
> > > [SetPropertiesRule]{Server/Service/Engine/Host} Setting property
> > > 'xmlNamespaceAware' to 'false' did not find a matching property.
> > >
> > >
> > > I'm running centos7.2 x86_64 with the latest patches applied.
> > > some package versions below
> > > rpm -qa|egrep "ipa|tomcat"|sort
> > > ipa-admintools-4.2.0-15.0.1.el7.centos.19.x86_64
> > > ipa-client-4.2.0-15.0.1.el7.centos.19.x86_64
> > > ipa-python-4.2.0-15.0.1.el7.centos.19.x86_64
> > > ipa-server-4.2.0-15.0.1.el7.centos.19.x86_64
> > > ipa-server-dns-4.2.0-15.0.1.el7.centos.19.x86_64
> > >

Re: [Freeipa-users] ipa fails to start hangs on pki-tomcatd

2016-12-01 Thread Rob Crittenden

Rob Verduijn wrote:
> 
> 
> 2016-12-01 15:41 GMT+01:00 Rob Crittenden  >:
> 
> Rob Verduijn wrote:
> > Hello,
> >
> > For some reason my ipa server no longer boots.
> > It keeps trying to start pki-tomcat service.
> >
> > Does anybody know where I should start looking to get this fixed ?
> >
> > Rob Verduijn
> >
> > ipactl -d start gives this output:
> > ipa: DEBUG: The CA status is: check interrupted due to error: Command
> > ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate'
> > 'https://freeipa02.tjako.thuis:8443/ca/admin/ca/getStatus
> '' returned
> > non-zero exit status 8
> > ipa: DEBUG: Waiting for CA to start...
> > ipa: DEBUG: Starting external process
> > ipa: DEBUG: args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30'
> > '--no-check-certificate'
> > 'https://freeipa02.tjako.thuis:8443/ca/admin/ca/getStatus
> '
> > ipa: DEBUG: Process finished, return code=8
> > ipa: DEBUG: stdout=
> > ipa: DEBUG: stderr=--2016-12-01 11:06:12--
> > https://freeipa02.tjako.thuis:8443/ca/admin/ca/getStatus
> 
> > Resolving freeipa02.tjako.thuis (freeipa02.tjako.thuis)... 172.16.1.13
> > Connecting to freeipa02.tjako.thuis
> > (freeipa02.tjako.thuis)|172.16.1.13|:8443... connected.
> > HTTP request sent, awaiting response...
> >   HTTP/1.1 500 Internal Server Error
> >   Server: Apache-Coyote/1.1
> >   Content-Type: text/html;charset=utf-8
> >   Content-Language: en
> >   Content-Length: 2134
> >   Date: Thu, 01 Dec 2016 10:06:13 GMT
> >   Connection: close
> > 2016-12-01 11:06:13 ERROR 500: Internal Server Error.
> >
> > There are also some java warnings in the logs, but its java and I can
> > never tell if its a serious error when java gives a warning.
> > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> > org.apache.catalina.startup.SetAllPropertiesRule begin
> > Dec  1 09:53:59 freeipa02 server: WARNING:
> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> > 'serverCertNickFile' to
> > '/var/lib/pki/pki-tomcat/conf/serverCertNick.conf' did not find a
> > matching property.
> > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> > org.apache.catalina.startup.SetAllPropertiesRule begin
> > Dec  1 09:53:59 freeipa02 server: WARNING:
> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> > 'passwordFile' to '/var/lib/pki/pki-tomcat/conf/password.conf' did not
> > find a matching property.
> > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> > org.apache.catalina.startup.SetAllPropertiesRule begin
> > Dec  1 09:53:59 freeipa02 server: WARNING:
> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> > 'passwordClass' to 'org.apache.tomcat.util.net
> .jss.PlainPasswordFile'
> > did not find a matching property.
> > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> > org.apache.catalina.startup.SetAllPropertiesRule begin
> > Dec  1 09:53:59 freeipa02 server: WARNING:
> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> > 'certdbDir' to '/var/lib/pki/pki-tomcat/alias' did not find a matching
> > property.
> > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> > org.apache.tomcat.util.digester.SetPropertiesRule begin
> > Dec  1 09:53:59 freeipa02 server: WARNING:
> > [SetPropertiesRule]{Server/Service/Engine/Host} Setting property
> > 'xmlValidation' to 'false' did not find a matching property.
> > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> > org.apache.tomcat.util.digester.SetPropertiesRule begin
> > Dec  1 09:53:59 freeipa02 server: WARNING:
> > [SetPropertiesRule]{Server/Service/Engine/Host} Setting property
> > 'xmlNamespaceAware' to 'false' did not find a matching property.
> >
> >
> > I'm running centos7.2 x86_64 with the latest patches applied.
> > some package versions below
> > rpm -qa|egrep "ipa|tomcat"|sort
> > ipa-admintools-4.2.0-15.0.1.el7.centos.19.x86_64
> > ipa-client-4.2.0-15.0.1.el7.centos.19.x86_64
> > ipa-python-4.2.0-15.0.1.el7.centos.19.x86_64
> > ipa-server-4.2.0-15.0.1.el7.centos.19.x86_64
> > ipa-server-dns-4.2.0-15.0.1.el7.centos.19.x86_64
> > libipa_hbac-1.13.0-40.el7_2.12.x86_64
> > python-iniparse-0.4-9.el7.noarch
> > python-libipa_hbac-1.13.0-40.el7_2.12.x86_64
> > sssd-ipa-1.13.0-40.el7_2.12.x86_64
> > tomcat-7.0.54-8.el7_2.noarch
> > tomcat-el-2.2-api-7.0.54-8.el7_2.noarch
> >

Re: [Freeipa-users] ipa fails to start hangs on pki-tomcatd

2016-12-01 Thread Rob Verduijn

2016-12-01 15:41 GMT+01:00 Rob Crittenden :

> Rob Verduijn wrote:
> > Hello,
> >
> > For some reason my ipa server no longer boots.
> > It keeps trying to start pki-tomcat service.
> >
> > Does anybody know where I should start looking to get this fixed ?
> >
> > Rob Verduijn
> >
> > ipactl -d start gives this output:
> > ipa: DEBUG: The CA status is: check interrupted due to error: Command
> > ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate'
> > 'https://freeipa02.tjako.thuis:8443/ca/admin/ca/getStatus'' returned
> > non-zero exit status 8
> > ipa: DEBUG: Waiting for CA to start...
> > ipa: DEBUG: Starting external process
> > ipa: DEBUG: args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30'
> > '--no-check-certificate'
> > 'https://freeipa02.tjako.thuis:8443/ca/admin/ca/getStatus'
> > ipa: DEBUG: Process finished, return code=8
> > ipa: DEBUG: stdout=
> > ipa: DEBUG: stderr=--2016-12-01 11:06:12--
> > https://freeipa02.tjako.thuis:8443/ca/admin/ca/getStatus
> > Resolving freeipa02.tjako.thuis (freeipa02.tjako.thuis)... 172.16.1.13
> > Connecting to freeipa02.tjako.thuis
> > (freeipa02.tjako.thuis)|172.16.1.13|:8443... connected.
> > HTTP request sent, awaiting response...
> >   HTTP/1.1 500 Internal Server Error
> >   Server: Apache-Coyote/1.1
> >   Content-Type: text/html;charset=utf-8
> >   Content-Language: en
> >   Content-Length: 2134
> >   Date: Thu, 01 Dec 2016 10:06:13 GMT
> >   Connection: close
> > 2016-12-01 11:06:13 ERROR 500: Internal Server Error.
> >
> > There are also some java warnings in the logs, but its java and I can
> > never tell if its a serious error when java gives a warning.
> > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> > org.apache.catalina.startup.SetAllPropertiesRule begin
> > Dec  1 09:53:59 freeipa02 server: WARNING:
> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> > 'serverCertNickFile' to
> > '/var/lib/pki/pki-tomcat/conf/serverCertNick.conf' did not find a
> > matching property.
> > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> > org.apache.catalina.startup.SetAllPropertiesRule begin
> > Dec  1 09:53:59 freeipa02 server: WARNING:
> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> > 'passwordFile' to '/var/lib/pki/pki-tomcat/conf/password.conf' did not
> > find a matching property.
> > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> > org.apache.catalina.startup.SetAllPropertiesRule begin
> > Dec  1 09:53:59 freeipa02 server: WARNING:
> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> > 'passwordClass' to 'org.apache.tomcat.util.net.jss.PlainPasswordFile'
> > did not find a matching property.
> > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> > org.apache.catalina.startup.SetAllPropertiesRule begin
> > Dec  1 09:53:59 freeipa02 server: WARNING:
> > [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> > 'certdbDir' to '/var/lib/pki/pki-tomcat/alias' did not find a matching
> > property.
> > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> > org.apache.tomcat.util.digester.SetPropertiesRule begin
> > Dec  1 09:53:59 freeipa02 server: WARNING:
> > [SetPropertiesRule]{Server/Service/Engine/Host} Setting property
> > 'xmlValidation' to 'false' did not find a matching property.
> > Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> > org.apache.tomcat.util.digester.SetPropertiesRule begin
> > Dec  1 09:53:59 freeipa02 server: WARNING:
> > [SetPropertiesRule]{Server/Service/Engine/Host} Setting property
> > 'xmlNamespaceAware' to 'false' did not find a matching property.
> >
> >
> > I'm running centos7.2 x86_64 with the latest patches applied.
> > some package versions below
> > rpm -qa|egrep "ipa|tomcat"|sort
> > ipa-admintools-4.2.0-15.0.1.el7.centos.19.x86_64
> > ipa-client-4.2.0-15.0.1.el7.centos.19.x86_64
> > ipa-python-4.2.0-15.0.1.el7.centos.19.x86_64
> > ipa-server-4.2.0-15.0.1.el7.centos.19.x86_64
> > ipa-server-dns-4.2.0-15.0.1.el7.centos.19.x86_64
> > libipa_hbac-1.13.0-40.el7_2.12.x86_64
> > python-iniparse-0.4-9.el7.noarch
> > python-libipa_hbac-1.13.0-40.el7_2.12.x86_64
> > sssd-ipa-1.13.0-40.el7_2.12.x86_64
> > tomcat-7.0.54-8.el7_2.noarch
> > tomcat-el-2.2-api-7.0.54-8.el7_2.noarch
> > tomcat-jsp-2.2-api-7.0.54-8.el7_2.noarch
> > tomcatjss-7.1.2-1.el7.noarch
> > tomcat-lib-7.0.54-8.el7_2.noarch
> > tomcat-servlet-3.0-api-7.0.54-8.el7_2.noarch
>
> The debug log is quite verbose. I find it helpful to note where the
> previous log ended, starting and pulling the difference and going line
> by line. It sometimes fails in one place which cascades to others this
> generally makes it hard to grok.
>
> I'd also run `getcert list` and check to ensure that the CA subsystem
> certificates are still valid.
>
> rob
>


Hi,

My certs where indeed expired.
I did what was said in here
http://www.freeipa.org/page/Howto/CA_Certificate_Renewal
And now they are all valid again.

However

Re: [Freeipa-users] ipa fails to start hangs on pki-tomcatd

2016-12-01 Thread Rob Crittenden

Rob Verduijn wrote:
> Hello,
> 
> For some reason my ipa server no longer boots.
> It keeps trying to start pki-tomcat service.
> 
> Does anybody know where I should start looking to get this fixed ?
> 
> Rob Verduijn
> 
> ipactl -d start gives this output:
> ipa: DEBUG: The CA status is: check interrupted due to error: Command
> ''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate'
> 'https://freeipa02.tjako.thuis:8443/ca/admin/ca/getStatus'' returned
> non-zero exit status 8
> ipa: DEBUG: Waiting for CA to start...
> ipa: DEBUG: Starting external process
> ipa: DEBUG: args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30'
> '--no-check-certificate'
> 'https://freeipa02.tjako.thuis:8443/ca/admin/ca/getStatus'
> ipa: DEBUG: Process finished, return code=8
> ipa: DEBUG: stdout=
> ipa: DEBUG: stderr=--2016-12-01 11:06:12-- 
> https://freeipa02.tjako.thuis:8443/ca/admin/ca/getStatus
> Resolving freeipa02.tjako.thuis (freeipa02.tjako.thuis)... 172.16.1.13
> Connecting to freeipa02.tjako.thuis
> (freeipa02.tjako.thuis)|172.16.1.13|:8443... connected.
> HTTP request sent, awaiting response...
>   HTTP/1.1 500 Internal Server Error
>   Server: Apache-Coyote/1.1
>   Content-Type: text/html;charset=utf-8
>   Content-Language: en
>   Content-Length: 2134
>   Date: Thu, 01 Dec 2016 10:06:13 GMT
>   Connection: close
> 2016-12-01 11:06:13 ERROR 500: Internal Server Error.
> 
> There are also some java warnings in the logs, but its java and I can
> never tell if its a serious error when java gives a warning.
> Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> org.apache.catalina.startup.SetAllPropertiesRule begin
> Dec  1 09:53:59 freeipa02 server: WARNING:
> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'serverCertNickFile' to
> '/var/lib/pki/pki-tomcat/conf/serverCertNick.conf' did not find a
> matching property.
> Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> org.apache.catalina.startup.SetAllPropertiesRule begin
> Dec  1 09:53:59 freeipa02 server: WARNING:
> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'passwordFile' to '/var/lib/pki/pki-tomcat/conf/password.conf' did not
> find a matching property.
> Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> org.apache.catalina.startup.SetAllPropertiesRule begin
> Dec  1 09:53:59 freeipa02 server: WARNING:
> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'passwordClass' to 'org.apache.tomcat.util.net.jss.PlainPasswordFile'
> did not find a matching property.
> Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> org.apache.catalina.startup.SetAllPropertiesRule begin
> Dec  1 09:53:59 freeipa02 server: WARNING:
> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'certdbDir' to '/var/lib/pki/pki-tomcat/alias' did not find a matching
> property.
> Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> org.apache.tomcat.util.digester.SetPropertiesRule begin
> Dec  1 09:53:59 freeipa02 server: WARNING:
> [SetPropertiesRule]{Server/Service/Engine/Host} Setting property
> 'xmlValidation' to 'false' did not find a matching property.
> Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
> org.apache.tomcat.util.digester.SetPropertiesRule begin
> Dec  1 09:53:59 freeipa02 server: WARNING:
> [SetPropertiesRule]{Server/Service/Engine/Host} Setting property
> 'xmlNamespaceAware' to 'false' did not find a matching property.
> 
> 
> I'm running centos7.2 x86_64 with the latest patches applied.
> some package versions below
> rpm -qa|egrep "ipa|tomcat"|sort
> ipa-admintools-4.2.0-15.0.1.el7.centos.19.x86_64
> ipa-client-4.2.0-15.0.1.el7.centos.19.x86_64
> ipa-python-4.2.0-15.0.1.el7.centos.19.x86_64
> ipa-server-4.2.0-15.0.1.el7.centos.19.x86_64
> ipa-server-dns-4.2.0-15.0.1.el7.centos.19.x86_64
> libipa_hbac-1.13.0-40.el7_2.12.x86_64
> python-iniparse-0.4-9.el7.noarch
> python-libipa_hbac-1.13.0-40.el7_2.12.x86_64
> sssd-ipa-1.13.0-40.el7_2.12.x86_64
> tomcat-7.0.54-8.el7_2.noarch
> tomcat-el-2.2-api-7.0.54-8.el7_2.noarch
> tomcat-jsp-2.2-api-7.0.54-8.el7_2.noarch
> tomcatjss-7.1.2-1.el7.noarch
> tomcat-lib-7.0.54-8.el7_2.noarch
> tomcat-servlet-3.0-api-7.0.54-8.el7_2.noarch

The debug log is quite verbose. I find it helpful to note where the
previous log ended, starting and pulling the difference and going line
by line. It sometimes fails in one place which cascades to others this
generally makes it hard to grok.

I'd also run `getcert list` and check to ensure that the CA subsystem
certificates are still valid.

rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] ipa fails to start hangs on pki-tomcatd

2016-12-01 Thread Rob Verduijn

Hello,

For some reason my ipa server no longer boots.
It keeps trying to start pki-tomcat service.

Does anybody know where I should start looking to get this fixed ?

Rob Verduijn

ipactl -d start gives this output:
ipa: DEBUG: The CA status is: check interrupted due to error: Command
''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' '
https://freeipa02.tjako.thuis:8443/ca/admin/ca/getStatus'' returned
non-zero exit status 8
ipa: DEBUG: Waiting for CA to start...
ipa: DEBUG: Starting external process
ipa: DEBUG: args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30'
'--no-check-certificate' '
https://freeipa02.tjako.thuis:8443/ca/admin/ca/getStatus'
ipa: DEBUG: Process finished, return code=8
ipa: DEBUG: stdout=
ipa: DEBUG: stderr=--2016-12-01 11:06:12--
https://freeipa02.tjako.thuis:8443/ca/admin/ca/getStatus
Resolving freeipa02.tjako.thuis (freeipa02.tjako.thuis)... 172.16.1.13
Connecting to freeipa02.tjako.thuis
(freeipa02.tjako.thuis)|172.16.1.13|:8443... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 500 Internal Server Error
  Server: Apache-Coyote/1.1
  Content-Type: text/html;charset=utf-8
  Content-Language: en
  Content-Length: 2134
  Date: Thu, 01 Dec 2016 10:06:13 GMT
  Connection: close
2016-12-01 11:06:13 ERROR 500: Internal Server Error.

There are also some java warnings in the logs, but its java and I can never
tell if its a serious error when java gives a warning.
Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
org.apache.catalina.startup.SetAllPropertiesRule begin
Dec  1 09:53:59 freeipa02 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'serverCertNickFile' to '/var/lib/pki/pki-tomcat/conf/serverCertNick.conf'
did not find a matching property.
Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
org.apache.catalina.startup.SetAllPropertiesRule begin
Dec  1 09:53:59 freeipa02 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'passwordFile' to '/var/lib/pki/pki-tomcat/conf/password.conf' did not find
a matching property.
Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
org.apache.catalina.startup.SetAllPropertiesRule begin
Dec  1 09:53:59 freeipa02 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'passwordClass' to 'org.apache.tomcat.util.net.jss.PlainPasswordFile' did
not find a matching property.
Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
org.apache.catalina.startup.SetAllPropertiesRule begin
Dec  1 09:53:59 freeipa02 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'certdbDir' to '/var/lib/pki/pki-tomcat/alias' did not find a matching
property.
Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
org.apache.tomcat.util.digester.SetPropertiesRule begin
Dec  1 09:53:59 freeipa02 server: WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host} Setting property
'xmlValidation' to 'false' did not find a matching property.
Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
org.apache.tomcat.util.digester.SetPropertiesRule begin
Dec  1 09:53:59 freeipa02 server: WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host} Setting property
'xmlNamespaceAware' to 'false' did not find a matching property.


I'm running centos7.2 x86_64 with the latest patches applied.
some package versions below
rpm -qa|egrep "ipa|tomcat"|sort
ipa-admintools-4.2.0-15.0.1.el7.centos.19.x86_64
ipa-client-4.2.0-15.0.1.el7.centos.19.x86_64
ipa-python-4.2.0-15.0.1.el7.centos.19.x86_64
ipa-server-4.2.0-15.0.1.el7.centos.19.x86_64
ipa-server-dns-4.2.0-15.0.1.el7.centos.19.x86_64
libipa_hbac-1.13.0-40.el7_2.12.x86_64
python-iniparse-0.4-9.el7.noarch
python-libipa_hbac-1.13.0-40.el7_2.12.x86_64
sssd-ipa-1.13.0-40.el7_2.12.x86_64
tomcat-7.0.54-8.el7_2.noarch
tomcat-el-2.2-api-7.0.54-8.el7_2.noarch
tomcat-jsp-2.2-api-7.0.54-8.el7_2.noarch
tomcatjss-7.1.2-1.el7.noarch
tomcat-lib-7.0.54-8.el7_2.noarch
tomcat-servlet-3.0-api-7.0.54-8.el7_2.noarch
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] ipa fails to start hangs on pki-tomcatd

Re: [Freeipa-users] ipa fails to start hangs on pki-tomcatd

Re: [Freeipa-users] ipa fails to start hangs on pki-tomcatd

Re: [Freeipa-users] ipa fails to start hangs on pki-tomcatd

Re: [Freeipa-users] ipa fails to start hangs on pki-tomcatd

[Freeipa-users] ipa fails to start hangs on pki-tomcatd

6 matches

Site Navigation

Mail list logo

Footer information