Re: [Freeipa-users] Unit pki-tomcatd@pki-tomcat.service entered failed state @ vanilla install on jessie – with log attached

2014-12-11 Thread chymian
 Am Dienstag, 9. Dezember 2014, 23:52:08 schrieb chymian:
 
 Am Dienstag, 9. Dezember 2014, 09:49:04 schrieb Ade Lee:
  On Tue, 2014-12-09 at 13:54 +0100, chymian wrote:
   hey people,
   
   after a successful install of ipa 4.0.5-2 on jessie, the named services
   started flawless during setup. see attached log, Installation summary
   (line 3107) but after reboot, it refuses to start. (did this install a
   couple times, on vanilla jessie)
   
   I can reach  work with Dogtag https://ipa.eb8.lan:8443/ca, but not the
   admin-services on https://ipa.eb8.lan/ca/ee/ca and
   https://ipa.eb8.lan/ca/agent/ca.
   
   
   $ systemctl status pki-tomcatd@pki-tomcat.service
   ● pki-tomcatd@pki-tomcat.service - PKI Tomcat Server pki-tomcat
   
  Loaded: loaded (/lib/systemd/system/pki-tomcatd@.service; enabled)
  Active: failed (Result: resources)
   
   Dez 08 20:40:13 ipa systemd[1]: Starting PKI Tomcat Server pki-tomcat...
   Dez 08 20:40:13 ipa systemd[1]: Failed to load environment files: No
   such file or directory Dez 08 20:40:13 ipa systemd[1]:
   pki-tomcatd@pki-tomcat.service failed to run 'start-pre' task: No such
   file or directory Dez 08 20:40:13 ipa systemd[1]: Failed to start PKI
   Tomcat Server pki-tomcat. Dez 08 20:40:13 ipa systemd[1]: Unit
   pki-tomcatd@pki-tomcat.service entered failed state.  
  Is dogtag actually running?  ps -ef |grep java
 
 it shows:
 pkiuser676 1  0 13:25 ?00:00:26
 /usr/lib/jvm/default-java/bin/java
 -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.proper
 ties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
 -DRESTEASY_LIB=/usr/share/java/
 -Djava.endorsed.dirs=/usr/share/tomcat7/endorsed -classpath
 /usr/share/tomcat7/bin/bootstrap.jar:/var/lib/pki/pki-tomcat/bin/tomcat-jul
 i.jar -Dcatalina.base=/var/lib/pki/pki-tomcat
 -Dcatalina.home=/usr/share/tomcat7
 -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp
 org.apache.catalina.startup.Bootstrap start
 
 is it ment to be, that the dogtag-pki package it’s self is not installed,
 just the dogtag-pki-server-theme is and a couple pki-packages… pki-base,
 pki-ca, pki-server, pki-tools?
 
  You could try restarting it -
  systemctl restart pki-tomcatd@pki-tomcat.service
 
 fails with same log-msg.
 
  The logs should be found in the journal --
  journalctl -u pki-tomcatd@pki-tomcat.service
 
 same as above.
 
  Other debug logs should be found under /var/log/pki/pki-tomcat/.  Please
  provide a tar of that directory.
 
 attached
 
  I am curious what the unit file looks like:  On Fedora, its
  at
  /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.servi
  ce 
 lrwxrwxrwx 1 pkiuser pkiuser 40 Dez  8 20:22 pki-tomcatd@pki-tomcat.service
 - /lib/systemd/system/pki-tomcatd@.service root@ipa
 /etc/systemd/system/pki-tomcatd.target.wants
 $ cat pki-tomcatd@pki-tomcat.service
 [Unit]
 Description=PKI Tomcat Server %i
 After=pki-tomcatd.target network.target
 PartOf=pki-tomcatd.target
 
 [Service]
 Type=simple
 EnvironmentFile=/etc/tomcat/tomcat.conf
 Environment=NAME=%i
 EnvironmentFile=-/etc/default/%i
 ExecStartPre=/usr/bin/pkidaemon start %i
 ExecStart=/usr/libexec/tomcat/server start
 ExecStop=/usr/libexec/tomcat/server stop
 SuccessExitStatus=143
 User=pkiuser
 Group=pkiuser
 
 [Install]
 WantedBy=multi-user.target
 
  which points to an EnvironmentFile /etc/tomcat/tomcat.conf.  Does that
  file exist?
 
 there is not even an dir. /etc/tomcat/, or rather a tomcat.conf in it.
 
 this is what was installed:
 
 ii  libtomcat7-java  7.0.56-1
 ii  libtomcatjss-java7.1.1-2
 ii  tomcat7-common   7.0.56-1
 ii  tomcat7-user 7.0.56-1
 
 and if I would install tomcat7, it would give me an /etc/tomcat7 – not a
 /etc/tomcat
 
 and, here on debian, there is no such dir. /usr/libexec.
 seems that the unitfile is more a centos one.
 
 
 but:
 
 systemctl status pki-tomcatd.service
 ● pki-tomcatd.service - LSB: Start pki-tomcatd at boot time
 
Loaded: loaded (/etc/init.d/pki-tomcatd)
Active: active (running) since Di 2014-12-09 13:25:12 CET; 10h ago
CGroup:
/user.slice/user-0.slice/session-5.scope/system.slice/pki-tomcatd.servic
e
└─676 /usr/lib/jvm/default-java/bin/java
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/log
ging.properties -Djava.util.log... 
 Dez 09 13:25:12 ipa pki-tomcatd[484]: .
 Dez 09 13:25:12 ipa systemd[1]: Started LSB: Start pki-tomcatd at boot time.
 
 
 which is started with a /etc/init.d/pki-tomcatd script, not
 systemd-unit-file – yet. 
  Ade
 
 thx,
 guenter


hello ade,
what happens next?
is there anything I can provide?

should I open a bug with debian/freeIPA team?

have a nice day,
guenter

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] Unit pki-tomcatd@pki-tomcat.service entered failed state @ vanilla install on jessie – with log attached

2014-12-11 Thread Ade Lee
On Tue, 2014-12-09 at 23:52 +0100, chymian wrote:
 Am Dienstag, 9. Dezember 2014, 09:49:04 schrieb Ade Lee:
 
  On Tue, 2014-12-09 at 13:54 +0100, chymian wrote:
 
   hey people,
 
   
 
   after a successful install of ipa 4.0.5-2 on jessie, the named
 services started flawless during setup. see attached log, Installation
 summary (line 3107)
 
   but after reboot, it refuses to start. (did this install a couple
 times, on vanilla jessie)
 
   
 
   I can reach  work with Dogtag https://ipa.eb8.lan:8443/ca, but
 not the admin-services on https://ipa.eb8.lan/ca/ee/ca and
 https://ipa.eb8.lan/ca/agent/ca.
 
   
 
   
 
   $ systemctl status pki-tomcatd@pki-tomcat.service
 
   ● pki-tomcatd@pki-tomcat.service - PKI Tomcat Server pki-tomcat
 
   Loaded: loaded (/lib/systemd/system/pki-tomcatd@.service; enabled)
 
   Active: failed (Result: resources)
 
   
 
   Dez 08 20:40:13 ipa systemd[1]: Starting PKI Tomcat Server
 pki-tomcat...
 
   Dez 08 20:40:13 ipa systemd[1]: Failed to load environment files:
 No such file or directory
 
   Dez 08 20:40:13 ipa systemd[1]: pki-tomcatd@pki-tomcat.service
 failed to run 'start-pre' task: No such file or directory
 
   Dez 08 20:40:13 ipa systemd[1]: Failed to start PKI Tomcat Server
 pki-tomcat.
 
   Dez 08 20:40:13 ipa systemd[1]: Unit
 pki-tomcatd@pki-tomcat.service entered failed state.
 
   
 
   
 
  
 
  Is dogtag actually running? ps -ef |grep java
 
  
 
 it shows:
 
 pkiuser 676 1 0 13:25 ? 00:00:26 /usr/lib/jvm/default-java/bin/java
 -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties
  -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager 
 -DRESTEASY_LIB=/usr/share/java/ 
 -Djava.endorsed.dirs=/usr/share/tomcat7/endorsed -classpath 
 /usr/share/tomcat7/bin/bootstrap.jar:/var/lib/pki/pki-tomcat/bin/tomcat-juli.jar
  -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat7 
 -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp 
 org.apache.catalina.startup.Bootstrap start
 
  
 
 is it ment to be, that the dogtag-pki package it’s self is not
 installed, just the dogtag-pki-server-theme is
 
 and a couple pki-packages… pki-base, pki-ca, pki-server, pki-tools?
 
  
Ok, so as far as I can see, the dogtag CA is in fact up and operational.
The systemctl error messages are probably a result of the systemd unit
scripts not yet being used.

We clearly see that the IPA RA and Jar signing certs are issued with no
problems.  I do notice a few attempts to reach the agent pages which
result in failed authentication.  My guess is that you are trying to
access these pages using the browser and are not providing the agent
cert.

As you have the dogtag-pki-server-theme package installed, you should be
able to reach the UI.  But ..

-- If you try to access the dogtag UI pages through port 80 and 443,
then you are going through the apache instance for IPA.  This instance
talks to Dogtag on the back-end using AJP, and has a proxy configuration
file that only permits certain URL paths to go through.

-- If you want to access the Dogtag UI pages, you need to access
https://host:8443/... or http://host:8080/...

To access the agent pages, you need to import the IPA RA agent
certificate into your browser (and trust the CA cert).  That cert/key is
in the IPA HTTP certdb.  You will need to extract it from there as a p12
file and import it into your browser.

Ade
 
  
 
  
 
  You could try restarting it - 
 
  systemctl restart pki-tomcatd@pki-tomcat.service
 
  
 
 fails with same log-msg.
 
  
 
  
 
  The logs should be found in the journal -- 
 
  journalctl -u pki-tomcatd@pki-tomcat.service
 
  
 
 same as above.
 
  
 
  
 
  Other debug logs should be found under /var/log/pki/pki-tomcat/.
 Please
 
  provide a tar of that directory.
 
  
 
 attached
 
  
 
  I am curious what the unit file looks like: On Fedora, its
 
 
 at /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service
 
  
 
 lrwxrwxrwx 1 pkiuser pkiuser 40 Dez 8 20:22
 pki-tomcatd@pki-tomcat.service
 - /lib/systemd/system/pki-tomcatd@.service
 
 root@ipa /etc/systemd/system/pki-tomcatd.target.wants
 
 $ cat pki-tomcatd@pki-tomcat.service
 
 [Unit]
 
 Description=PKI Tomcat Server %i
 
 After=pki-tomcatd.target network.target
 
 PartOf=pki-tomcatd.target
 
  
 
 [Service]
 
 Type=simple
 
 EnvironmentFile=/etc/tomcat/tomcat.conf
 
 Environment=NAME=%i
 
 EnvironmentFile=-/etc/default/%i
 
 ExecStartPre=/usr/bin/pkidaemon start %i
 
 ExecStart=/usr/libexec/tomcat/server start
 
 ExecStop=/usr/libexec/tomcat/server stop
 
 SuccessExitStatus=143
 
 User=pkiuser
 
 Group=pkiuser
 
  
 
 [Install]
 
 WantedBy=multi-user.target
 
  
 
  
 
  which points to an EnvironmentFile /etc/tomcat/tomcat.conf. Does
 that
 
  file exist?
 
  
 
 there is not even an dir. /etc/tomcat/, or rather a tomcat.conf in it.
 
  
 
 this is what was installed:
 
  
 
 ii libtomcat7-java 7.0.56-1
 
 ii libtomcatjss-java 7.1.1-2
 
 ii tomcat7-common 7.0.56-1
 
 ii 

Re: [Freeipa-users] Unit pki-tomcatd@pki-tomcat.service entered failed state @ vanilla install on jessie – with log attached

2014-12-10 Thread thierry bordaz

On 12/09/2014 11:52 PM, chymian wrote:

Am Dienstag, 9. Dezember 2014, 14:10:48 schrieb thierry bordaz:

On 12/09/2014 01:54 PM, chymian wrote:

hey people,

after a successful install of ipa 4.0.5-2 on jessie, the named services
started flawless during setup. see attached log, Installation summary
(line
3107) but after reboot, it refuses to start. (did this install a couple
times, on vanilla jessie)

I can reach  work with Dogtag https://ipa.eb8.lan:8443/ca, but not the
admin-services on https://ipa.eb8.lan/ca/ee/ca and
https://ipa.eb8.lan/ca/agent/ca.


$ systemctl status pki-tomcatd@pki-tomcat.service
● pki-tomcatd@pki-tomcat.service - PKI Tomcat Server pki-tomcat

Loaded: loaded (/lib/systemd/system/pki-tomcatd@.service; enabled)
Active: failed (Result: resources)

Dez 08 20:40:13 ipa systemd[1]: Starting PKI Tomcat Server pki-tomcat...
Dez 08 20:40:13 ipa systemd[1]: Failed to load environment files: No such
file or directory Dez 08 20:40:13 ipa systemd[1]:
pki-tomcatd@pki-tomcat.service failed to run 'start-pre' task: No such
file
or directory Dez 08 20:40:13 ipa systemd[1]: Failed to start PKI Tomcat
Server pki-tomcat. Dez 08 20:40:13 ipa systemd[1]: Unit
pki-tomcatd@pki-tomcat.service entered failed state.


a second service fails to start:

$ systemctl status dirsrv-snmp.service
● dirsrv-snmp.service - 389 Directory Server SNMP Subagent.

Loaded: loaded (/lib/systemd/system/dirsrv-snmp.service; enabled)
Active: failed (Result: exit-code) since Di 2014-12-09 13:25:04 CET;
5min
ago
   
   Process: 156 ExecStart=/usr/sbin/ldap-agent

   /etc/dirsrv/config/ldap-agent.conf (code=exited, status=1/FAILURE)

Dez 09 13:25:04 ipa systemd[1]: Starting 389 Directory Server SNMP
Subagent Dez 09 13:25:04 ipa ldap-agent[156]: ldap-agent: No server
instances defined in config file Dez 09 13:25:04 ipa systemd[1]:
dirsrv-snmp.service: control process exited, code=exited status=1 Dez 09
13:25:04 ipa systemd[1]: Failed to start 389 Directory Server SNMP
Subagent.. Dez 09 13:25:04 ipa systemd[1]: Unit dirsrv-snmp.service
entered
failed state.

Hello,

regarding this issue. Is there a agent log file under /var/log/dirsrv/agent/
?

thanks
thierry


thierry,
no there aren’t any files, except the slapd-EB8-LAN/ directory in 
/var/log/dirsrv/
not even an  /var/log/dirsrv/agent/

anything else I can provide?


Hello Guenter,

It is looking like no server have been configured in 
/etc/dirsrv/config/ldap-agent.conf to be monitored.

So the ldap-agent started by this service returns an errors at startup.
As you are not using snmp, like Rich said you may ignore this service 
failure.


thanks
thierry
  
thanks,

guenter


except these, I was able to subscribe a jessie-client with autodiscovery
right after I did configure the ipa-server, before first reboot.


any help appreciated, since I do not have much experience with IPA – yet.
guenter


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] Unit pki-tomcatd@pki-tomcat.service entered failed state @ vanilla install on jessie – with log attached

2014-12-10 Thread chymian
Am Mittwoch, 10. Dezember 2014, 10:28:17 schrieb thierry bordaz:
 On 12/09/2014 11:52 PM, chymian wrote:
  Am Dienstag, 9. Dezember 2014, 14:10:48 schrieb thierry bordaz:
 
  On 12/09/2014 01:54 PM, chymian wrote:
  hey people,
 
  after a successful install of ipa 4.0.5-2 on jessie, the named services
  started flawless during setup. see attached log, Installation summary
  (line
  3107) but after reboot, it refuses to start. (did this install a couple
  times, on vanilla jessie)
 
  I can reach  work with Dogtag https://ipa.eb8.lan:8443/ca, but not the
  admin-services on https://ipa.eb8.lan/ca/ee/ca and
  https://ipa.eb8.lan/ca/agent/ca.
 
 
  $ systemctl status pki-tomcatd@pki-tomcat.service
  ● pki-tomcatd@pki-tomcat.service - PKI Tomcat Server pki-tomcat
 
  Loaded: loaded (/lib/systemd/system/pki-tomcatd@.service; enabled)
  Active: failed (Result: resources)
 
  Dez 08 20:40:13 ipa systemd[1]: Starting PKI Tomcat Server pki-tomcat...
  Dez 08 20:40:13 ipa systemd[1]: Failed to load environment files: No such
  file or directory Dez 08 20:40:13 ipa systemd[1]:
  pki-tomcatd@pki-tomcat.service failed to run 'start-pre' task: No such
  file
  or directory Dez 08 20:40:13 ipa systemd[1]: Failed to start PKI Tomcat
  Server pki-tomcat. Dez 08 20:40:13 ipa systemd[1]: Unit
  pki-tomcatd@pki-tomcat.service entered failed state.
 
 
  a second service fails to start:
 
  $ systemctl status dirsrv-snmp.service
  ● dirsrv-snmp.service - 389 Directory Server SNMP Subagent.
 
  Loaded: loaded (/lib/systemd/system/dirsrv-snmp.service; enabled)
  Active: failed (Result: exit-code) since Di 2014-12-09 13:25:04 CET;
  5min
  ago
 
 Process: 156 ExecStart=/usr/sbin/ldap-agent
 /etc/dirsrv/config/ldap-agent.conf (code=exited, status=1/FAILURE)
 
  Dez 09 13:25:04 ipa systemd[1]: Starting 389 Directory Server SNMP
  Subagent Dez 09 13:25:04 ipa ldap-agent[156]: ldap-agent: No server
  instances defined in config file Dez 09 13:25:04 ipa systemd[1]:
  dirsrv-snmp.service: control process exited, code=exited status=1 Dez 09
  13:25:04 ipa systemd[1]: Failed to start 389 Directory Server SNMP
  Subagent.. Dez 09 13:25:04 ipa systemd[1]: Unit dirsrv-snmp.service
  entered
  failed state.
  Hello,
 
  regarding this issue. Is there a agent log file under 
  /var/log/dirsrv/agent/
  ?
 
  thanks
  thierry
 
  thierry,
  no there aren’t any files, except the slapd-EB8-LAN/ directory in 
  /var/log/dirsrv/
  not even an  /var/log/dirsrv/agent/
 
  anything else I can provide?
 
 Hello Guenter,
 
 It is looking like no server have been configured in 
 /etc/dirsrv/config/ldap-agent.conf to be monitored.
 So the ldap-agent started by this service returns an errors at startup.
 As you are not using snmp, like Rich said you may ignore this service 
 failure.
 
 thanks
 thierry

hello thierry,
yes, it’s seems to be empty – same as on a plain cos6/ipa 3.3 installation.
but there, the service does not get started, and therefore, no error is thrown.
may I suggest to do a check in the startup scripts weather a service is 
configured or not, or systemctl disable it by default?

thx for your help
guenter

  

  thanks,
  guenter
 
  except these, I was able to subscribe a jessie-client with autodiscovery
  right after I did configure the ipa-server, before first reboot.
 
 
  any help appreciated, since I do not have much experience with IPA – yet.
  guenter
 


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] Unit pki-tomcatd@pki-tomcat.service entered failed state @ vanilla install on jessie – with log attached

2014-12-09 Thread thierry bordaz

On 12/09/2014 01:54 PM, chymian wrote:

hey people,

after a successful install of ipa 4.0.5-2 on jessie, the named services started 
flawless during setup. see attached log, Installation summary (line 3107)
but after reboot, it refuses to start. (did this install a couple times, on 
vanilla jessie)

I can reach  work with Dogtag https://ipa.eb8.lan:8443/ca, but not the 
admin-services on https://ipa.eb8.lan/ca/ee/ca and https://ipa.eb8.lan/ca/agent/ca.


$ systemctl status pki-tomcatd@pki-tomcat.service
? pki-tomcatd@pki-tomcat.service - PKI Tomcat Server pki-tomcat
Loaded: loaded (/lib/systemd/system/pki-tomcatd@.service; enabled)
Active: failed (Result: resources)

Dez 08 20:40:13 ipa systemd[1]: Starting PKI Tomcat Server pki-tomcat...
Dez 08 20:40:13 ipa systemd[1]: Failed to load environment files: No such file 
or directory
Dez 08 20:40:13 ipa systemd[1]: pki-tomcatd@pki-tomcat.service failed to run 
'start-pre' task: No such file or directory
Dez 08 20:40:13 ipa systemd[1]: Failed to start PKI Tomcat Server pki-tomcat.
Dez 08 20:40:13 ipa systemd[1]: Unit pki-tomcatd@pki-tomcat.service entered 
failed state.


a second service fails to start:

$ systemctl status dirsrv-snmp.service
? dirsrv-snmp.service - 389 Directory Server SNMP Subagent.
Loaded: loaded (/lib/systemd/system/dirsrv-snmp.service; enabled)
Active: failed (Result: exit-code) since Di 2014-12-09 13:25:04 CET; 5min 
ago
   Process: 156 ExecStart=/usr/sbin/ldap-agent 
/etc/dirsrv/config/ldap-agent.conf (code=exited, status=1/FAILURE)

Dez 09 13:25:04 ipa systemd[1]: Starting 389 Directory Server SNMP Subagent
Dez 09 13:25:04 ipa ldap-agent[156]: ldap-agent: No server instances defined in 
config file
Dez 09 13:25:04 ipa systemd[1]: dirsrv-snmp.service: control process exited, 
code=exited status=1
Dez 09 13:25:04 ipa systemd[1]: Failed to start 389 Directory Server SNMP 
Subagent..
Dez 09 13:25:04 ipa systemd[1]: Unit dirsrv-snmp.service entered failed state.


Hello,

regarding this issue. Is there a agent log file under 
/var/log/dirsrv/agent/ ?


thanks
thierry



except these, I was able to subscribe a jessie-client with autodiscovery right 
after I did configure the ipa-server, before first reboot.


any help appreciated, since I do not have much experience with IPA – yet.
guenter




-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] Unit pki-tomcatd@pki-tomcat.service entered failed state @ vanilla install on jessie – with log attached

2014-12-09 Thread Rich Megginson

On 12/09/2014 06:10 AM, thierry bordaz wrote:

On 12/09/2014 01:54 PM, chymian wrote:

hey people,

after a successful install of ipa 4.0.5-2 on jessie, the named services started 
flawless during setup. see attached log, Installation summary (line 3107)
but after reboot, it refuses to start. (did this install a couple times, on 
vanilla jessie)

I can reach  work with Dogtaghttps://ipa.eb8.lan:8443/ca, but not the 
admin-services onhttps://ipa.eb8.lan/ca/ee/ca  andhttps://ipa.eb8.lan/ca/agent/ca.


$ systemctl statuspki-tomcatd@pki-tomcat.service
●pki-tomcatd@pki-tomcat.service  - PKI Tomcat Server pki-tomcat
Loaded: loaded (/lib/systemd/system/pki-tomcatd@.service; enabled)
Active: failed (Result: resources)

Dez 08 20:40:13 ipa systemd[1]: Starting PKI Tomcat Server pki-tomcat...
Dez 08 20:40:13 ipa systemd[1]: Failed to load environment files: No such file 
or directory
Dez 08 20:40:13 ipa systemd[1]:pki-tomcatd@pki-tomcat.service  failed to run 
'start-pre' task: No such file or directory
Dez 08 20:40:13 ipa systemd[1]: Failed to start PKI Tomcat Server pki-tomcat.
Dez 08 20:40:13 ipa systemd[1]: Unitpki-tomcatd@pki-tomcat.service  entered 
failed state.


a second service fails to start:

$ systemctl status dirsrv-snmp.service
● dirsrv-snmp.service - 389 Directory Server SNMP Subagent.
Loaded: loaded (/lib/systemd/system/dirsrv-snmp.service; enabled)
Active: failed (Result: exit-code) since Di 2014-12-09 13:25:04 CET; 5min 
ago
   Process: 156 ExecStart=/usr/sbin/ldap-agent 
/etc/dirsrv/config/ldap-agent.conf (code=exited, status=1/FAILURE)

Dez 09 13:25:04 ipa systemd[1]: Starting 389 Directory Server SNMP Subagent
Dez 09 13:25:04 ipa ldap-agent[156]: ldap-agent: No server instances defined in 
config file
Dez 09 13:25:04 ipa systemd[1]: dirsrv-snmp.service: control process exited, 
code=exited status=1
Dez 09 13:25:04 ipa systemd[1]: Failed to start 389 Directory Server SNMP 
Subagent..
Dez 09 13:25:04 ipa systemd[1]: Unit dirsrv-snmp.service entered failed state.


Hello,

regarding this issue. Is there a agent log file under 
/var/log/dirsrv/agent/ ?


Are you actually trying to use SNMP?  If not, then just ignore this 
service failure.




thanks
thierry


except these, I was able to subscribe a jessie-client with autodiscovery right 
after I did configure the ipa-server, before first reboot.


any help appreciated, since I do not have much experience with IPA – yet.
guenter








-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] Unit pki-tomcatd@pki-tomcat.service entered failed state @ vanilla install on jessie – with log attached

2014-12-09 Thread Ade Lee
On Tue, 2014-12-09 at 13:54 +0100, chymian wrote:
 hey people,
 
 after a successful install of ipa 4.0.5-2 on jessie, the named services 
 started flawless during setup. see attached log, Installation summary (line 
 3107)
 but after reboot, it refuses to start. (did this install a couple times, on 
 vanilla jessie)
 
 I can reach  work with Dogtag https://ipa.eb8.lan:8443/ca, but not the 
 admin-services on https://ipa.eb8.lan/ca/ee/ca and 
 https://ipa.eb8.lan/ca/agent/ca.
 
 
 $ systemctl status pki-tomcatd@pki-tomcat.service
 ● pki-tomcatd@pki-tomcat.service - PKI Tomcat Server pki-tomcat
Loaded: loaded (/lib/systemd/system/pki-tomcatd@.service; enabled)
Active: failed (Result: resources)
 
 Dez 08 20:40:13 ipa systemd[1]: Starting PKI Tomcat Server pki-tomcat...
 Dez 08 20:40:13 ipa systemd[1]: Failed to load environment files: No such 
 file or directory
 Dez 08 20:40:13 ipa systemd[1]: pki-tomcatd@pki-tomcat.service failed to run 
 'start-pre' task: No such file or directory
 Dez 08 20:40:13 ipa systemd[1]: Failed to start PKI Tomcat Server pki-tomcat.
 Dez 08 20:40:13 ipa systemd[1]: Unit pki-tomcatd@pki-tomcat.service entered 
 failed state.
 
 

Is dogtag actually running?  ps -ef |grep java

You could try restarting it - 
systemctl restart pki-tomcatd@pki-tomcat.service

The logs should be found in the journal -- 
journalctl -u pki-tomcatd@pki-tomcat.service

Other debug logs should be found under /var/log/pki/pki-tomcat/.  Please
provide a tar of that directory.

I am curious what the unit file looks like:  On Fedora, its
at /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service
which points to an EnvironmentFile /etc/tomcat/tomcat.conf.  Does that
file exist?

Ade

 a second service fails to start:
 
 $ systemctl status dirsrv-snmp.service
 ● dirsrv-snmp.service - 389 Directory Server SNMP Subagent.
Loaded: loaded (/lib/systemd/system/dirsrv-snmp.service; enabled)
Active: failed (Result: exit-code) since Di 2014-12-09 13:25:04 CET; 5min 
 ago
   Process: 156 ExecStart=/usr/sbin/ldap-agent 
 /etc/dirsrv/config/ldap-agent.conf (code=exited, status=1/FAILURE)
 
 Dez 09 13:25:04 ipa systemd[1]: Starting 389 Directory Server SNMP 
 Subagent
 Dez 09 13:25:04 ipa ldap-agent[156]: ldap-agent: No server instances defined 
 in config file
 Dez 09 13:25:04 ipa systemd[1]: dirsrv-snmp.service: control process exited, 
 code=exited status=1
 Dez 09 13:25:04 ipa systemd[1]: Failed to start 389 Directory Server SNMP 
 Subagent..
 Dez 09 13:25:04 ipa systemd[1]: Unit dirsrv-snmp.service entered failed state.
 
 
 except these, I was able to subscribe a jessie-client with autodiscovery 
 right after I did configure the ipa-server, before first reboot.
 
 
 any help appreciated, since I do not have much experience with IPA – yet.
 guenter


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] Unit pki-tomcatd@pki-tomcat.service entered failed state @ vanilla install on jessie – with log attached

2014-12-09 Thread chymian
 Am Dienstag, 9. Dezember 2014, 14:10:48 schrieb thierry bordaz:
 
 On 12/09/2014 01:54 PM, chymian wrote:
  hey people,
  
  after a successful install of ipa 4.0.5-2 on jessie, the named services
  started flawless during setup. see attached log, Installation summary
  (line
  3107) but after reboot, it refuses to start. (did this install a couple
  times, on vanilla jessie)
  
  I can reach  work with Dogtag https://ipa.eb8.lan:8443/ca, but not the
  admin-services on https://ipa.eb8.lan/ca/ee/ca and
  https://ipa.eb8.lan/ca/agent/ca.
  
  
  $ systemctl status pki-tomcatd@pki-tomcat.service
  ● pki-tomcatd@pki-tomcat.service - PKI Tomcat Server pki-tomcat
  
 Loaded: loaded (/lib/systemd/system/pki-tomcatd@.service; enabled)
 Active: failed (Result: resources)
  
  Dez 08 20:40:13 ipa systemd[1]: Starting PKI Tomcat Server pki-tomcat...
  Dez 08 20:40:13 ipa systemd[1]: Failed to load environment files: No such
  file or directory Dez 08 20:40:13 ipa systemd[1]:
  pki-tomcatd@pki-tomcat.service failed to run 'start-pre' task: No such
  file
  or directory Dez 08 20:40:13 ipa systemd[1]: Failed to start PKI Tomcat
  Server pki-tomcat. Dez 08 20:40:13 ipa systemd[1]: Unit
  pki-tomcatd@pki-tomcat.service entered failed state.
  
  
  a second service fails to start:
  
  $ systemctl status dirsrv-snmp.service
  ● dirsrv-snmp.service - 389 Directory Server SNMP Subagent.
  
 Loaded: loaded (/lib/systemd/system/dirsrv-snmp.service; enabled)
 Active: failed (Result: exit-code) since Di 2014-12-09 13:25:04 CET;
 5min
 ago

Process: 156 ExecStart=/usr/sbin/ldap-agent
/etc/dirsrv/config/ldap-agent.conf (code=exited, status=1/FAILURE)
  
  Dez 09 13:25:04 ipa systemd[1]: Starting 389 Directory Server SNMP
  Subagent Dez 09 13:25:04 ipa ldap-agent[156]: ldap-agent: No server
  instances defined in config file Dez 09 13:25:04 ipa systemd[1]:
  dirsrv-snmp.service: control process exited, code=exited status=1 Dez 09
  13:25:04 ipa systemd[1]: Failed to start 389 Directory Server SNMP
  Subagent.. Dez 09 13:25:04 ipa systemd[1]: Unit dirsrv-snmp.service
  entered
  failed state.
 
 Hello,
 
 regarding this issue. Is there a agent log file under /var/log/dirsrv/agent/
 ?
 
 thanks
 thierry
 

thierry,
no there aren’t any files, except the slapd-EB8-LAN/ directory in 
/var/log/dirsrv/
not even an  /var/log/dirsrv/agent/

anything else I can provide?
 
thanks,
guenter

 
  except these, I was able to subscribe a jessie-client with autodiscovery
  right after I did configure the ipa-server, before first reboot.
  
  
  any help appreciated, since I do not have much experience with IPA – yet.
  guenter

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] Unit pki-tomcatd@pki-tomcat.service entered failed state @ vanilla install on jessie – with log attached

2014-12-09 Thread chymian
Am Dienstag, 9. Dezember 2014, 09:49:04 schrieb Ade Lee:
 On Tue, 2014-12-09 at 13:54 +0100, chymian wrote:
  hey people,
  
  after a successful install of ipa 4.0.5-2 on jessie, the named services 
  started flawless during setup. see attached log, Installation summary (line 
  3107)
  but after reboot, it refuses to start. (did this install a couple times, on 
  vanilla jessie)
  
  I can reach  work with Dogtag https://ipa.eb8.lan:8443/ca, but not the 
  admin-services on https://ipa.eb8.lan/ca/ee/ca and 
  https://ipa.eb8.lan/ca/agent/ca.
  
  
  $ systemctl status pki-tomcatd@pki-tomcat.service
  ● pki-tomcatd@pki-tomcat.service - PKI Tomcat Server pki-tomcat
 Loaded: loaded (/lib/systemd/system/pki-tomcatd@.service; enabled)
 Active: failed (Result: resources)
  
  Dez 08 20:40:13 ipa systemd[1]: Starting PKI Tomcat Server pki-tomcat...
  Dez 08 20:40:13 ipa systemd[1]: Failed to load environment files: No such 
  file or directory
  Dez 08 20:40:13 ipa systemd[1]: pki-tomcatd@pki-tomcat.service failed to 
  run 'start-pre' task: No such file or directory
  Dez 08 20:40:13 ipa systemd[1]: Failed to start PKI Tomcat Server 
  pki-tomcat.
  Dez 08 20:40:13 ipa systemd[1]: Unit pki-tomcatd@pki-tomcat.service entered 
  failed state.
  
  
 
 Is dogtag actually running?  ps -ef |grep java

it shows:
pkiuser676 1  0 13:25 ?00:00:26 
/usr/lib/jvm/default-java/bin/java 
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties 
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager 
-DRESTEASY_LIB=/usr/share/java/ 
-Djava.endorsed.dirs=/usr/share/tomcat7/endorsed -classpath 
/usr/share/tomcat7/bin/bootstrap.jar:/var/lib/pki/pki-tomcat/bin/tomcat-juli.jar
 -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat7 
-Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp 
org.apache.catalina.startup.Bootstrap start

is it ment to be, that the dogtag-pki package it’s self is not installed, just 
the dogtag-pki-server-theme is
and a couple pki-packages… pki-base, pki-ca, pki-server, pki-tools?


 
 You could try restarting it - 
 systemctl restart pki-tomcatd@pki-tomcat.service

fails with same log-msg.

 
 The logs should be found in the journal -- 
 journalctl -u pki-tomcatd@pki-tomcat.service

same as above.

 
 Other debug logs should be found under /var/log/pki/pki-tomcat/.  Please
 provide a tar of that directory.

attached

 I am curious what the unit file looks like:  On Fedora, its
 at /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service

lrwxrwxrwx 1 pkiuser pkiuser 40 Dez  8 20:22 pki-tomcatd@pki-tomcat.service - 
/lib/systemd/system/pki-tomcatd@.service
root@ipa /etc/systemd/system/pki-tomcatd.target.wants
$ cat pki-tomcatd@pki-tomcat.service
[Unit]
Description=PKI Tomcat Server %i
After=pki-tomcatd.target network.target
PartOf=pki-tomcatd.target

[Service]
Type=simple
EnvironmentFile=/etc/tomcat/tomcat.conf
Environment=NAME=%i
EnvironmentFile=-/etc/default/%i
ExecStartPre=/usr/bin/pkidaemon start %i
ExecStart=/usr/libexec/tomcat/server start
ExecStop=/usr/libexec/tomcat/server stop
SuccessExitStatus=143
User=pkiuser
Group=pkiuser

[Install]
WantedBy=multi-user.target


 which points to an EnvironmentFile /etc/tomcat/tomcat.conf.  Does that
 file exist?

there is not even an dir. /etc/tomcat/, or rather a tomcat.conf in it.

this is what was installed:

ii  libtomcat7-java  7.0.56-1
ii  libtomcatjss-java7.1.1-2
ii  tomcat7-common   7.0.56-1
ii  tomcat7-user 7.0.56-1

and if I would install tomcat7, it would give me an /etc/tomcat7 – not a 
/etc/tomcat

and, here on debian, there is no such dir. /usr/libexec.
seems that the unitfile is more a centos one.


but: 

systemctl status pki-tomcatd.service
● pki-tomcatd.service - LSB: Start pki-tomcatd at boot time
   Loaded: loaded (/etc/init.d/pki-tomcatd)
   Active: active (running) since Di 2014-12-09 13:25:12 CET; 10h ago
   CGroup: 
/user.slice/user-0.slice/session-5.scope/system.slice/pki-tomcatd.service
   └─676 /usr/lib/jvm/default-java/bin/java 
-Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties 
-Djava.util.log...

Dez 09 13:25:12 ipa pki-tomcatd[484]: .
Dez 09 13:25:12 ipa systemd[1]: Started LSB: Start pki-tomcatd at boot time.


which is started with a /etc/init.d/pki-tomcatd script, not systemd-unit-file – 
yet.

 
 Ade

thx,
guenter

 
  a second service fails to start:
  
  $ systemctl status dirsrv-snmp.service
  ● dirsrv-snmp.service - 389 Directory Server SNMP Subagent.
 Loaded: loaded (/lib/systemd/system/dirsrv-snmp.service; enabled)
 Active: failed (Result: exit-code) since Di 2014-12-09 13:25:04 CET; 
  5min ago
Process: 156 ExecStart=/usr/sbin/ldap-agent 
  /etc/dirsrv/config/ldap-agent.conf (code=exited, status=1/FAILURE)
  
  Dez 09 13:25:04 ipa systemd[1]: Starting 389 Directory Server SNMP 
  

Re: [Freeipa-users] Unit pki-tomcatd@pki-tomcat.service entered failed state @ vanilla install on jessie – with log attached

2014-12-09 Thread günter
 Am Dienstag, 9. Dezember 2014, 07:26:35 schrieb Rich Megginson:
 
  On 12/09/2014 06:10 AM, thierry bordaz wrote:
  
   On 12/09/2014 01:54 PM, chymian wrote:
   hey people,
   
   after a successful install of ipa 4.0.5-2 on jessie, the named services
   started flawless during setup. see attached log, Installation summary
   (line
   3107) but after reboot, it refuses to start. (did this install a couple
   times, on vanilla jessie)
   
   I can reach  work with Dogtag https://ipa.eb8.lan:8443/ca, but not the
   admin-services on https://ipa.eb8.lan/ca/ee/ca and
   https://ipa.eb8.lan/ca/agent/ca.
   
   
   $ systemctl status pki-tomcatd@pki-tomcat.service
   ● pki-tomcatd@pki-tomcat.service - PKI Tomcat Server pki-tomcat
   
  Loaded: loaded (/lib/systemd/system/pki-tomcatd@.service; enabled)
  Active: failed (Result: resources)
   
   Dez 08 20:40:13 ipa systemd[1]: Starting PKI Tomcat Server pki-tomcat...
   Dez 08 20:40:13 ipa systemd[1]: Failed to load environment files: No
   such
   file or directory Dez 08 20:40:13 ipa systemd[1]:
   pki-tomcatd@pki-tomcat.service failed to run 'start-pre' task: No such
   file
   or directory Dez 08 20:40:13 ipa systemd[1]: Failed to start PKI Tomcat
   Server pki-tomcat. Dez 08 20:40:13 ipa systemd[1]: Unit
   pki-tomcatd@pki-tomcat.service entered failed state.
   
   
   a second service fails to start:
   
   $ systemctl status dirsrv-snmp.service
   ● dirsrv-snmp.service - 389 Directory Server SNMP Subagent.
   
  Loaded: loaded (/lib/systemd/system/dirsrv-snmp.service; enabled)
  Active: failed (Result: exit-code) since Di 2014-12-09 13:25:04 CET;
  5min
  ago
 
 Process: 156 ExecStart=/usr/sbin/ldap-agent
 /etc/dirsrv/config/ldap-agent.conf (code=exited, status=1/FAILURE)
   
   Dez 09 13:25:04 ipa systemd[1]: Starting 389 Directory Server SNMP
   Subagent Dez 09 13:25:04 ipa ldap-agent[156]: ldap-agent: No server
   instances defined in config file Dez 09 13:25:04 ipa systemd[1]:
   dirsrv-snmp.service: control process exited, code=exited status=1 Dez 09
   13:25:04 ipa systemd[1]: Failed to start 389 Directory Server SNMP
   Subagent.. Dez 09 13:25:04 ipa systemd[1]: Unit dirsrv-snmp.service
   entered failed state.
 
 
  Hello,
  
  regarding this issue. Is there a agent log file under
  /var/log/dirsrv/agent/
  ?
  
 Are you actually trying to use SNMP?  If not, then just ignore this
 service
 failure.

rich, 
I thought the same way, since I’m not using SNMP. 
but I’m **very** happy and thankful for all the work, people have done, that 
ipa-server made it to debian – finally \o/ 
so I do, what I can to help iron out the last folds… – which in my case ‘only’ 
is: testing, reporting  testing solutions…

cheers
guenter

  
  
  
  thanks
  thierry
  
   except these, I was able to subscribe a jessie-client with autodiscovery
   right after I did configure the ipa-server, before first reboot.
   
   
   any help appreciated, since I do not have much experience with IPA –
   yet.
   guenter

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project