Hi,
On Thu, Aug 11, 2022 at 1:43 PM lol lol via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
Yes, I have checked ports and no process is running on port 8009, tcp
nor
udp.
Restarting pki-tomcatd(a)pki-tomcat.service takes forever and eventually
fails because of timeout.
systemctl restart pki-tomcatd(a)pki-tomcat.service
Job for pki-tomcatd(a)pki-tomcat.service failed because a timeout was
exceeded.
See "systemctl status pki-tomcatd(a)pki-tomcat.service" and "journalctl
-xe" for details.
journalctl -xe
août 11 13:31:39 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:31:40 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:31:41 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:31:42 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:31:43 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:31:44 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:31:45 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:31:46 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:31:47 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:31:48 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:31:49 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:31:50 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:31:51 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:31:52 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:31:53 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:31:54 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:31:56 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:31:57 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:31:58 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:31:59 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:32:00 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:32:01 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:32:02 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:32:03 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:32:04 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:32:05 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:32:06 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:32:07 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:32:08 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:32:09 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:32:10 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:32:11 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:32:12 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:32:13 ipa.domain.priv ipa-pki-wait-running[79555]:
ipa-pki-wait-running: Connection failed:
HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded
with url: /ca/>
août 11 13:32:13 ipa.domain.priv systemd[1]: pki-tomcatd(a)pki-tomcat.service:
Start-post operation timed out. Stopping.
août 11 13:32:22 ipa.domain.priv sssd_be[809]: GSSAPI client step 1
août 11 13:32:22 ipa.domain.priv sssd_be[809]: GSSAPI client step 1
août 11 13:32:22 ipa.domain.priv sssd_be[809]: GSSAPI client step 1
août 11 13:32:22 ipa.domain.priv sssd_be[809]: GSSAPI client step 2
août 11 13:33:43 ipa.domain.priv systemd[1]: pki-tomcatd(a)pki-tomcat.service:
State 'stop-sigterm' timed out. Killing.
août 11 13:33:43 ipa.domain.priv systemd[1]: pki-tomcatd(a)pki-tomcat.service:
Killing process 79554 (java) with signal SIGKILL.
août 11 13:33:43 ipa.domain.priv systemd[1]: pki-tomcatd(a)pki-tomcat.service:
Main process exited, code=killed, status=9/KILL
août 11 13:33:43 ipa.domain.priv systemd[1]: pki-tomcatd(a)pki-tomcat.service:
Failed with result 'timeout'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support:
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- The unit pki-tomcatd(a)pki-tomcat.service has entered the 'failed' state
with result 'timeout'.
août 11 13:33:44 ipa.domain.priv systemd[1]: Failed to start PKI Tomcat
Server pki-tomcat.
-- Subject: L'unité (unit) pki-tomcatd(a)pki-tomcat.service a échoué
-- Defined-By: systemd
-- Support:
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- L'unité (unit) pki-tomcatd(a)pki-tomcat.service a échoué, avec le
résultat failed.
/etc/pki/pki-tomcat/server.xml contents:
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3"
redirectPort="8443"
address="localhost4" name="Connector1" secret="..."
requiredSecret="..."/>
And after <Engine> section there's a definition for ipv6. Secrets are the
same.
<Connector address="localhost6" name="Connector1"
port="8009"
protocol="AJP/1.3" redirectPort="8443" secret="..."
requiredSecret="..."/>
Which tomcat version do you have?
Pre 9.0.31.0, the server.xml file needs to define the secret for the
connector with "*requiredSecret=*....".
WIth 9.0.31.0 and above, the server.xml file needs to define the secret
with "*secret=...*".
The value must match the one set in /etc/httpd/conf.d/ipa-pki-proxy.conf in
the lines "ProxyPassMatch secret=..."
flo
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue