Hi,

On Thu, Aug 11, 2022 at 1:43 PM lol lol via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:
Yes, I have checked ports and no process is running on port 8009, tcp nor udp.

Restarting pki-tomcatd@pki-tomcat.service takes forever and eventually fails because of timeout.

systemctl restart pki-tomcatd@pki-tomcat.service
Job for pki-tomcatd@pki-tomcat.service failed because a timeout was exceeded.
See "systemctl status pki-tomcatd@pki-tomcat.service" and "journalctl -xe" for details.
journalctl -xe
août 11 13:31:39 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:31:40 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:31:41 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:31:42 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:31:43 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:31:44 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:31:45 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:31:46 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:31:47 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:31:48 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:31:49 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:31:50 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:31:51 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:31:52 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:31:53 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:31:54 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:31:56 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:31:57 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:31:58 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:31:59 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:32:00 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:32:01 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:32:02 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:32:03 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:32:04 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:32:05 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:32:06 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:32:07 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:32:08 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:32:09 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:32:10 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:32:11 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:32:12 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:32:13 ipa.domain.priv ipa-pki-wait-running[79555]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.domain.priv', port=8080): Max retries exceeded with url: /ca/>
août 11 13:32:13 ipa.domain.priv systemd[1]: pki-tomcatd@pki-tomcat.service: Start-post operation timed out. Stopping.
août 11 13:32:22 ipa.domain.priv sssd_be[809]: GSSAPI client step 1
août 11 13:32:22 ipa.domain.priv sssd_be[809]: GSSAPI client step 1
août 11 13:32:22 ipa.domain.priv sssd_be[809]: GSSAPI client step 1
août 11 13:32:22 ipa.domain.priv sssd_be[809]: GSSAPI client step 2
août 11 13:33:43 ipa.domain.priv systemd[1]: pki-tomcatd@pki-tomcat.service: State 'stop-sigterm' timed out. Killing.
août 11 13:33:43 ipa.domain.priv systemd[1]: pki-tomcatd@pki-tomcat.service: Killing process 79554 (java) with signal SIGKILL.
août 11 13:33:43 ipa.domain.priv systemd[1]: pki-tomcatd@pki-tomcat.service: Main process exited, code=killed, status=9/KILL
août 11 13:33:43 ipa.domain.priv systemd[1]: pki-tomcatd@pki-tomcat.service: Failed with result 'timeout'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- The unit pki-tomcatd@pki-tomcat.service has entered the 'failed' state with result 'timeout'.
août 11 13:33:44 ipa.domain.priv systemd[1]: Failed to start PKI Tomcat Server pki-tomcat.
-- Subject: L'unité (unit) pki-tomcatd@pki-tomcat.service a échoué
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- L'unité (unit) pki-tomcatd@pki-tomcat.service a échoué, avec le résultat failed.




/etc/pki/pki-tomcat/server.xml contents:

<!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" address="localhost4" name="Connector1" secret="..." requiredSecret="..."/>

And after <Engine> section there's a definition for ipv6. Secrets are the same.
 <Connector address="localhost6" name="Connector1" port="8009" protocol="AJP/1.3" redirectPort="8443" secret="..." requiredSecret="..."/>

Which tomcat version do you have?
Pre 9.0.31.0, the server.xml file needs to define the secret for the connector with "requiredSecret=....".
WIth 9.0.31.0 and above, the server.xml file needs to define the secret with "secret=...".
The value must match the one set in /etc/httpd/conf.d/ipa-pki-proxy.conf in the lines "ProxyPassMatch secret=..."

flo
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue