I think I'm just facing Bug 1469246 - Replica install fails to
configure IPA-specific temporary files/directories
(
https://bugzilla.redhat.com/show_bug.cgi?id=1469246)
The bug doesn't provide any solution other than upgrading.
Thanks for your help anyway.
Assuming you have:
# cat /usr/lib/tmpfiles.d/ipa.conf
d /run/ipa 0711 root root
d /run/ipa/ccaches 0770 ipaapi ipaapi
run
# systemd-tmpfiles --create ipa.conf
rob
Le mer. 4 sept. 2019 à 23:43, danielle lampert
<danielle55.lampert(a)gmail.com <mailto:danielle55.lampert@gmail.com>> a
écrit :
Hello,
OK I now understand that it's ipa service which is not starting at boot.
The service status gives :
# service ipa status
Redirecting to /bin/systemctl status ipa.service
● ipa.service - Identity, Policy, Audit
Loaded: loaded (/usr/lib/systemd/system/ipa.service; enabled;
vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2019-09-04 23:34:20
CEST; 6min ago
Process: 990 ExecStart=/usr/sbin/ipactl start (code=exited,
status=1/FAILURE)
Main PID: 990 (code=exited, status=1/FAILURE)
Sep 04 23:33:36 srv2.rhce.local systemd[1]: Starting Identity,
Policy, Audit...
Sep 04 23:34:20 srv2.rhce.local ipactl[990]: Failed to start
Directory Service: [Errno 2] No such file or directory:
'/var/run/ipa/services.list'
Sep 04 23:34:20 srv2.rhce.local ipactl[990]: Starting Directory Service
Sep 04 23:34:20 srv2.rhce.local systemd[1]: ipa.service: main
process exited, code=exited, status=1/FAILURE
Sep 04 23:34:20 srv2.rhce.local systemd[1]: Failed to start
Identity, Policy, Audit.
Sep 04 23:34:20 srv2.rhce.local systemd[1]: Unit ipa.service entered
failed state.
Sep 04 23:34:20 srv2.rhce.local systemd[1]: ipa.service failed.
Shouldn't /var/run/ipa/services.list be created during the replica
installation ?
Le mer. 4 sept. 2019 à 17:53, Florence Blanc-Renaud <flo(a)redhat.com
<mailto:flo@redhat.com>> a écrit :
On 9/4/19 12:02 AM, danielle lampert via FreeIPA-users wrote:
>
> Hello,
>
> I'm running freeipa 4.5.0-20 on CentOS Linux release 7.4.1708
(Core)
>
> I've noticed that when rebooting my replica, things are not
working
> anymore on this replica, as I can't get a kinit work for example.
> It seems that services are disabled by default and I wonder if
this is
> normal ? Should we enable these services manually ?
> After restarting everything with an ipactl command, it then is
working.
>
Hi,
it's normal that kadmin.service is disabled because it will be
started
as part of the ipa.service unit.
You will probably find the reason why kadmin failed to start
after the
reboot in the journal, or in /var/log/kadmind.log. There was a
known
issue if rpcbind service is already taking the 749 port
(
https://bugzilla.redhat.com/show_bug.cgi?id=1592883)
flo
> Thanks in advance for your answers, below are my commands and
their results.
>
> D.L.
>
>
> # kinit admin
> kinit: Cannot contact any KDC for realm 'IPB.RHCE.LOCAL' while
getting
> initial credentials
>
> # systemctl status kadmin.service
> ● kadmin.service - Kerberos 5 Password-changing and Administration
> Loaded: loaded (/usr/lib/systemd/system/kadmin.service;
disabled;
> vendor preset: disabled)
> Active: inactive (dead)
>
> # ipactl status
> Directory Service: RUNNING
> krb5kdc Service: STOPPED
> kadmin Service: STOPPED
> httpd Service: STOPPED
> ipa-custodia Service: STOPPED
> ntpd Service: STOPPED
> pki-tomcatd Service: STOPPED
> ipa-otpd Service: STOPPED
> ipa: INFO: The ipactl command was successful
>
> # ipactl restart
> Failed to get service list from file: Unknown error when
retrieving list
> of services from file: [Errno 2] No such file or directory:
> '/var/run/ipa/services.list'
> Restarting Directory Service
> Restarting krb5kdc Service
> Restarting kadmin Service
> Restarting httpd Service
> Restarting ipa-custodia Service
> Restarting ntpd Service
> Restarting pki-tomcatd Service
> Restarting ipa-otpd Service
> ipa: INFO: The ipactl command was successful
>
> # kinit admin
> Password for admin(a)IPB.RHCE.LOCAL:
>
> # klist
> Ticket cache: KEYRING:persistent:0:0
> Default principal: admin(a)IPB.RHCE.LOCAL
>
> Valid starting Expires Service principal
> 03/09/19 23:55:09 04/09/19 23:55:08
krbtgt/IPB.RHCE.LOCAL(a)IPB.RHCE.LOCAL
>
>
>
> _______________________________________________
> FreeIPA-users mailing list --
freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to
freeipa-users-leave(a)lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...