<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">2016-12-19 16:07 GMT+01:00 Rob Verduijn <span dir="ltr"><<a href="mailto:rob.verduijn@gmail.com" target="_blank">rob.verduijn@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br><br><div class="gmail_extra"><div><div class="gmail-h5"><br><div class="gmail_quote">2016-12-19 15:52 GMT+01:00 Petr Spacek <span dir="ltr"><<a href="mailto:pspacek@redhat.com" target="_blank">pspacek@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="gmail-m_-9076277038090481082gmail-HOEnZb"><div class="gmail-m_-9076277038090481082gmail-h5">On 19.12.2016 14:07, Rob Verduijn wrote:<br>
> Hello,<br>
><br>
> I'm running ipa on centos 7.3 with the latest patches applied.<br>
><br>
> It seem to run fine however the ipa-dnskeysyncd keeps failing to start and<br>
> I keep seeing this message in my logs:<br>
><br>
> ipa-dnskeysyncd[25663]: ipa         : INFO     LDAP bind...<br>
> python2[25663]: GSSAPI client step 1<br>
> python2[25663]: GSSAPI client step 1<br>
> ns-slapd[2569]: GSSAPI server step 1<br>
> python2[25663]: GSSAPI client step 1<br>
> ns-slapd[2569]: GSSAPI server step 2<br>
> python2[25663]: GSSAPI client step 2<br>
> ns-slapd[2569]: GSSAPI server step 3<br>
> ipa-dnskeysyncd[25663]: ipa         : INFO     Commencing sync process<br>
> ipa-dnskeysyncd[25663]: ipa.ipapython.dnssec.keysyncer<wbr>.KeySyncer: INFO<br>
> Initial LDAP dump is done, sychronizing with ODS and BIND<br>
> python2[25674]: GSSAPI client step 1<br>
> python2[25674]: GSSAPI client step 1<br>
> ns-slapd[2569]: GSSAPI server step 1<br>
> python2[25674]: GSSAPI client step 1<br>
> ns-slapd[2569]: GSSAPI server step 2<br>
> python2[25674]: GSSAPI client step 2<br>
> ns-slapd[2569]: GSSAPI server step 3<br>
> ipa-dnskeysyncd[25663]: Traceback (most recent call last):<br>
> ipa-dnskeysyncd[25663]: File "/usr/libexec/ipa/ipa-dnskeysy<wbr>ncd", line 110,<br>
> in <module><br>
> ipa-dnskeysyncd[25663]: while ldap_connection.syncrepl_poll(<wbr>all=1,<br>
> msgid=ldap_search):<br>
> ipa-dnskeysyncd[25663]: File<br>
> "/usr/lib64/python2.7/site-pac<wbr>kages/ldap/syncrepl.py", line 405, in<br>
> syncrepl_poll<br>
> ipa-dnskeysyncd[25663]: self.syncrepl_refreshdone()<br>
> ipa-dnskeysyncd[25663]: File<br>
> "/usr/lib/python2.7/site-packa<wbr>ges/ipapython/dnssec/keysyncer<wbr>.py", line 115,<br>
> in syncrepl_refreshdone<br>
> ipa-dnskeysyncd[25663]: self.hsm_replica_sync()<br>
> ipa-dnskeysyncd[25663]: File<br>
> "/usr/lib/python2.7/site-packa<wbr>ges/ipapython/dnssec/keysyncer<wbr>.py", line 181,<br>
> in hsm_replica_sync<br>
> ipa-dnskeysyncd[25663]: ipautil.run([paths.IPA_DNSKEYS<wbr>YNCD_REPLICA])<br>
> ipa-dnskeysyncd[25663]: File<br>
> "/usr/lib/python2.7/site-packa<wbr>ges/ipapython/ipautil.py", line 494, in run<br>
> ipa-dnskeysyncd[25663]: raise CalledProcessError(p.returncod<wbr>e, arg_string,<br>
> str(output))<br>
> ipa-dnskeysyncd[25663]: subprocess.CalledProcessError: Command<br>
> '/usr/libexec/ipa/ipa-dnskeysy<wbr>nc-replica' returned non-zero exit status 1<br>
> systemd[1]: ipa-dnskeysyncd.service: main process exited, code=exited,<br>
> status=1/FAILURE<br>
> systemd[1]: Unit ipa-dnskeysyncd.service entered failed state.<br>
> systemd[1]: ipa-dnskeysyncd.service failed.<br>
><br>
> for some reason the ipa-dnskeysyncd keeops crashing.<br>
> Anybody know where to start looking for this one ?<br>
<br>
</div></div>Please raise the debug level so we can see something in the logs:<br>
<br>
<a href="http://www.freeipa.org/page/Troubleshooting#ipa_command_crashes_or_returns_no_data" rel="noreferrer" target="_blank">http://www.freeipa.org/page/Tr<wbr>oubleshooting#ipa_command_cras<wbr>hes_or_returns_no_data</a><br>
<span class="gmail-m_-9076277038090481082gmail-HOEnZb"><font color="#888888"><br>
--<br>
Petr^2 Spacek<br>
<br>
--<br>
Manage your subscription for the Freeipa-users mailing list:<br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" rel="noreferrer" target="_blank">https://www.redhat.com/mailman<wbr>/listinfo/freeipa-users</a><br>
Go to <a href="http://freeipa.org" rel="noreferrer" target="_blank">http://freeipa.org</a> for more info on the project<br>
</font></span></blockquote></div><br></div></div>Hello,<br><br></div><div class="gmail_extra">The file /etc/ipa/ipa.conf or the file /etc/ipa/server.conf do not exist on my system.<br></div><div class="gmail_extra">How to set debugging in this case ?<span class="gmail-HOEnZb"><font color="#888888"><br><br></font></span></div><span class="gmail-HOEnZb"><font color="#888888"><div class="gmail_extra">Rob<br></div></font></span></div>
</blockquote></div><br>I've set the debug level in /etc/ipa/default.conf<br><br></div><div class="gmail_extra">now I get this output<br> systemd[1]: ipa-dnskeysyncd.service: main process exited, code=exited, status=1/FAILURE<br> systemd[1]: Unit ipa-dnskeysyncd.service entered failed state.<br> systemd[1]: ipa-dnskeysyncd.service failed.<br> systemd[1]: ipa-dnskeysyncd.service holdoff time over, scheduling restart.<br> systemd[1]: Started IPA key daemon.<br> systemd[1]: Starting IPA key daemon...<br> ipa-dnskeysyncd[30568]: ipa         : INFO     LDAP bind...<br> python2[30568]: GSSAPI client step 1 <br> python2[30568]: GSSAPI client step 1 <br> ns-slapd[26744]: GSSAPI server step 1<br> python2[30568]: GSSAPI client step 1 <br> ns-slapd[26744]: GSSAPI server step 2<br> python2[30568]: GSSAPI client step 2 <br> ns-slapd[26744]: GSSAPI server step 3<br> ipa-dnskeysyncd[30568]: ipa         : INFO     Commencing sync process   <br> ipa-dnskeysyncd[30568]: ipa.ipapython.dnssec.keysyncer.KeySyncer: INFO     Initial LDAP dump is done, sychronizing with ODS and BIND <br> python2[30579]: GSSAPI client step 1 <br> python2[30579]: GSSAPI client step 1 <br> ns-slapd[26744]: GSSAPI server step 1<br> python2[30579]: GSSAPI client step 1 <br> ns-slapd[26744]: GSSAPI server step 2<br> python2[30579]: GSSAPI client step 2 <br> ns-slapd[26744]: GSSAPI server step 3<br> python2[30579]: ObjectStore.cpp(59): Failed to enumerate object store in /var/lib/softhsm/tokens/<br> python2[30579]: SoftHSM.cpp(476): Could not load the object store<br> ipa-dnskeysyncd[30568]: Traceback (most recent call last):<br> ipa-dnskeysyncd[30568]: File "/usr/libexec/ipa/ipa-dnskeysyncd", line 110, in <module><br> ipa-dnskeysyncd[30568]: while ldap_connection.syncrepl_poll(all=1, msgid=ldap_search):<br> ipa-dnskeysyncd[30568]: File "/usr/lib64/python2.7/site-packages/ldap/syncrepl.py", line 405, in syncrepl_poll<br> ipa-dnskeysyncd[30568]: self.syncrepl_refreshdone()<br> ipa-dnskeysyncd[30568]: File "/usr/lib/python2.7/site-packages/ipapython/dnssec/keysyncer.py", line 115, in syncrepl_refreshdone<br> ipa-dnskeysyncd[30568]: self.hsm_replica_sync()<br> ipa-dnskeysyncd[30568]: File "/usr/lib/python2.7/site-packages/ipapython/dnssec/keysyncer.py", line 181, in hsm_replica_sync<br> ipa-dnskeysyncd[30568]: ipautil.run([paths.IPA_DNSKEYSYNCD_REPLICA])<br> ipa-dnskeysyncd[30568]: File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 494, in run<br> ipa-dnskeysyncd[30568]: raise CalledProcessError(p.returncode, arg_string, str(output))<br> ipa-dnskeysyncd[30568]: subprocess.CalledProcessError: Command '/usr/libexec/ipa/ipa-dnskeysync-replica' returned non-zero exit status<br><br></div></div>