[Freeipa-devel] 4.2: ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart the Dogtag instance.

Alexander Bokovoy abokovoy at redhat.com
Tue Jul 28 12:25:50 UTC 2015 

On Tue, 28 Jul 2015, Jan Pazdziora wrote:
>
>Hello,
>
>ever since I started to run FreeIPA 4.2 installations (from upstream
>copr repo on Fedora 22), I often (but not always) get
>
>  [13/25]: setting audit signing renewal to 2 years
>  [14/25]: restarting certificate server
>ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart the Dogtag instance.See the installation log for details.
>  [15/25]: requesting RA certificate from CA
>  [error] error: [Errno 111] Connection refused
>
>In the ipaserver-install.log, there is
>
>2015-07-28T11:15:42Z DEBUG Starting external process
>2015-07-28T11:15:42Z DEBUG args='/bin/systemctl' 'is-active' 'pki-tomcatd at pki-tomcat.service'
>2015-07-28T11:15:42Z DEBUG Process finished, return code=0
>2015-07-28T11:15:42Z DEBUG stdout=active
>
>2015-07-28T11:15:42Z DEBUG stderr=
>2015-07-28T11:15:42Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300
>2015-07-28T11:20:42Z DEBUG Traceback (most recent call last):
>  File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line 183, in rest
>art_instance
>    self.restart(self.dogtag_constants.PKI_INSTANCE_NAME)
>  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 316, in restart
>    self.service.restart(instance_name, capture_output=capture_output, wait=wait)
>  File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line 250, in restart
>    instance_name, capture_output=capture_output, wait=wait)
>  File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 317, in restart
>    self.wait_for_open_ports(self.service_instance(instance_name))
>  File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 272, in wait_for_op
>en_ports
>    self.api.env.startup_timeout)
>  File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1180, in wait_for_open_port
>s
>    raise socket.timeout("Timeout exceeded")
>timeout: Timeout exceeded
>
>I do run it in container so it could be related, so I'm mostly looking
>for blind hints about what might have changed in the installer or
>in dogtag itself in 4.2 that could cause this. For example, did we make
>the timeout shorter?	

The timeout is 300:
>2015-07-28T11:15:42Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300

You can look at dogtag's catalina-<date>.log, to see how long did it
take:
# grep 'Server startup' /var/log/pki/pki-tomcat/catalina.2015-07-24.log 
INFO: Server startup in 27159 ms
INFO: Server startup in 11323 ms
INFO: Server startup in 10472 ms
INFO: Server startup in 11158 ms
INFO: Server startup in 11194 ms

-- 
/ Alexander Bokovoy

More information about the Freeipa-devel mailing list