[Freeipa-devel] 4.2: ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart the Dogtag instance.

Jan Pazdziora jpazdziora at redhat.com
Tue Jul 28 12:16:28 UTC 2015 

Hello,

ever since I started to run FreeIPA 4.2 installations (from upstream
copr repo on Fedora 22), I often (but not always) get

  [13/25]: setting audit signing renewal to 2 years
  [14/25]: restarting certificate server
ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to restart the Dogtag instance.See the installation log for details.
  [15/25]: requesting RA certificate from CA
  [error] error: [Errno 111] Connection refused

In the ipaserver-install.log, there is

2015-07-28T11:15:42Z DEBUG Starting external process
2015-07-28T11:15:42Z DEBUG args='/bin/systemctl' 'is-active' 'pki-tomcatd at pki-tomcat.service'
2015-07-28T11:15:42Z DEBUG Process finished, return code=0
2015-07-28T11:15:42Z DEBUG stdout=active

2015-07-28T11:15:42Z DEBUG stderr=
2015-07-28T11:15:42Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300
2015-07-28T11:20:42Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line 183, in rest
art_instance
    self.restart(self.dogtag_constants.PKI_INSTANCE_NAME)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 316, in restart
    self.service.restart(instance_name, capture_output=capture_output, wait=wait)
  File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line 250, in restart
    instance_name, capture_output=capture_output, wait=wait)
  File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 317, in restart
    self.wait_for_open_ports(self.service_instance(instance_name))
  File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 272, in wait_for_op
en_ports
    self.api.env.startup_timeout)
  File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1180, in wait_for_open_port
s
    raise socket.timeout("Timeout exceeded")
timeout: Timeout exceeded

I do run it in container so it could be related, so I'm mostly looking
for blind hints about what might have changed in the installer or
in dogtag itself in 4.2 that could cause this. For example, did we make
the timeout shorter?	

-- 
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat

More information about the Freeipa-devel mailing list