[Freeipa-users] ipa host-del
Rob Crittenden
rcritten at redhat.com
Tue Sep 4 13:02:59 UTC 2012
george he wrote:
>
> There's only one conf file in /etc/ipa/, which is default.conf. ca_host
> is not defined there. But I think my CA is the IPA server.
>
> Everything is reported running:
> # ipactl status
> Directory Service: RUNNING
> KDC Service: RUNNING
> KPASSWD Service: RUNNING
> MEMCACHE Service: RUNNING
> HTTP Service: RUNNING
> CA Service: RUNNING
>
> but when I try # ipactl restart, it reports:
> Starting httpd: [Tue Sep 04 08:19:10 2012] [warn] worker
> ajp://localhost:9447/ already used by another worker
> [Tue Sep 04 08:19:10 2012] [warn] worker ajp://localhost:9447/ already
> used by another worker
This can be ignored, it is a known issue in Apache and doesn't mean
anything is wrong. We're tracking an upstream fix for this,
https://fedorahosted.org/freeipa/ticket/1853
I would set debug = True in /etc/ipa/default.conf and restart Apache.
Then try the host-del again and examine /var/log/httpd/error_log. We
currently only log CS connection issues when in debug mode (there is a
ticket on that too). The CA log in /var/log/pki-ca/debug may have some
tips too.
When a host is deleted we try to revoke its certificate. If we can't
talk to the CA then the delete fails.
rob
More information about the Freeipa-users
mailing list