[Freeipa-users] PKI-CA fails to start (broken config after update?)

Ade Lee alee at redhat.com
Mon Sep 22 14:43:03 UTC 2014 

On Mon, 2014-09-22 at 10:50 +0200, Martin Kosek wrote:
> On 09/20/2014 01:02 AM, swartz wrote:
> > Hello,
> > 
> > Encountered same issue as described here:
> > https://www.redhat.com/archives/freeipa-users/2013-July/msg00133.html
> > https://www.redhat.com/archives/freeipa-users/2014-August/msg00224.html
> > 
> > Plain vanilla IPA setup. No changes, no customizations.
> > Recently IPA fails to start. Error happened right after a 'yum update' and reboot.
> > 
> > ---------------------------------------
> > Starting pki-ca:                                           [  OK  ]
> > Usage: grep [OPTION]... PATTERN [FILE]...
> > Try `grep --help' for more information.
> > Usage: grep [OPTION]... PATTERN [FILE]...
> > Try `grep --help' for more information.
> > Usage: grep [OPTION]... PATTERN [FILE]...
> > Try `grep --help' for more information.
> > ...
> > Failed to start CA Service
> > Shutting down
> > ----------------------------------------
> > 
> > Digging into the matter further...
> > The line that causes the error above is in /usr/share/pki/scripts/functions
> > (which is loaded by pki-ca init script):
> > netstat -antl | grep ${port} > /dev/null
> > 
> > The $port variable is blank so call to grep is without a search parameter.
> > Hence invalid call to grep and subsequent error msg I'm seeing as above.
> > 
> > $port is defined just a few lines above as
> > port=`grep '^pkicreate.unsecure_port=' ${pki_instance_configuration_file} | cut
> > -b25- -`
> > 
> > BUT! For whatever reason there is no line that starts with
> > "pkicreate.unsecure_port" in $pki_instance_configuration_file
> > (/var/lib/pki-ca/conf/CS.cfg). Thus no port info is ever obtained for use in grep.
> > 
> > Why there is no such line in config file where one is expected is unknown to me...
> > 
> > Versions currently installed
> > ipa-server-3.0.0-37.el6.x86_64
> > pki-ca-9.0.3-32.el6.noarch
> > 
> > Did updates to pki packages clobber the configs? What got broken? How do I
> > resolve it?
> > 

There have been no updates recently on rhel 6 to the pki packages.
There has, however, been an update to tomcat - which broke dogtag
startups.

What version of tomcat6 is on your system?

> > Thank you.
> 
> Also please see another PKI crash on EL6 reported on freeipa-users:
> 
> https://www.redhat.com/archives/freeipa-users/2014-September/msg00331.html
> 
> This is not the first time this issue was reported, but we got no response from
> PKI team, even though I CCed several members (maybe that was actually the root
> case).
> 
> The PKI installation errors are piling up (7.1 too), I would like to resolve
> that very soon so that we are not seen as too unstable software.
> 
The issues on 7.1 are tomcat related too.  Builds were completed last
week to address these.

> Thanks for help,
> Martin

More information about the Freeipa-users mailing list