[Freeipa-users] PKI-CA fails to start (broken config after update?)
Rob Crittenden
rcritten at redhat.com
Wed Sep 24 19:29:34 UTC 2014
Dmitri Pal wrote:
> On 09/24/2014 02:07 PM, swartz wrote:
>> On 9/24/2014 9:05 AM, Ade Lee wrote:
>>> Forwarding to a couple of colleagues of mine who will be taking point on
>>> this.
>>>
>>> From what I can see, the CS.cfg is truncated. Fortunately, I
>>> believe it
>>> is reparable.
>>>
>>> Ade
>>
>> I've been in contact with Endi and Ade. It was a truncated config file
>> as per msg above.
>> Endi had emailed me a restored config.
>>
>> I can happily say that my IPA instance is back in operation.
>>
>> Thank you all.
>>
>> For anyone else reading this:
>> For me this config truncation happened after a 'yum update'.
>> Perhaps shutting down the IPA stack before doing package updates might
>> be more advisable.
>>
>>
> Is there any chance to detect which package caused this truncation?
>
It was almost certainly related to IPA, if not ipa-upgradeconfig
directly. For any number of reasons it may write directly to CS.cfg
without stopping the service first. It may also call the dogtag-provided
pki-setup-proxy which also doesn't stop the service before touching CS.cfg.
The upgrader will then determine if any changes were made and restart
the service.
rob
More information about the Freeipa-users
mailing list