[Freeipa-users] ipa fails to start hangs on pki-tomcatd

Rob Verduijn rob.verduijn at gmail.com
Thu Dec 1 10:09:34 UTC 2016 

Hello,

For some reason my ipa server no longer boots.
It keeps trying to start pki-tomcat service.

Does anybody know where I should start looking to get this fixed ?

Rob Verduijn

ipactl -d start gives this output:
ipa: DEBUG: The CA status is: check interrupted due to error: Command
''/usr/bin/wget' '-S' '-O' '-' '--timeout=30' '--no-check-certificate' '
https://freeipa02.tjako.thuis:8443/ca/admin/ca/getStatus'' returned
non-zero exit status 8
ipa: DEBUG: Waiting for CA to start...
ipa: DEBUG: Starting external process
ipa: DEBUG: args='/usr/bin/wget' '-S' '-O' '-' '--timeout=30'
'--no-check-certificate' '
https://freeipa02.tjako.thuis:8443/ca/admin/ca/getStatus'
ipa: DEBUG: Process finished, return code=8
ipa: DEBUG: stdout=
ipa: DEBUG: stderr=--2016-12-01 11:06:12--
https://freeipa02.tjako.thuis:8443/ca/admin/ca/getStatus
Resolving freeipa02.tjako.thuis (freeipa02.tjako.thuis)... 172.16.1.13
Connecting to freeipa02.tjako.thuis
(freeipa02.tjako.thuis)|172.16.1.13|:8443... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 500 Internal Server Error
  Server: Apache-Coyote/1.1
  Content-Type: text/html;charset=utf-8
  Content-Language: en
  Content-Length: 2134
  Date: Thu, 01 Dec 2016 10:06:13 GMT
  Connection: close
2016-12-01 11:06:13 ERROR 500: Internal Server Error.

There are also some java warnings in the logs, but its java and I can never
tell if its a serious error when java gives a warning.
Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
org.apache.catalina.startup.SetAllPropertiesRule begin
Dec  1 09:53:59 freeipa02 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'serverCertNickFile' to '/var/lib/pki/pki-tomcat/conf/serverCertNick.conf'
did not find a matching property.
Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
org.apache.catalina.startup.SetAllPropertiesRule begin
Dec  1 09:53:59 freeipa02 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'passwordFile' to '/var/lib/pki/pki-tomcat/conf/password.conf' did not find
a matching property.
Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
org.apache.catalina.startup.SetAllPropertiesRule begin
Dec  1 09:53:59 freeipa02 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'passwordClass' to 'org.apache.tomcat.util.net.jss.PlainPasswordFile' did
not find a matching property.
Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
org.apache.catalina.startup.SetAllPropertiesRule begin
Dec  1 09:53:59 freeipa02 server: WARNING:
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'certdbDir' to '/var/lib/pki/pki-tomcat/alias' did not find a matching
property.
Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
org.apache.tomcat.util.digester.SetPropertiesRule begin
Dec  1 09:53:59 freeipa02 server: WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host} Setting property
'xmlValidation' to 'false' did not find a matching property.
Dec  1 09:53:59 freeipa02 server: Dec 01, 2016 9:53:59 AM
org.apache.tomcat.util.digester.SetPropertiesRule begin
Dec  1 09:53:59 freeipa02 server: WARNING:
[SetPropertiesRule]{Server/Service/Engine/Host} Setting property
'xmlNamespaceAware' to 'false' did not find a matching property.


I'm running centos7.2 x86_64 with the latest patches applied.
some package versions below
rpm -qa|egrep "ipa|tomcat"|sort
ipa-admintools-4.2.0-15.0.1.el7.centos.19.x86_64
ipa-client-4.2.0-15.0.1.el7.centos.19.x86_64
ipa-python-4.2.0-15.0.1.el7.centos.19.x86_64
ipa-server-4.2.0-15.0.1.el7.centos.19.x86_64
ipa-server-dns-4.2.0-15.0.1.el7.centos.19.x86_64
libipa_hbac-1.13.0-40.el7_2.12.x86_64
python-iniparse-0.4-9.el7.noarch
python-libipa_hbac-1.13.0-40.el7_2.12.x86_64
sssd-ipa-1.13.0-40.el7_2.12.x86_64
tomcat-7.0.54-8.el7_2.noarch
tomcat-el-2.2-api-7.0.54-8.el7_2.noarch
tomcat-jsp-2.2-api-7.0.54-8.el7_2.noarch
tomcatjss-7.1.2-1.el7.noarch
tomcat-lib-7.0.54-8.el7_2.noarch
tomcat-servlet-3.0-api-7.0.54-8.el7_2.noarch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161201/bd0ff0cb/attachment.htm>

More information about the Freeipa-users mailing list