[Freeipa-users] ipa-dnskeysyncd not starting

Martin Basti mbasti at redhat.com
Mon Dec 19 16:06:18 UTC 2016 


On 19.12.2016 16:27, Rob Verduijn wrote:
>
>
> 2016-12-19 16:07 GMT+01:00 Rob Verduijn <rob.verduijn at gmail.com 
> <mailto:rob.verduijn at gmail.com>>:
>
>
>
>
>     2016-12-19 15:52 GMT+01:00 Petr Spacek <pspacek at redhat.com
>     <mailto:pspacek at redhat.com>>:
>
>         On 19.12.2016 14:07, Rob Verduijn wrote:
>         > Hello,
>         >
>         > I'm running ipa on centos 7.3 with the latest patches applied.
>         >
>         > It seem to run fine however the ipa-dnskeysyncd keeps
>         failing to start and
>         > I keep seeing this message in my logs:
>         >
>         > ipa-dnskeysyncd[25663]: ipa         : INFO     LDAP bind...
>         > python2[25663]: GSSAPI client step 1
>         > python2[25663]: GSSAPI client step 1
>         > ns-slapd[2569]: GSSAPI server step 1
>         > python2[25663]: GSSAPI client step 1
>         > ns-slapd[2569]: GSSAPI server step 2
>         > python2[25663]: GSSAPI client step 2
>         > ns-slapd[2569]: GSSAPI server step 3
>         > ipa-dnskeysyncd[25663]: ipa         : INFO     Commencing
>         sync process
>         > ipa-dnskeysyncd[25663]:
>         ipa.ipapython.dnssec.keysyncer.KeySyncer: INFO
>         > Initial LDAP dump is done, sychronizing with ODS and BIND
>         > python2[25674]: GSSAPI client step 1
>         > python2[25674]: GSSAPI client step 1
>         > ns-slapd[2569]: GSSAPI server step 1
>         > python2[25674]: GSSAPI client step 1
>         > ns-slapd[2569]: GSSAPI server step 2
>         > python2[25674]: GSSAPI client step 2
>         > ns-slapd[2569]: GSSAPI server step 3
>         > ipa-dnskeysyncd[25663]: Traceback (most recent call last):
>         > ipa-dnskeysyncd[25663]: File
>         "/usr/libexec/ipa/ipa-dnskeysyncd", line 110,
>         > in <module>
>         > ipa-dnskeysyncd[25663]: while
>         ldap_connection.syncrepl_poll(all=1,
>         > msgid=ldap_search):
>         > ipa-dnskeysyncd[25663]: File
>         > "/usr/lib64/python2.7/site-packages/ldap/syncrepl.py", line
>         405, in
>         > syncrepl_poll
>         > ipa-dnskeysyncd[25663]: self.syncrepl_refreshdone()
>         > ipa-dnskeysyncd[25663]: File
>         >
>         "/usr/lib/python2.7/site-packages/ipapython/dnssec/keysyncer.py",
>         line 115,
>         > in syncrepl_refreshdone
>         > ipa-dnskeysyncd[25663]: self.hsm_replica_sync()
>         > ipa-dnskeysyncd[25663]: File
>         >
>         "/usr/lib/python2.7/site-packages/ipapython/dnssec/keysyncer.py",
>         line 181,
>         > in hsm_replica_sync
>         > ipa-dnskeysyncd[25663]:
>         ipautil.run([paths.IPA_DNSKEYSYNCD_REPLICA])
>         > ipa-dnskeysyncd[25663]: File
>         > "/usr/lib/python2.7/site-packages/ipapython/ipautil.py",
>         line 494, in run
>         > ipa-dnskeysyncd[25663]: raise
>         CalledProcessError(p.returncode, arg_string,
>         > str(output))
>         > ipa-dnskeysyncd[25663]: subprocess.CalledProcessError: Command
>         > '/usr/libexec/ipa/ipa-dnskeysync-replica' returned non-zero
>         exit status 1
>         > systemd[1]: ipa-dnskeysyncd.service: main process exited,
>         code=exited,
>         > status=1/FAILURE
>         > systemd[1]: Unit ipa-dnskeysyncd.service entered failed state.
>         > systemd[1]: ipa-dnskeysyncd.service failed.
>         >
>         > for some reason the ipa-dnskeysyncd keeops crashing.
>         > Anybody know where to start looking for this one ?
>
>         Please raise the debug level so we can see something in the logs:
>
>         http://www.freeipa.org/page/Troubleshooting#ipa_command_crashes_or_returns_no_data
>         <http://www.freeipa.org/page/Troubleshooting#ipa_command_crashes_or_returns_no_data>
>
>         --
>         Petr^2 Spacek
>
>         --
>         Manage your subscription for the Freeipa-users mailing list:
>         https://www.redhat.com/mailman/listinfo/freeipa-users
>         <https://www.redhat.com/mailman/listinfo/freeipa-users>
>         Go to http://freeipa.org for more info on the project
>
>
>     Hello,
>
>     The file /etc/ipa/ipa.conf or the file /etc/ipa/server.conf do not
>     exist on my system.
>     How to set debugging in this case ?
>
>     Rob
>
>
> I've set the debug level in /etc/ipa/default.conf
>
> now I get this output
>  systemd[1]: ipa-dnskeysyncd.service: main process exited, 
> code=exited, status=1/FAILURE
>  systemd[1]: Unit ipa-dnskeysyncd.service entered failed state.
>  systemd[1]: ipa-dnskeysyncd.service failed.
>  systemd[1]: ipa-dnskeysyncd.service holdoff time over, scheduling 
> restart.
>  systemd[1]: Started IPA key daemon.
>  systemd[1]: Starting IPA key daemon...
>  ipa-dnskeysyncd[30568]: ipa         : INFO     LDAP bind...
>  python2[30568]: GSSAPI client step 1
>  python2[30568]: GSSAPI client step 1
>  ns-slapd[26744]: GSSAPI server step 1
>  python2[30568]: GSSAPI client step 1
>  ns-slapd[26744]: GSSAPI server step 2
>  python2[30568]: GSSAPI client step 2
>  ns-slapd[26744]: GSSAPI server step 3
>  ipa-dnskeysyncd[30568]: ipa         : INFO     Commencing sync process
>  ipa-dnskeysyncd[30568]: ipa.ipapython.dnssec.keysyncer.KeySyncer: 
> INFO     Initial LDAP dump is done, sychronizing with ODS and BIND
>  python2[30579]: GSSAPI client step 1
>  python2[30579]: GSSAPI client step 1
>  ns-slapd[26744]: GSSAPI server step 1
>  python2[30579]: GSSAPI client step 1
>  ns-slapd[26744]: GSSAPI server step 2
>  python2[30579]: GSSAPI client step 2
>  ns-slapd[26744]: GSSAPI server step 3
>  python2[30579]: ObjectStore.cpp(59): Failed to enumerate object store 
> in /var/lib/softhsm/tokens/
>  python2[30579]: SoftHSM.cpp(476): Could not load the object store
>  ipa-dnskeysyncd[30568]: Traceback (most recent call last):
>  ipa-dnskeysyncd[30568]: File "/usr/libexec/ipa/ipa-dnskeysyncd", line 
> 110, in <module>
>  ipa-dnskeysyncd[30568]: while ldap_connection.syncrepl_poll(all=1, 
> msgid=ldap_search):
>  ipa-dnskeysyncd[30568]: File 
> "/usr/lib64/python2.7/site-packages/ldap/syncrepl.py", line 405, in 
> syncrepl_poll
>  ipa-dnskeysyncd[30568]: self.syncrepl_refreshdone()
>  ipa-dnskeysyncd[30568]: File 
> "/usr/lib/python2.7/site-packages/ipapython/dnssec/keysyncer.py", line 
> 115, in syncrepl_refreshdone
>  ipa-dnskeysyncd[30568]: self.hsm_replica_sync()
>  ipa-dnskeysyncd[30568]: File 
> "/usr/lib/python2.7/site-packages/ipapython/dnssec/keysyncer.py", line 
> 181, in hsm_replica_sync
>  ipa-dnskeysyncd[30568]: ipautil.run([paths.IPA_DNSKEYSYNCD_REPLICA])
>  ipa-dnskeysyncd[30568]: File 
> "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 494, in run
>  ipa-dnskeysyncd[30568]: raise CalledProcessError(p.returncode, 
> arg_string, str(output))
>  ipa-dnskeysyncd[30568]: subprocess.CalledProcessError: Command 
> '/usr/libexec/ipa/ipa-dnskeysync-replica' returned non-zero exit status
>
>
>

Hello, do you have selinux in enforcing mode? Any AVCs ?

Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161219/4b6532e2/attachment.htm>

More information about the Freeipa-users mailing list