[Freeipa-users] backing up and starting over...
Robert Story
rstory at tislabs.com
Thu Dec 22 13:29:15 UTC 2016
On Thu, 22 Dec 2016 13:02:18 +0100 Martin wrote:
MB> On 22.12.2016 09:25, Florence Blanc-Renaud wrote:
MB> > On 12/21/2016 10:26 PM, Robert Story wrote:
MB> >> I'm running a small instance of freeipa on CentOS 7 in our lab, for
MB> >> about 20
MB> >> machines. Since CentOS 7.3 came out and upgraded from 4.2 to 4.4, things
MB> >> have gotten flaky. e.g. clicking on a user get the spinning 'Working'
MB> >> dialog and can take 3-5 minutes to load the page. But often it will die
MB> >> with 'internal error'.
MB>
MB> Could you check in /var/log/httpd/error_log what is it?
MB> Does cli work well? ipa user-find
Yes, cli works, and ldap mostly works, but not always. GUI works
occasionally.
Here's one:
mod_wsgi (pid=6358): Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'.
Traceback (most recent call last):
File "/usr/share/ipa/wsgi.py", line 49, in application
return api.Backend.wsgi_dispatch(environ, start_response)
File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 262, in __call__
return self.route(environ, start_response)
File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 274, in route
return app(environ, start_response)
File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 833, in __call__
self.create_context(ccache=ipa_ccache_name)
File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 123, in create_context
self.Backend.ldap2.connect(ccache=ccache)
File "/usr/lib/python2.7/site-packages/ipalib/backend.py", line 66, in connect
conn = self.create_connection(*args, **kw)
File "/usr/lib/python2.7/site-packages/ipaserver/plugins/ldap2.py", line 205, in create_connection
client_controls=clientctrls)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1108, in gssapi_bind
'', auth_tokens, server_controls, client_controls)
File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1007, in error_handler
raise errors.DatabaseError(desc=desc, info=info)
DatabaseError: Server is unwilling to perform: Too many failed logins.
and this:
ipa: INFO: 401 Unauthorized: kinit: Clients credentials have been revoked while getting initial credentials
and
ipa: ERROR: non-public: IOError: request data read error
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 358, in wsgi_execute
data = read_input(environ)
File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 195, in read_input
return environ['wsgi.input'].read(length)
IOError: request data read error
rstory at EXAMPLE: None: IOError
and
AH00163: Apache/2.4.6 (CentOS) mod_auth_gssapi/1.4.0 mod_nss/1.0.14 NSS/3.21 Basic ECC mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
ipa: INFO: *** PROCESS START ***
ipa: INFO: *** PROCESS START ***
ipa: INFO: 401 Unauthorized: kinit: Cannot contact any KDC for realm 'EXAMPLE' while getting initial credentials
[pid 3714]
ipa: INFO: 401 Unauthorized: kinit: Cannot contact any KDC for realm 'EXAMPLE' while getting initial credentials
[pid 3715]
ipa: ERROR: release_ipa_ccache: ccache_name (FILE:/var/run/ipa_memcached/krbcc_3714) != KRB5CCNAME environment variable (/var/run/httpd/ipa/krbcache/krb5ccache)
ipa: INFO: 401 Unauthorized: Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Cannot contact any KDC for realm 'EXAMPLE')
mod_wsgi (pid=3714): Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'.
Traceback (most recent call last):
File "/usr/share/ipa/wsgi.py", line 49, in application
return api.Backend.wsgi_dispatch(environ, start_response)
File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 262, in __call__
return self.route(environ, start_response)
File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 274, in route
return app(environ, start_response)
File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 978, in __call__
self.kinit(user, self.api.env.realm, password, ipa_ccache_name)
File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 1010, in kinit
raise CCacheError(message=unicode(e))
CCacheError: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529639068): Cannot contact any KDC for realm 'EXAMPLE'
AH00170: caught SIGWINCH, shutting down gracefully
and
Script timed out before returning headers: wsgi.py, referer: https://auth-1.example/ipa/ui/
Script timed out before returning headers: wsgi.py, referer: https://auth-1.example/ipa/ui/
Script timed out before returning headers: wsgi.py, referer: https://auth-1.example/ipa/ui/
and
SSL Library Error: -12195 Peer does not recognize and trust the CA that issued your certificate
Robert
--
Senior Software Engineer @ Parsons
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161222/52bb7fca/attachment.sig>
More information about the Freeipa-users
mailing list