[Freeipa-users] pki status discrepancies

Jeff Goddard jgoddard at emerlyn.com
Thu Jan 26 14:08:20 UTC 2017 

Is there a reason the ipactl status command shows pki stopped even though
the systemctl shows it as running? Here is the example output:

[root at id-management-1 log]# systemctl status pki-tomcatd at pki-tomcatpki-tomcatd at pki-tomcat.service - PKI Tomcat Server pki-tomcat
   Loaded: loaded (/lib/systemd/system/pki-tomcatd at .service; enabled;
vendor preset: disabled)
   Active: active (running) since Sat 2016-10-01 00:07:50 EDT; 33min ago
  Process: 22425 ExecStop=/usr/libexec/tomcat/server stop (code=exited,
status=0/SUCCESS)
  Process: 22469 ExecStartPre=/usr/bin/pkidaemon start %i (code=exited,
status=0/SUCCESS)
 Main PID: 22582 (java)
   CGroup:
/system.slice/system-pki\x2dtomcatd.slice/pki-tomcatd at pki-tomcat.service
           └─22582 /usr/lib/jvm/jre-1.8.0-openjdk/bin/java
-DRESTEASY_LIB=/usr/share/java/resteasy-base -classpath
/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.j...

Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: Oct 01,
2016 12:07:54 AM org.apache.catalina.startup.HostConfig deployDescriptor
Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: INFO:
Deployment of configuration descriptor
/etc/pki/pki-tomcat/Catalina/localhost/pki#js.xml has finished in 993 ms
Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: Oct 01,
2016 12:07:54 AM org.apache.coyote.AbstractProtocol start
Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: INFO:
Starting ProtocolHandler ["http-bio-8080"]
Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: Oct 01,
2016 12:07:54 AM org.apache.coyote.AbstractProtocol start
Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: INFO:
Starting ProtocolHandler ["http-bio-8443"]
Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: Oct 01,
2016 12:07:54 AM org.apache.coyote.AbstractProtocol start
Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: INFO:
Starting ProtocolHandler ["ajp-bio-127.0.0.1-8009"]
Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: Oct 01,
2016 12:07:54 AM org.apache.catalina.startup.Catalina start
Oct 01 00:07:54 id-management-1.internal.emerlyn.com server[22582]: INFO:
Server startup in 3313 ms
[root at id-management-1 log]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
ipa_memcached Service: RUNNING
httpd Service: RUNNING
pki-tomcatd Service: STOPPED
smb Service: RUNNING
winbind Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful
[root at id-management-1 log]#

The system clock has been set to the past in an attempt to renew expired
certificates. I keep getting CA_UNREACHABLE status messages when trying to
renew the certs and I don't know if this is related or not.

Thanks,

Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170126/5cee4a32/attachment.htm>

More information about the Freeipa-users mailing list