[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Pki-devel] pki-tomcatd restart timeout during installation of KRA on FreeIPA master using LDAPS



Hi List,

I have encountered a strange behavior in Dogtag when working on
https://fedorahosted.org/freeipa/ticket/5570

I have set the deployment config for KRA to use LDAPS for communication with IPA dirsrv backend during spawn. Everything works perfectly, except that I see the following timeout during ipa-kra-install on FreeIPA master:

http://fpaste.org/329271/45641447/

However the installation finishes as usual and pki-tomcatd service is running in the end, albeit showing the following traceback: http://fpaste.org/329260/56413840/

The KRA subsystem is also recognized by subsystem-find:

http://fpaste.org/329335/20387145/

Our upstream XMLRPC tests excersizing KRA and CA subystem also pass, so clearly functionality is not affected.

Nevertheless something is preventing Dogtag to start up given our 300 s timeout (i have tried longer intervals up to 1200 s to no avail). In the IPA KRA install log, I can see our code polling CA's REST interface unsuccessfully: http://fpaste.org/329294/15776145/

After some few additional installation steps when Dogtag instance is shutdown and started up again, it goes up just fine and REST api reports ready status.

I would like to know if this is issue on Dogtag side or some misconfiguration from my side. I have CA and KRA subsystem logs at hand. If anyone is interested ping me on IRC and I will give them to you. Endi an Christian (CC'ed) should also have them at hand.

I should also mentioned that I was only able to reproduce this in my local vagrant/libvirt environment. Also, deploying CA subsystem on hardened CA-less FreeIPA server using LDAPS works fine without any timeouts.

Thank you for your help.

--
Martin^3 Babinsky


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]