On 05/03/2017 05:16 PM, Chris Dagdigian wrote:
Any guidance for this one? Summary - this seems to be the fatal error that causes the CA setup on the replica to fail: May 03 15:09:09 usaeilidmp002.XXX.org server[3993]: testLDAPConnection: The specified user cn=Replication Manager masterAgreement1-usaeilidmp002.XXX.org-pki-tomcat,cn=config does not exist May 03 15:09:09 usaeilidmp002.XXX.org server[3993]: CMSEngine: init(): password test execution failed for replicationdbwith NO_SUCH_USER. This may not be a latest instance. Ignoring .. More details ... Trying to build a replica with CA duties for the first time. It hangs here during the replica install process: ipa : DEBUG stderr= ipa : DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300 ipa : DEBUG Waiting until the CA is running ipa : DEBUG request POST http://usaeilidmp002.XXX.org:8080/ca/admin/ca/getStatus ipa : DEBUG request body '' However the root cause seems to be that the CA won't start because something is wrong with an LDAP replication manager user? When I restart the pki-tomcatd service the replica install STDOUT refreshes the above status. After the 3rd attempt it triggers the fatal "CA will not start after 300 seconds" error From the logs: # systemctl status pki-tomcatd@pki-tomcat.service ● pki-tomcatd@pki-tomcat.service - PKI Tomcat Server pki-tomcat Loaded: loaded (/lib/systemd/system/pki-tomcatd@.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2017-05-03 15:09:04 UTC; 40s ago Process: 3843 ExecStop=/usr/libexec/tomcat/server stop (code=exited, status=1/FAILURE) Process: 3880 ExecStartPre=/usr/bin/pkidaemon start %i (code=exited, status=0/SUCCESS) Main PID: 3993 (java) CGroup: /system.slice/system-pki\x2dtomcatd.slice/pki-tomcatd@pki-tomcat.service └─3993 /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -DRESTEASY_LIB=/usr/share/java/resteasy-base -Djava.library.path=/usr/lib64/nuxwdog-jni -classpath /usr/share/... May 03 15:09:08 usaeilidmp002.XXX.org server[3993]: SSLAuthenticatorWithFallback: Setting container May 03 15:09:09 usaeilidmp002.XXX.org server[3993]: SSLAuthenticatorWithFallback: Initializing authenticators May 03 15:09:09 usaeilidmp002.XXX.org server[3993]: SSLAuthenticatorWithFallback: Starting authenticators May 03 15:09:09 usaeilidmp002.XXX.org server[3993]: CMSEngine.initializePasswordStore() begins May 03 15:09:09 usaeilidmp002.XXX.org server[3993]: CMSEngine.initializePasswordStore(): tag=internaldb May 03 15:09:09 usaeilidmp002.XXX.org server[3993]: testLDAPConnection connecting to usaeilidmp002.XXX.org:389 May 03 15:09:09 usaeilidmp002.XXX.org server[3993]: CMSEngine.initializePasswordStore(): tag=replicationdb May 03 15:09:09 usaeilidmp002.XXX.org server[3993]: testLDAPConnection connecting to usaeilidmp002.XXX.org:389 May 03 15:09:09 usaeilidmp002.XXX.org server[3993]: testLDAPConnection: The specified user cn=Replication Manager masterAgreement1-usaeilidmp002.XXX...not exist May 03 15:09:09 usaeilidmp002.XXX.org server[3993]: CMSEngine: init(): password test execution failed for replicationdbwith NO_SUCH_USER. This may not...noring .. Hint: Some lines were ellipsized, use -l to show in full.
Hi, the issue looks similar to ticket 6766 [1] Flo. [1] https://pagure.io/freeipa/issue/6766 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
