In FreeIPA 4.5 and 4.6, the ipa-server-install program can fail during the "Configuring certificate server (pki-tomcatd)" stage on a heavily-loaded host.
ipa-server-install
The dogtag service is memory intensive, and on a memory-constrained system, can be unresponsive right after start-up, especially for expensive operations that generate new certificates.
These delays can cause failures when dbus clients time out while attempting to run new certificate operations through certmonger. This patch changes dbus client timeouts for some such operations to 120 seconds (from the default 25 seconds).
There is a github PR #1078 that fixes this problem, as well as quite a bit of discussion.
Metadata Update from @tkrizek: - Issue priority set to: normal - Issue set to the milestone: FreeIPA 4.6.2
master:
ipa-4-6:
Metadata Update from @tdudlak: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.