After completing setup of FreeIPA on master and replica node (both nodes are running on identical virtual machine with Fedora 29) I started dnf update to install latest kernel. Rebooting the nodes to load the latest kernel was successful, but ipa.service fails to start on both master and replica.
dnf update
Starting service ipa.service fails with error:
Dez 29 12:11:36 ipa-master.example.com ipactl[1304]: Failed to start named Service Dez 29 12:11:36 ipa-master.example.com ipactl[1304]: Shutting down Dez 29 12:11:36 ipa-master.example.com ipactl[1304]: Hint: You can use --ignore-service-failure option for forced start in case that a non-critical service failed Dez 29 12:11:36 ipa-master.example.com ipactl[1304]: Aborting ipactl Dez 29 12:11:36 ipa-master.example.com ipactl[1304]: Starting Directory Service Dez 29 12:11:36 ipa-master.example.com ipactl[1304]: Starting krb5kdc Service Dez 29 12:11:36 ipa-master.example.com ipactl[1304]: Starting kadmin Service Dez 29 12:11:36 ipa-master.example.com ipactl[1304]: Starting named Service Dez 29 12:11:37 ipa-master.example.com systemd[1]: ipa.service: Main process exited, code=exited, status=1/FAILURE Dez 29 12:11:37 ipa-master.example.com systemd[1]: ipa.service: Failed with result 'exit-code'. Dez 29 12:11:37 ipa-master.example.com systemd[1]: Failed to start Identity, Policy, Audit.
systemctl | grep failed
The error message starting ipa.service indicates an issue with named-pkcs11.service. Therefore I continue to start named-pkcs11.service manually. This is successful and I restart ipa.service. Now the service ipa.service starts successfully, but it kills service named-pkcs11.service.
ipa.service
named-pkcs11.service
The complete log for starting ipa.service is here: http://freetexthost.com/vhlrxrlzbg The complete log for starting named-pkcs11.service is here: http://freetexthost.com/w3qz235q4c The complete log for restarting ipa.service is here: http://freetexthost.com/5mp30kprjn
Automatic startup of all required services.
$ rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server freeipa-server-4.7.2-1.fc29.x86_64 freeipa-client-4.7.2-1.fc29.x86_64 Das Paket ipa-server ist nicht installiert Das Paket ipa-client ist nicht installiert 389-ds-base-1.4.0.20-1.fc29.x86_64 pki-ca-10.6.8-3.fc29.noarch krb5-server-1.16.1-22.fc29.x86_64
Any additional information, configuration, data or log snippets that is needed for reproduction or investigation of the issue. see above
Log file locations: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/config-files-logs.html Troubleshooting guide: https://www.freeipa.org/page/Troubleshooting
named is dropping core in libkrb5. I'd try updating krb5-* to see if that helps. For additional information see https://bugzilla.redhat.com/show_bug.cgi?id=1622760
I restarted from scratch and didn't experience any similar issue. This ticket can be closed.
Metadata Update from @cmonty: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.