Issue #7823: Failure starting ipa.service on replica node - freeipa

freeipa

#7823 Failure starting ipa.service on replica node

Closed: duplicate 5 years ago Opened 5 years ago by cmonty.

Request for enhancement

After completing setup of FreeIPA on master and replica node (both nodes are running on identical virtual machine with Fedora 29) I started dnf update to install latest kernel.
Rebooting the nodes to load the latest kernel was successful, but ipa.service fails to start on both master and replica.

Issue

Starting service named-pkcs11.service fails with error:

Dez 29 12:21:20 ipa-replica.example.com named-pkcs11[1240]: LDAP configuration synchronization failed: socket is not connected
Dez 29 12:21:20 ipa-replica.example.com named-pkcs11[1240]: ldap_syncrepl will reconnect in 60 seconds
Dez 29 12:22:20 ipa-replica.example.com named-pkcs11[1240]: Failed to get initial credentials (TGT) using principal 'DNS/ipa-replica.example.com' and keytab 'FILE:/etc/named.keytab' (Cannot contact any KDC for realm 'EXAMPLE.COM')

Steps to Reproduce

Reboot server
Check failed services with systemctl | grep failed
Start services manually

Actual behavior

The error message starting ipa.service indicates an issue with named-pkcs11.service. Therefore I continue to start named-pkcs11.service manually.
This is successful although there is an error message, but systemctl status named-pkcs11.service reports the service is running.
The service ipa.service fails to start, and it kills service dirsrv@EXAMPLE-COM.service.

The complete log for starting named-pkcs11.service is here: http://freetexthost.com/ui1ky252je
The complete log for restarting ipa.service is here: http://freetexthost.com/3lpujhi3cf

Expected behavior

Automatic startup of all required services.

Version/Release/Distribution

$ rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server
freeipa-server-4.7.2-1.fc29.x86_64
freeipa-client-4.7.2-1.fc29.x86_64
Das Paket ipa-server ist nicht installiert
Das Paket ipa-client ist nicht installiert
389-ds-base-1.4.0.20-1.fc29.x86_64
pki-ca-10.6.8-3.fc29.noarch
krb5-server-1.16.1-22.fc29.x86_64

Additional info:

Any additional information, configuration, data or log snippets that is needed for reproduction or investigation of the issue.
see above

Log file locations: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/config-files-logs.html
Troubleshooting guide: https://www.freeipa.org/page/Troubleshooting

rcritten commented 5 years ago

Closing as a duplicate of https://pagure.io/freeipa/issue/7822

Metadata Update from @rcritten:
- Issue close_status updated to: duplicate
- Issue status updated to: Closed (was: Open)

5 years ago

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

None

tester

None

changelog

None

design

None

freeipa

Source Code

#7823 Failure starting ipa.service on replica node Closed: duplicate 5 years ago Opened 5 years ago by cmonty.

Request for enhancement

Issue

Steps to Reproduce

Actual behavior

Expected behavior

Version/Release/Distribution

Additional info:

Metadata

#7823 Failure starting ipa.service on replica node

Closed: duplicate 5 years ago Opened 5 years ago by cmonty.