The first call to ipactl restart writes a wrong service list in /var/run/ipa/services.list (it removes pki-tomcatd). As a consequence, subsequent calls to ipactl restart call systemctl start pki-tomcatd instead of systemctl restart pki-tomcatd, and the service is not restarted, the current service is left running.
/var/run/ipa/services.list
ipactl restart
systemctl start pki-tomcatd
systemctl restart pki-tomcatd
In some circumstances this can be problematic, for instance when a restart is needed in order to use a new server certificate.
ps -ef | grep pki-tomcat
$ cat /var/run/ipa/services.list ["dirsrv", "krb5kdc", "kadmin", "named", "httpd", "ipa-custodia", "ipa-otpd", "ipa-dnskeysyncd", "pki-tomcatd"]
# ipactl restart Stopping pki-tomcatd Service Restarting Directory Service Restarting krb5kdc Service Restarting kadmin Service Restarting named Service Restarting httpd Service Restarting ipa-custodia Service Restarting pki-tomcatd Service Restarting ipa-otpd Service Restarting ipa-dnskeysyncd Service ipa: INFO: The ipactl command was successful
Note the first line contains Stopping pki-tomcatd Service, which is unexpected 4. Check the PID of pki-tomcatd: this is a new process 5. Check the content of services.list:
Stopping pki-tomcatd Service
# cat /var/run/ipa/services.list ["dirsrv", "krb5kipactl restart", "ipa-custodia", "ipa-otpd", "ipa-dnskeysyncd"]
Note that pki-tomcatd has disappeared 6. restart the services
# ipactl restart Restarting Directory Service Restarting krb5kdc Service Restarting kadmin Service Restarting named Service Restarting httpd Service Restarting ipa-custodia Service Restarting ipa-otpd Service Restarting ipa-dnskeysyncd Service Starting pki-tomcatd Service ipa: INFO: The ipactl command was successful
Note the line Starting pki-tomcatd instead of Restarting pki-tomcatd. 7. Check the PID of pki-tomcatd: this is the same PID as in step 4, i.e. pki-tomcatd was not restarted.
Starting pki-tomcatd
Restarting pki-tomcatd
The second occurrence of ipactl restart did not restart pki-tomcatd.
ipactl restart should restart pki-tomcatd.
freeipa-server-4.7.2-1.1.fc29.x86_64
Metadata Update from @frenaud: - Issue assigned to frenaud
Metadata Update from @frenaud: - Issue set to the milestone: FreeIPA 4.6.6
Note that the issue happens only when KRA is not installed.
Metadata Update from @frenaud: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/3084
master:
Failed to apply patches onto origin/ipa-4-6. Manual backport is needed.
ipa-4-7:
ipa-4-6:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1704227
Issue linked to Bugzilla: Bug 1704227
Login to comment on this ticket.