freeipa

Clone
Source Code
GIT

#8318 Directory Server fails after reboot
Closed: invalid 4 years ago by cannotlol. Opened 4 years ago by cannotlol.

Closed: invalid
Reopen Issue

Issue

Directory Server fails to start after a reboot of a fresh install of FreeIPA on a Centos 8.
Everything works fine after installation but freeipa fails to start as soon as I reboot the server.

Steps to Reproduce

  1. Fresh Install FreeIPA on Centos 8
  2. Reboot server

Actual behavior

Directory server fails to start after reboot

Expected behavior

IPA starts normally after reboot

Version/Release/Distribution

ipa-server-4.8.0-13.module_el8.1.0+265+e1e65be4.x86_64
ipa-client-4.8.0-13.module_el8.1.0+265+e1e65be4.x86_64
389-ds-base-1.4.1.3-7.module_el8.1.0+234+96aec258.x86_64
pki-ca-10.7.3-1.module_el8.1.0+238+005506d1.noarch
krb5-server-1.17-9.el8.x86_64

Additional info:

ipactl status

Directory Service: STOPPED
Directory Service must be running in order to obtain status of other services

systemctl status dirsrv@CORP-FAB-IN.service

● dirsrv@CORP-FAB-IN.service - 389 Directory Server CORP-FAB-IN.
Loaded: loaded (/usr/lib/systemd/system/dirsrv@.service; enabled; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/dirsrv@.service.d
└─custom.conf
/etc/systemd/system/dirsrv@CORP-FAB-IN.service.d
└─ipa-env.conf
Active: failed (Result: exit-code) since Sun 2020-05-10 18:09:20 UTC; 12s ago
Process: 631 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-CORP-FAB-IN -i /var/run/dirsrv/slapd
-CORP-FAB-IN.pid (code=exited, status=1/FAILURE)
Process: 626 ExecStartPre=/usr/libexec/dirsrv/ds_systemd_ask_password_acl /etc/dirsrv/slapd-CORP-FAB-IN/dse.ldif (code=exited, status=0/SUCCESS)
Main PID: 631 (code=exited, status=1/FAILURE)

May 10 18:09:20 ipa.corp.fab.in ns-slapd[631]: [10/May/2020:18:09:20.566955507 +0000] - INFO - Securi
ty Initialization - SSL info: TLS_RSA_WITH_AES_256_CBC_SHA: enabled
May 10 18:09:20 ipa.corp.fab.in ns-slapd[631]: [10/May/2020:18:09:20.572754850 +0000] - INFO - Securi
ty Initialization - SSL info: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
May 10 18:09:20 ipa.corp.fab.in ns-slapd[631]: [10/May/2020:18:09:20.587190502 +0000] - WARN - Security Initialization - SSL alert: nsTLS1 is on, but the version range is lower than "TLS1.2"; Configuring the version range as default min: TLS1.2, max: TLS1.3.
May 10 18:09:20 ipa.corp.fab.in ns-slapd[631]: [10/May/2020:18:09:20.594080853 +0000] - INFO - Security Initialization - slapd_ssl_init2 - Configured SSL version range: min: TLS1.2, max: TLS1.3
May 10 18:09:20 ipa.corp.fab.in ns-slapd[631]: [10/May/2020:18:09:20.600195866 +0000] - INFO - Security Initialization - slapd_ssl_init2 - NSS adjusted SSL version range: min: TLS1.2, max: TLS1.3
May 10 18:09:20 ipa.corp.fab.in ns-slapd[631]: Error - Problem accessing the lockfile /var/lock/dirsrv/slapd-CORP-FAB-IN/lock
May 10 18:09:20 ipa.corp.fintra.in ns-slapd[631]: [10/May/2020:18:09:20.607917613 +0000] - CRIT - main - Shutting down due to possible conflicts with other slapd processes
May 10 18:09:20 ipa.corp.fintra.in systemd[1]: dirsrv@CORP-FAB-IN.service: Main process exited, code=exited, status=1/FAILURE
May 10 18:09:20 ipa.corp.fintra.in systemd[1]: dirsrv@CORP-FAB-IN.service: Failed with result 'exit-code'.
May 10 18:09:20 ipa.corp.fintra.in systemd[1]: Failed to start 389 Directory Server CORP-FAB-IN..

Let me know if you need any additional log files.

Do the directory /var/lock/dirsrv/slapd-CORP-FAB-IN and the file /etc/tmpfiles.d/dirsrv-CORP-FAB-IN.confexist on your system?

Do the directory /var/lock/dirsrv/slapd-CORP-FAB-IN and the file /etc/tmpfiles.d/dirsrv-CORP-FAB-IN.confexist on your system?

/etc/tmpfiles.d/dirsrv-CORP-FAB-IN.conf exists but /var/lock/dirsrv/slapd-CORP-FAB-IN does not.

Here is the contents of the /etc/tmpfiles.d/dirsrv-CORP-FAB-IN.conf file

d /var/run/dirsrv 0770 dirsrv dirsrv
d /var/lock/dirsrv/ 0770 dirsrv dirsrv
d /var/lock/dirsrv/slapd-CORP-FAB-IN 0770 dirsrv dirsrv
Edited 4 years ago by cannotlol

Based on the config file the directory /var/lock/dirsrv/slapd-CORP-FAB-IN should have been created by systemd-tmpfiles automatically on startup. Could you please check the status of all tmpfiles services, e.g. systemd-tmpfiles-setup.service?

Based on the config file the directory /var/lock/dirsrv/slapd-CORP-FAB-IN should have been created by systemd-tmpfiles automatically on startup. Could you please check the status of all tmpfiles services, e.g. systemd-tmpfiles-setup.service?

systemctl status systemd-tmpfiles-setup.service

● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
Loaded: loaded (/usr/lib/systemd/system/systemd-tmpfiles-setup.service; static; vendor preset: disabled)
Active: active (exited) since Sun 2020-05-10 17:43:05 UTC; 17h ago
Docs: man:tmpfiles.d(5)
man:systemd-tmpfiles(8)
Process: 54 ExecStart=/usr/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=73)
Main PID: 54 (code=exited, status=73)

May 10 17:43:05 ipa.corp.fab.in systemd[1]: Starting Create Volatile Files and Directories...
May 10 17:43:05 ipa.corp.fab.in systemd-tmpfiles[54]: [/usr/lib/tmpfiles.d/certmonger.conf:3] Line references path below legacy directory /var/run/, updating /var/run/certmonger → /run/certmonger; please update the tmpfiles.d/ drop-in file accordingly.
May 10 17:43:05 ipa.corp.fab.in systemd-tmpfiles[54]: [/etc/tmpfiles.d/dirsrv-CORP-fab-IN.conf:1] Line references path below legacy directory /var/run/, updating /var/run/dirsrv → /run/dirsrv; please update the tmpfiles.d/ drop-in file accordingly.
May 10 17:43:05 ipa.corp.fab.in systemd-tmpfiles[54]: [/usr/lib/tmpfiles.d/krb5-krb5kdc.conf:1] Line references path below legacy directory /var/run/, updating /var/run/krb5kdc → /run/krb5kdc; please update the tmpfiles.d/ drop-in file accordingly.
May 10 17:43:05 ipa.corp.fab.in systemd-tmpfiles[54]: [/usr/lib/tmpfiles.d/opendnssec.conf:1] Line references path below legacy directory /var/run/, updating /var/run/opendnssec → /run/opendnssec; please update the tmpfiles.d/ drop-in file accordingly.
May 10 17:43:05 ipa.corp.fab.in systemd-tmpfiles[54]: Failed to create directory or subvolume "/var/lock/dirsrv": No such file or directory
May 10 17:43:05 ipa.corp.fab.in systemd-tmpfiles[54]: Failed to create directory or subvolume "/var/lock/dirsrv/slapd-CORP-fab-IN": No such file or directory
May 10 17:43:05 ipa.corp.fab.in systemd[1]: Started Create Volatile Files and Directories.

Looks like the directories were not present so I created them and restarted the server, but they got removed again.

I found this related issue.
https://pagure.io/389-ds-base/issue/47429
Edited 4 years ago by cannotlol

This might be a bug in CentOS file system. No such file or directory means that systemd-tmpfiles cannot create /var/lock/dirsrv because /var/lock is missing or a broken symlink. Please report the issue with CentOS.

Thank you for helping me with the diagnosis. I will use the solution described in the previous issue.
Closing this issue.

Metadata Update from @cannotlol:
- Issue close_status updated to: invalid
- Issue status updated to: Closed (was: Open)
4 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.