Directory Server fails to start after a reboot of a fresh install of FreeIPA on a Centos 8. Everything works fine after installation but freeipa fails to start as soon as I reboot the server.
Directory server fails to start after reboot
IPA starts normally after reboot
ipa-server-4.8.0-13.module_el8.1.0+265+e1e65be4.x86_64 ipa-client-4.8.0-13.module_el8.1.0+265+e1e65be4.x86_64 389-ds-base-1.4.1.3-7.module_el8.1.0+234+96aec258.x86_64 pki-ca-10.7.3-1.module_el8.1.0+238+005506d1.noarch krb5-server-1.17-9.el8.x86_64
Directory Service: STOPPED Directory Service must be running in order to obtain status of other services
● dirsrv@CORP-FAB-IN.service - 389 Directory Server CORP-FAB-IN. Loaded: loaded (/usr/lib/systemd/system/dirsrv@.service; enabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/dirsrv@.service.d └─custom.conf /etc/systemd/system/dirsrv@CORP-FAB-IN.service.d └─ipa-env.conf Active: failed (Result: exit-code) since Sun 2020-05-10 18:09:20 UTC; 12s ago Process: 631 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-CORP-FAB-IN -i /var/run/dirsrv/slapd -CORP-FAB-IN.pid (code=exited, status=1/FAILURE) Process: 626 ExecStartPre=/usr/libexec/dirsrv/ds_systemd_ask_password_acl /etc/dirsrv/slapd-CORP-FAB-IN/dse.ldif (code=exited, status=0/SUCCESS) Main PID: 631 (code=exited, status=1/FAILURE)
May 10 18:09:20 ipa.corp.fab.in ns-slapd[631]: [10/May/2020:18:09:20.566955507 +0000] - INFO - Securi ty Initialization - SSL info: TLS_RSA_WITH_AES_256_CBC_SHA: enabled May 10 18:09:20 ipa.corp.fab.in ns-slapd[631]: [10/May/2020:18:09:20.572754850 +0000] - INFO - Securi ty Initialization - SSL info: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled May 10 18:09:20 ipa.corp.fab.in ns-slapd[631]: [10/May/2020:18:09:20.587190502 +0000] - WARN - Security Initialization - SSL alert: nsTLS1 is on, but the version range is lower than "TLS1.2"; Configuring the version range as default min: TLS1.2, max: TLS1.3. May 10 18:09:20 ipa.corp.fab.in ns-slapd[631]: [10/May/2020:18:09:20.594080853 +0000] - INFO - Security Initialization - slapd_ssl_init2 - Configured SSL version range: min: TLS1.2, max: TLS1.3 May 10 18:09:20 ipa.corp.fab.in ns-slapd[631]: [10/May/2020:18:09:20.600195866 +0000] - INFO - Security Initialization - slapd_ssl_init2 - NSS adjusted SSL version range: min: TLS1.2, max: TLS1.3 May 10 18:09:20 ipa.corp.fab.in ns-slapd[631]: Error - Problem accessing the lockfile /var/lock/dirsrv/slapd-CORP-FAB-IN/lock May 10 18:09:20 ipa.corp.fintra.in ns-slapd[631]: [10/May/2020:18:09:20.607917613 +0000] - CRIT - main - Shutting down due to possible conflicts with other slapd processes May 10 18:09:20 ipa.corp.fintra.in systemd[1]: dirsrv@CORP-FAB-IN.service: Main process exited, code=exited, status=1/FAILURE May 10 18:09:20 ipa.corp.fintra.in systemd[1]: dirsrv@CORP-FAB-IN.service: Failed with result 'exit-code'. May 10 18:09:20 ipa.corp.fintra.in systemd[1]: Failed to start 389 Directory Server CORP-FAB-IN..
Let me know if you need any additional log files.
Do the directory /var/lock/dirsrv/slapd-CORP-FAB-IN and the file /etc/tmpfiles.d/dirsrv-CORP-FAB-IN.confexist on your system?
/var/lock/dirsrv/slapd-CORP-FAB-IN
/etc/tmpfiles.d/dirsrv-CORP-FAB-IN.conf
/etc/tmpfiles.d/dirsrv-CORP-FAB-IN.conf exists but /var/lock/dirsrv/slapd-CORP-FAB-IN does not.
Here is the contents of the /etc/tmpfiles.d/dirsrv-CORP-FAB-IN.conf file
d /var/run/dirsrv 0770 dirsrv dirsrv d /var/lock/dirsrv/ 0770 dirsrv dirsrv d /var/lock/dirsrv/slapd-CORP-FAB-IN 0770 dirsrv dirsrv
Based on the config file the directory /var/lock/dirsrv/slapd-CORP-FAB-IN should have been created by systemd-tmpfiles automatically on startup. Could you please check the status of all tmpfiles services, e.g. systemd-tmpfiles-setup.service?
systemd-tmpfiles
systemd-tmpfiles-setup.service
● systemd-tmpfiles-setup.service - Create Volatile Files and Directories Loaded: loaded (/usr/lib/systemd/system/systemd-tmpfiles-setup.service; static; vendor preset: disabled) Active: active (exited) since Sun 2020-05-10 17:43:05 UTC; 17h ago Docs: man:tmpfiles.d(5) man:systemd-tmpfiles(8) Process: 54 ExecStart=/usr/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=73) Main PID: 54 (code=exited, status=73)
May 10 17:43:05 ipa.corp.fab.in systemd[1]: Starting Create Volatile Files and Directories... May 10 17:43:05 ipa.corp.fab.in systemd-tmpfiles[54]: [/usr/lib/tmpfiles.d/certmonger.conf:3] Line references path below legacy directory /var/run/, updating /var/run/certmonger → /run/certmonger; please update the tmpfiles.d/ drop-in file accordingly. May 10 17:43:05 ipa.corp.fab.in systemd-tmpfiles[54]: [/etc/tmpfiles.d/dirsrv-CORP-fab-IN.conf:1] Line references path below legacy directory /var/run/, updating /var/run/dirsrv → /run/dirsrv; please update the tmpfiles.d/ drop-in file accordingly. May 10 17:43:05 ipa.corp.fab.in systemd-tmpfiles[54]: [/usr/lib/tmpfiles.d/krb5-krb5kdc.conf:1] Line references path below legacy directory /var/run/, updating /var/run/krb5kdc → /run/krb5kdc; please update the tmpfiles.d/ drop-in file accordingly. May 10 17:43:05 ipa.corp.fab.in systemd-tmpfiles[54]: [/usr/lib/tmpfiles.d/opendnssec.conf:1] Line references path below legacy directory /var/run/, updating /var/run/opendnssec → /run/opendnssec; please update the tmpfiles.d/ drop-in file accordingly. May 10 17:43:05 ipa.corp.fab.in systemd-tmpfiles[54]: Failed to create directory or subvolume "/var/lock/dirsrv": No such file or directory May 10 17:43:05 ipa.corp.fab.in systemd-tmpfiles[54]: Failed to create directory or subvolume "/var/lock/dirsrv/slapd-CORP-fab-IN": No such file or directory May 10 17:43:05 ipa.corp.fab.in systemd[1]: Started Create Volatile Files and Directories.
Looks like the directories were not present so I created them and restarted the server, but they got removed again.
I found this related issue. https://pagure.io/389-ds-base/issue/47429
This might be a bug in CentOS file system. No such file or directory means that systemd-tmpfiles cannot create /var/lock/dirsrv because /var/lock is missing or a broken symlink. Please report the issue with CentOS.
No such file or directory
/var/lock/dirsrv
/var/lock
Thank you for helping me with the diagnosis. I will use the solution described in the previous issue. Closing this issue.
Metadata Update from @cannotlol: - Issue close_status updated to: invalid - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.