When IPA server is configured with an embedded CA, the default behavior is to configure tomcat with 2 AJP connectors using localhost4/localhost6 names. When the machine /etc/hosts defines only localhost:
127.0.0.1 localhost ::1 localhost
this results in PKI error messages in the journal similar to the following:
server[18294]: WARNING: Match [Server/Service/Connector] failed to set property [address] to [localhost4] server[18294]: WARNING: Match [Server/Service/Connector] failed to set property [address] to [localhost6] java[18294]: usr/lib/api/apiutil.c Could not open /run/lock/opencryptoki/LCK..APIlock server[18294]: WARNING: Some of the specified [protocols] are not supported by the SSL engine and have been skipped: [[TLSv1, TLSv1.1]] server[18294]: SEVERE: Failed to initialize component [Connector[AJP/1.3-8009]] server[18294]: org.apache.catalina.LifecycleException: Protocol handler initialization failed server[18294]: at org.apache.catalina.connector.Connector.initInternal(Connector.java:1048) server[18294]: at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) server[18294]: at org.apache.catalina.core.StandardService.initInternal(StandardService.java:556) server[18294]: at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) server[18294]: at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1045) server[18294]: at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) server[18294]: at org.apache.catalina.startup.Catalina.load(Catalina.java:724) server[18294]: at org.apache.catalina.startup.Catalina.load(Catalina.java:746) server[18294]: at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) server[18294]: at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) server[18294]: at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) server[18294]: at java.base/java.lang.reflect.Method.invoke(Method.java:566) server[18294]: at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302) server[18294]: at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472) server[18294]: Caused by: java.net.BindException: Address already in use server[18294]: at java.base/sun.nio.ch.Net.bind0(Native Method) server[18294]: at java.base/sun.nio.ch.Net.bind(Net.java:455) server[18294]: at java.base/sun.nio.ch.Net.bind(Net.java:447) server[18294]: at java.base/sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:227) server[18294]: at org.apache.tomcat.util.net.NioEndpoint.initServerSocket(NioEndpoint.java:300) server[18294]: at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:253) server[18294]: at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1204) server[18294]: at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1217) server[18294]: at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:603) server[18294]: at org.apache.catalina.connector.Connector.initInternal(Connector.java:1045) server[18294]: ... 13 more
It is possible to override the setting using the IP addresses 127.0.0.1 and ::1 instead of the localhost4/localhost6 hostnames.
Metadata Update from @frenaud: - Issue assigned to frenaud
Metadata Update from @frenaud: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/5749
master:
ipa-4-9:
Metadata Update from @abbra: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.