After upgrading dogtag-pki on my Fedora 41 FreeIPA instances to dogtag-pki-base-11.6.0-1.fc41.2, I see the following errors on pki-tomcatd@pki-tomcat startup. I'm running freeipa-server-4.12.2-8.fc41 (including KRA). After startup, I do see that "java" is listening on 127.0.0.1:8009 and [::1]:8009. So far, I have not been able to determine if this has affected functionality on either of my FreeIPA replicas. Googling has only revealed others with port conflicts for non-FreeIPA applications, so I'm looking for some FreeIPA-specific guidance. Thanks. -A
Starting [email protected] - PKI Tomcat Server pki-tomcat... NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED AJP connector requiredSecret: None AJP connector requiredSecret: None AJP connector requiredSecret: None AJP connector requiredSecret: None Java virtual machine used: /usr/lib/jvm/jre-21-openjdk/bin/java classpath used: /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar: main class used: org.apache.catalina.startup.Bootstrap flags used: -Dcom.redhat.fips=false options used: -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.security.manager -Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy arguments used: start NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED WARNING: A command line option has enabled the Security Manager WARNING: The Security Manager is deprecated and will be removed in a future release pki.client: /usr/libexec/ipa/ipa-pki-wait-running:61: The subsystem in PKIConnection.__init__() has been deprecated (https://github.com/dogtagpki/pki/wiki/PKI-10.8-Python-Changes). ipa-pki-wait-running: Created connection http://ipa4b.example.com:8080/ca ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa4b.example.com', port=8080): Max retries exceeded with url: /ca/admin/ca/getStatus (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fb3ee0ee510>: Failed to establish a new connection: [Errno 111] Connection refused')) ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa4b.example.com', port=8080): Max retries exceeded with url: /ca/admin/ca/getStatus (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fb3ee296e90>: Failed to establish a new connection: [Errno 111] Connection refused')) WARNING: Tomcat interprets the [protocols] attribute in a manner consistent with the latest OpenSSL development branch. Some of the specified [protocols] are not supported by the configured SSL engine for this connector (which may use JSSE or an older OpenSSL version) and have been skipped: [[TLSv1, TLSv1.1]] SEVERE: Failed to initialize component [Connector["ajp-nio-127.0.0.1-8009"]] org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:1027) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:122) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:525) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:122) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:986) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:122) at org.apache.catalina.startup.Catalina.load(Catalina.java:690) at org.apache.catalina.startup.Catalina.load(Catalina.java:713) at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) at java.base/java.lang.reflect.Method.invoke(Method.java:580) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472) Caused by: java.net.BindException: Address already in use at java.base/sun.nio.ch.Net.bind0(Native Method) at java.base/sun.nio.ch.Net.bind(Net.java:565) at java.base/sun.nio.ch.ServerSocketChannelImpl.netBind(ServerSocketChannelImpl.java:344) at java.base/sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:301) at org.apache.tomcat.util.net.NioEndpoint.initServerSocket(NioEndpoint.java:268) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:223) at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1373) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1386) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:663) at org.apache.catalina.connector.Connector.initInternal(Connector.java:1025) ... 11 more SEVERE: Failed to initialize component [Connector["ajp-nio-0:0:0:0:0:0:0:1-8009"]] org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:1027) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:122) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:525) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:122) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:986) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:122) at org.apache.catalina.startup.Catalina.load(Catalina.java:690) at org.apache.catalina.startup.Catalina.load(Catalina.java:713) at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) at java.base/java.lang.reflect.Method.invoke(Method.java:580) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472) Caused by: java.net.BindException: Address already in use at java.base/sun.nio.ch.Net.bind0(Native Method) at java.base/sun.nio.ch.Net.bind(Net.java:565) at java.base/sun.nio.ch.ServerSocketChannelImpl.netBind(ServerSocketChannelImpl.java:344) at java.base/sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:301) at org.apache.tomcat.util.net.NioEndpoint.initServerSocket(NioEndpoint.java:268) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:223) at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1373) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1386) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:663) at org.apache.catalina.connector.Connector.initInternal(Connector.java:1025) ... 11 more ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa4b.example.com', port=8080): Read timed out. (read timeout=1.0) ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa4b.example.com', port=8080): Read timed out. (read timeout=1.0) ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa4b.example.com', port=8080): Read timed out. (read timeout=1.0) ipa-pki-wait-running: Success, subsystem ca is running! Started [email protected] - PKI Tomcat Server pki-tomcat. -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
