Игорь Казанцев via FreeIPA-users wrote: > Hi! > > I have some replics ipa servers, all in docker. All 4.10.2 version. > After restart docker container (or reboot server) : > > Directory Service: RUNNING > krb5kdc Service: STOPPED > kadmin Service: STOPPED > named Service: STOPPED > httpd Service: STOPPED > ipa-custodia Service: STOPPED > pki-tomcatd Service: STOPPED > ipa-otpd Service: STOPPED > ipa-dnskeysyncd Service: STOPPED > 7 service(s) are not running > > systemctl list-units --type=service > UNIT LOAD ACTIVE SUB DESCRIPTION > certmonger.service loaded active running Certificate monitoring and PKI > enrollment > dbus-broker.service loaded active running D-Bus System Message Bus > [email protected] loaded active running 389 Directory Server > PRODUCTION-contur. > gssproxy.service loaded active running GSSAPI Proxy Daemon > ● ipa.service loaded failed failed Identity, Policy, Audit > nis-domainname.service loaded active exited Read and set NIS domainname from > /etc/sysconfig/network > oddjobd.service loaded active running privileged operations for unprivileged > applications > sshd.service loaded active running OpenSSH server daemon > sssd.service loaded active running System Security Services Daemon > systemd-journald.service loaded active running Journal Service > systemd-tmpfiles-setup.service loaded active exited Create Volatile Files and > Directories > > if starting each service manually, it starts, except ipa.service > systemctl status ipa.service: > > × ipa.service - Identity, Policy, Audit > Loaded: loaded (/usr/lib/systemd/system/ipa.service; enabled; preset: > disabled) > Active: failed (Result: exit-code) since Wed 2025-08-20 19:03:50 UTC; 22min > ago > Process: 131 ExecStart=/usr/sbin/ipactl start (code=exited, status=1/FAILURE) > Main PID: 131 (code=exited, status=1/FAILURE) > > Aug 20 19:01:37 ipa-lw-ge-01.production.contur systemd[1]: Starting Identity, > Policy, Audit... > Aug 20 19:03:50 ipa-lw-ge-01.production.contur ipactl[131]: Failed to start > Directory Service: Timeout exceeded > Aug 20 19:03:50 ipa-lw-ge-01.production.contur ipactl[131]: Starting > Directory Service > Aug 20 19:03:50 ipa-lw-ge-01.production.contur systemd[1]: ipa.service: Main > process exited, code=exited, status=1/FAILURE > Aug 20 19:03:50 ipa-lw-ge-01.production.contur systemd[1]: ipa.service: > Failed with result 'exit-code'. > Aug 20 19:03:50 ipa-lw-ge-01.production.contur systemd[1]: Failed to start > Identity, Policy, Audit. > > the entire installation worked for over a year without problems. No updates > were made, certificates did not expire. The only thing that was done besides > the standard user management operations was disabling anonymous access to > ldap. Enabling anonymous access did not fix the situation. >
Since it appears that 389-ds isn't starting I'd recommend starting there looking at the logs in /var/log/dirsrv/slapd-REALM/errors. The journal may also have relevant information. Can you show how you manually started the services? rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
