On 07/13/2013 05:28 AM, Ian Chapman wrote: > Hi, > > I've just recently upgrade my F18 server to F19 and IPA is failing to start: > > Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Aborting ipactl > Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Starting Directory Service > Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Starting krb5kdc Service > Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Starting kadmin Service > Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Starting ipa_memcached Service > Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Starting httpd Service > Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Starting pki-cad Service > Jul 13 10:52:30 rex.homenet.lan systemd[1]: ipa.service: main process exited, > code=exited, status=1/FAILURE > Jul 13 10:52:30 rex.homenet.lan systemd[1]: Failed to start Identity, Policy, > Audit. > Jul 13 10:52:30 rex.homenet.lan systemd[1]: Unit ipa.service entered failed > state. > > > > It seems that the pki-cad service fails to start. Is that in relation to > dogtag > upgrade of 9 to 10 or possibly another problem? > > There is of course this page: > > http://pki.fedoraproject.org/wiki/Migrating_Dogtag_9_Instances_to_Dogtag_10 > > but frankly I don't really understand it. Well I get that the idea is to > create > a new pki cloned instance which would be dogtag 10 compatible and then delete > the old one - I'm really don't know what I'm supposed to put in the > configuration file. Has anybody else done this? Is there some more examples? > Thanks. > > > The status of pki-cad is: > > systemctl status [email protected] > [email protected] - PKI Certificate Authority Server pki-ca > Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled) > Active: failed (Result: exit-code) since Sat 2013-07-13 10:54:23 WST; > 30min ago > Process: 98170 ExecStart=/usr/bin/pkicontrol start ca %i (code=exited, > status=1/FAILURE) > > Jul 13 10:54:23 rex.homenet.lan systemd[1]: Starting PKI Certificate Authority > Server pki-ca... > Jul 13 10:54:23 rex.homenet.lan pkicontrol[98170]: WARNING: Symbolic link > '/var/lib/pki-ca/pki-ca' does NOT exist! > Jul 13 10:54:23 rex.homenet.lan pkicontrol[98170]: INFO: Attempting to create > '/var/lib/pki-ca/pki-ca' -> '/usr/sbin/tomcat6-sysd' . . . > Jul 13 10:54:23 rex.homenet.lan pkicontrol[98170]: ERROR: Failed making > '/var/lib/pki-ca/pki-ca' -> '/usr/sbin/tomcat6-sysd' since target '/usr/sb...T > exist! > Jul 13 10:54:23 rex.homenet.lan systemd[1]: [email protected]: control > process exited, code=exited status=1 > Jul 13 10:54:23 rex.homenet.lan systemd[1]: Failed to start PKI Certificate > Authority Server pki-ca. > Jul 13 10:54:23 rex.homenet.lan systemd[1]: Unit [email protected] > entered > failed state. >
Adding PKI/Dogtag developers to CC to advise. Martin _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
