> Le 30 juin 2015 à 10:16, Alexandre Ellert <[email protected]> a écrit : > > >> Could you please provide the content of logfile: >> `/var/log/pki/pki-tomcat/ca/debug', around the time the error >> occurs? >> >> Thanks, >> Fraser > > When the pki-tomcatd service is trying to start, I see this message in > /var/log/pki/pki-tomcat/ca/debug > > [30/Jun/2015:10:02:13][localhost-startStop-1]: > ============================================ > [30/Jun/2015:10:02:13][localhost-startStop-1]: ===== DEBUG SUBSYSTEM > INITIALIZED ======= > [30/Jun/2015:10:02:13][localhost-startStop-1]: > ============================================ > [30/Jun/2015:10:02:13][localhost-startStop-1]: CMSEngine: done init id=debug > [30/Jun/2015:10:02:13][localhost-startStop-1]: CMSEngine: initialized debug > [30/Jun/2015:10:02:13][localhost-startStop-1]: CMSEngine: initSubsystem id=log > [30/Jun/2015:10:02:13][localhost-startStop-1]: CMSEngine: ready to init id=log > [30/Jun/2015:10:02:14][localhost-startStop-1]: CMSEngine: done init id=log > [30/Jun/2015:10:02:14][localhost-startStop-1]: CMSEngine: initialized log > [30/Jun/2015:10:02:14][localhost-startStop-1]: CMSEngine: initSubsystem id=jss > [30/Jun/2015:10:02:14][localhost-startStop-1]: CMSEngine: ready to init id=jss > [30/Jun/2015:10:02:14][localhost-startStop-1]: CMSEngine: done init id=jss > [30/Jun/2015:10:02:14][localhost-startStop-1]: CMSEngine: initialized jss > [30/Jun/2015:10:02:14][localhost-startStop-1]: CMSEngine: initSubsystem id=dbs > [30/Jun/2015:10:02:14][localhost-startStop-1]: CMSEngine: ready to init id=dbs > [30/Jun/2015:10:02:14][localhost-startStop-1]: DBSubsystem: init() > mEnableSerialMgmt=true > [30/Jun/2015:10:02:14][localhost-startStop-1]: LdapBoundConnFactory: init > [30/Jun/2015:10:02:14][localhost-startStop-1]: LdapBoundConnFactory:doCloning > true > [30/Jun/2015:10:02:14][localhost-startStop-1]: LdapAuthInfo: init() > [30/Jun/2015:10:02:14][localhost-startStop-1]: LdapAuthInfo: init begins > [30/Jun/2015:10:02:14][localhost-startStop-1]: LdapAuthInfo: init ends > [30/Jun/2015:10:02:14][localhost-startStop-1]: init: before makeConnection > errorIfDown is true > [30/Jun/2015:10:02:14][localhost-startStop-1]: makeConnection: errorIfDown > true > [30/Jun/2015:10:02:14][localhost-startStop-1]: LdapJssSSLSocket set client > auth cert nicknamesubsystemCert cert-pki-ca > [30/Jun/2015:10:02:14][localhost-startStop-1]: CMS:Caught EBaseException > Internal Database Error encountered: Could not connect to LDAP server host > ipa.mydomain.org <http://ipa.mydomain.org/> port 636 Error > netscape.ldap.LDAPException: IO Error creating JSS SSL Socket (-1) > at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:658) > at com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:934) > at > com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:865) > at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:362) > at com.netscape.certsrv.apps.CMS.init(CMS.java:189) > at com.netscape.certsrv.apps.CMS.start(CMS.java:1585) > at > com.netscape.cms.servlet.base.CMSStartServlet.init(CMSStartServlet.java:96) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at > org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:277) > at > org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:274) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAsPrivileged(Subject.java:536) > at > org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:309) > at > org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:169) > at > org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:123) > at > org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1272) > at > org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1197) > at > org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1087) > at > org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5210) > at > org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5493) > at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) > at > org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901) > at > org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:133) > at > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:156) > at > org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145) > at java.security.AccessController.doPrivileged(Native Method) > at > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875) > at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:632) > at > org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:672) > at > org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1862) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) > at java.util.concurrent.FutureTask.run(FutureTask.java:262) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:745) > [30/Jun/2015:10:02:14][localhost-startStop-1]: CMSEngine.shutdown() > [30/Jun/2015:10:02:14][localhost-startStop-1]: LogFile:In log shutdown > [30/Jun/2015:10:02:14][localhost-startStop-1]: SignedAuditEventFactory: > create() > message=[AuditEvent=AUDIT_LOG_SHUTDOWN][SubjectID=$System$][Outcome=Success] > audit function shutdown > > [30/Jun/2015:10:02:14][localhost-startStop-1]: LogFile:In log shutdown > [30/Jun/2015:10:02:14][localhost-startStop-1]: SignedAuditEventFactory: > create() > message=[AuditEvent=AUDIT_LOG_SHUTDOWN][SubjectID=$System$][Outcome=Success] > audit function shutdown > > [30/Jun/2015:10:02:15][ajp-bio-127.0.0.1-8009-exec-1]: according to ccMode, > authorization for servlet: caGetStatus is LDAP based, not XML {1}, use > default authz mgr: {2}. > > I checked that ns-slapd was running on port 636 > # netstat -antp|grep 636 > tcp6 0 0 :::636 :::* LISTEN > 22855/ns-slapd > > After a quick search, I found this bug > https://fedorahosted.org/freeipa/ticket/4666 > <https://fedorahosted.org/freeipa/ticket/4666> is quite similar. > Many workarounds are suggested there but I’m confused about which could be > efficient for me. > Up plz.
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
