Manuel Gujo via FreeIPA-users wrote: > Hi Rob, > > so in "/etc/dirsrv/slapd-ITEC-LAB/dse.ldif", nsslapd-port was '0' and > nsslapd-security was off, I fixed it and now it's listening on port 389 and > 636: > > # netstat -tulpn | grep LISTEN | grep ns-slapd > tcp6 0 0 :::636 :::* LISTEN > 30606/ns-slapd > tcp6 0 0 :::389 :::* LISTEN > 30606/ns-slapd > > Then I tried to restart all the ipactl services one by one. pki-tomcatd keeps > failing and /var/log/pki/pki-tomcat/ca/debug does not log anymore (last log > is the one i sent you above, 31 Dec 2019) > > I resubmitted all the expired certs and restarting cermonger but certs keep > being unreachable.
If the CA isn't running then there is no point in resubmitting the certmonger requests. It is guaranteed to fail with UNREACHABLE. Check the journalctl output and the other logs, like catalina, in /var/log/pki/pki-tomcat for more information on why it failed to start. > > from certmonger logs: > > nov 17 18:11:47 ipa1.itec.lab dogtag-ipa-ca-renew-agent-submit[30764]: > Forwarding request to dogtag-ipa-renew-agent > nov 17 18:11:47 ipa1.itec.lab dogtag-ipa-renew-agent-submit[31183]: GET > http://ipa1.itec.lab:8080/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=20&renewal=true&xml=true&; > nov 17 18:11:47 ipa1.itec.lab dogtag-ipa-renew-agent-submit[31183]: (null) > nov 17 18:11:47 ipa1.itec.lab dogtag-ipa-ca-renew-agent-submit[30764]: > dogtag-ipa-renew-agent returned 3 > nov 17 18:11:47 ipa1.itec.lab certmonger[30685]: 2020-11-17 18:11:47 [30685] > Error 7 connecting to http://ipa1.itec.lab:8080/ca/ee/ca/profileSubmit: > Couldn't connect to server. > > in certmonger's log I also saw these: > > nov 17 18:11:01 ipa1.itec.lab dogtag-ipa-ca-renew-agent-submit[30741]: > Traceback (most recent call last): > File > "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit", line 533, in > <module> > > sys.exit(main()) > File > "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit", line 495, in main > > api.finalize() > File > "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 740, in finalize > > self.__do_if_not_done('load_plugins') > File > "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 431, in > __do_if_not_done > > getattr(self, name)() > File > "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 620, in > load_plugins > > self.add_package(package) > File > "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 647, in > add_package > > module = importlib.import_module(name) > File > "/usr/lib64/python2.7/importlib/__init__.py", line 37, in import_module > > __import__(name) > File > "/usr/lib/python2.7/site-packages/ipaserver/plugins/server.py", line 32, in > <module> > > from ipaserver.install import bindinstance, dnskeysyncinstance > File > "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py", > line 17, in <module> > > from ipaserver import p11helper as _ipap11helper > File > "/usr/lib/python2.7/site-packages/ipaserver/p11helper.py", line 342, in > <module> > > _libp11_kit = _ffi.dlopen(ctypes.util.find_library('p11-kit')) > File > "/usr/lib64/python2.7/ctypes/util.py", line 244, in find_library > > return _findSoname_ldconfig(name) or _get_soname(_findLib_gcc(name)) > File > "/usr/lib64/python2.7/ctypes/util.py", line 233, in _findSoname_ldconfig > f > = os.popen('/sbin/ldconfig -p 2>/dev/null') > > OSError: [Errno 12] Cannot allocate memory Is this host memory-constrained? How much RAM does it have? rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
