Hi, On Wed, Oct 8, 2025 at 7:40 PM Brian J. Murrell via FreeIPA-users < [email protected]> wrote:
> Hello! > > Frequently during startup on my (admittedly slower) FreeIPA server pki- > tomcat fails to start. If I then start it manually after the system is > booted, the service invariably succeeds. The end of it's log when it > fails during boot is: > > Oct 08 13:19:40 server.example.com ipa-pki-wait-running[1760]: > ipa-pki-wait-running: Request failed unexpectedly, 404 Client Error: for > url: http://server.example.com:8080/ca/admin/ca/getStatus > Oct 08 13:19:41 server.example.com ipa-pki-wait-running[1760]: > ipa-pki-wait-running: Request failed unexpectedly, 404 Client Error: for > url: http://server.example.com:8080/ca/admin/ca/getStatus > Oct 08 13:19:42 server.example.com ipa-pki-wait-running[1760]: > ipa-pki-wait-running: Request failed unexpectedly, 404 Client Error: for > url: http://server.example.com:8080/ca/admin/ca/getStatus > Oct 08 13:19:43 server.example.com ipa-pki-wait-running[1760]: > ipa-pki-wait-running: Request failed unexpectedly, 404 Client Error: for > url: http://server.example.com:8080/ca/admin/ca/getStatus > Oct 08 13:19:44 server.example.com ipa-pki-wait-running[1760]: > ipa-pki-wait-running: Request failed unexpectedly, 404 Client Error: for > url: http://server.example.com:8080/ca/admin/ca/getStatus > Oct 08 13:19:45 server.example.com ipa-pki-wait-running[1760]: > ipa-pki-wait-running: Request failed unexpectedly, 404 Client Error: for > url: http://server.example.com:8080/ca/admin/ca/getStatus > Oct 08 13:19:46 server.example.com ipa-pki-wait-running[1760]: > ipa-pki-wait-running: Reached end of wait timeout 600, giving up > Oct 08 13:19:46 server.example.com systemd[1]: > [email protected]: Control process exited, code=exited > status=1 > Oct 08 13:19:47 server.example.com systemd[1]: > [email protected]: Failed with result 'exit-code'. > Oct 08 13:19:47 server.example.com systemd[1]: Failed to start PKI Tomcat > Server pki-tomcat. > Oct 08 13:19:47 server.example.com systemd[1]: Reached target PKI Tomcat > Server. > Oct 08 13:19:47 server.example.com systemd[1]: Starting Certificate > monitoring and PKI enrollment... > Oct 08 13:19:47 server.example.com certmonger[17034]: 2025-10-08 13:19:47 > [17034] Changing to root directory. > Oct 08 13:19:47 server.example.com certmonger[17034]: 2025-10-08 13:19:47 > [17034] Obtaining system lock. > Oct 08 13:19:47 server.example.com systemd[1]: Listening on ipa-otpd > socket. > Oct 08 13:19:47 server.example.com systemd[1]: Started IPA key daemon. > Oct 08 13:19:47 server.example.com ipactl[1988]: ipa: INFO: The ipactl > command was successful > > Seems I have a timeout that needs to be extended but I'm not sure which > one it is. What is not completed it's startup and running that is > causing the 404 on http://server.example.com:8080/ca/admin/ca/getStatus > when pki-tomcat finally times out and gives up? > > When pki-tomcat starts, there is a script that is executed in order to wait for the CA subsystem to be reachable. This is setup through the /etc/systemd/system/[email protected]/ipa.conf file that defines *ExecStartPost=/usr/libexec/ipa/ipa-pki-wait-running*. The script simply calls a CA endpoint until it succeeds or the timeout is reached. By default, the timeout is 120s but it can be changed by setting a different value in /etc/ipa/default.conf in the startup_timeout value. Cheers, > b. > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
