Brian J. Murrell via FreeIPA-users wrote: > On Thu, 2025-10-09 at 10:44 +0200, Florence Blanc-Renaud via FreeIPA- > users wrote: >> Hi, > > Hello! > >> When pki-tomcat starts, there is a script that is executed in order >> to wait >> for the CA subsystem to be reachable. > > Indeed. This much I gathered. > >> This is setup through >> the /etc/systemd/system/[email protected]/ipa.conf >> file that >> defines *ExecStartPost=/usr/libexec/ipa/ipa-pki-wait-running*. > > Right. > >> The script simply calls a CA endpoint until it succeeds or the >> timeout is >> reached. > > Right. It is this much that I had gathered. What I am unsure of is > which systemd service unit is responsible for starting whatever service > is listening on the CA endpoint? I.e. what unit startup is taking > longer than ipa-pki-wait-running is waiting for causing > [email protected] to time out? > >> By default, the timeout is 120s but it can be changed by setting a >> different value in /etc/ipa/default.conf in the startup_timeout >> value. > > Right. Which I've already increased: > > startup_timeout = 600 > > But rather than continue to just try to guess at how long it's taking > to start up so that the CA endpoint is reachable, I'd like to know > which service it is so that I can look in the logs and see how long > it's actually taking to start up. I'm not sure which unit file I am > looking for though. > > Cheers, > b. >
pki-tomcatd@pki-tomcat is timing itself out. Increasing the startup_timeout in /etc/ipa/*.conf is not sufficient. The systemd start timeout needs to be updated as well (blame the systemd folks, not us). Setting TimeoutStartSec=<some value> in /etc/systemd/system/[email protected]/ipa.conf should do it. The default is 90s. rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
