0007360: pki-tomcatd service from FreeIPA IDM fails. - Rocky Linux BugTracker

ID	Project	Category	View Status	Date Submitted	Last Update

0007360	Rocky-Linux-9	ipa	public	2024-07-05 09:12	2024-07-15 09:56

Reporter	victor belasco	Assigned To	Louis Abel
Priority	normal	Severity	minor	Reproducibility	always
Status	needinfo	Resolution	open
Platform	QEMU/KVM	OS	Rocky 9.3	OS Version	Blue Onyx

Summary	0007360: pki-tomcatd service from FreeIPA IDM fails.
Description	The service pki-tomcat@pki-tomcat can not be started. [ipa] ~ $ uname -a Linux ipa.int.sadako.es 5.14.0-362.13.1.el9_3.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Dec 13 14:07:45 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux [ipa] ~ $ cat /etc/rocky-release Rocky Linux release 9.3 (Blue Onyx) [ipa] ~ $ sudo ipactl status Directory Service: RUNNING krb5kdc Service: RUNNING kadmin Service: RUNNING named Service: RUNNING httpd Service: RUNNING ipa-custodia Service: RUNNING pki-tomcatd Service: STOPPED ipa-otpd Service: RUNNING ipa-dnskeysyncd Service: RUNNING 1 service(s) are not running [ipa] ~ $ sudo journalctl -xeu pki-tomcatd@pki-tomcat.service Jul 05 10:40:55 ipa.int.example.es pki-server[65135]: File "/usr/lib/python3.9/site-packages/pki/server/pkiserver.py", line 41, in <module> Jul 05 10:40:55 ipa.int.example.es pki-server[65135]: cli.execute(sys.argv) Jul 05 10:40:55 ipa.int.example.es pki-server[65135]: File "/usr/lib/python3.9/site-packages/pki/server/cli/__init__.py", line 145, in execute Jul 05 10:40:55 ipa.int.example.es pki-server[65135]: super().execute(args) Jul 05 10:40:55 ipa.int.example.es pki-server[65135]: File "/usr/lib/python3.9/site-packages/pki/cli/__init__.py", line 217, in execute Jul 05 10:40:55 ipa.int.example.es pki-server[65135]: module.execute(module_args) Jul 05 10:40:55 ipa.int.example.es pki-server[65135]: File "/usr/lib/python3.9/site-packages/pki/server/cli/upgrade.py", line 137, in execute Jul 05 10:40:55 ipa.int.example.es pki-server[65135]: instance.load() Jul 05 10:40:55 ipa.int.example.es pki-server[65135]: File "/usr/lib/python3.9/site-packages/pki/server/instance.py", line 373, in load Jul 05 10:40:55 ipa.int.example.es pki-server[65135]: super().load() Jul 05 10:40:55 ipa.int.example.es pki-server[65135]: File "/usr/lib/python3.9/site-packages/pki/server/__init__.py", line 1170, in load Jul 05 10:40:55 ipa.int.example.es pki-server[65135]: self.load_subsystems() Jul 05 10:40:55 ipa.int.example.es pki-server[65135]: File "/usr/lib/python3.9/site-packages/pki/server/__init__.py", line 1218, in load_subsystems Jul 05 10:40:55 ipa.int.example.es pki-server[65135]: subsystem.load() Jul 05 10:40:55 ipa.int.example.es pki-server[65135]: File "/usr/lib/python3.9/site-packages/pki/server/subsystem.py", line 192, in load Jul 05 10:40:55 ipa.int.example.es pki-server[65135]: self.type = self.config['cs.type'] Jul 05 10:40:55 ipa.int.example.es pki-server[65135]: KeyError: 'cs.type' Jul 05 10:40:55 ipa.int.example.es systemd[1]: pki-tomcatd@pki-tomcat.service: Control process exited, code=exited, status=1/FAILURE ░░ Subject: Unit process exited ░░ Defined-By: systemd ░░ Support: https://wiki.rockylinux.org/rocky/support ░░ ░░ An ExecStartPre= process belonging to unit pki-tomcatd@pki-tomcat.service has exited. ░░ ░░ The process' exit code is 'exited' and its exit status is 1. Jul 05 10:40:55 ipa.int.example.es systemd[1]: pki-tomcatd@pki-tomcat.service: Failed with result 'exit-code'. ░░ Subject: Unit failed ░░ Defined-By: systemd ░░ Support: https://wiki.rockylinux.org/rocky/support ░░ ░░ The unit pki-tomcatd@pki-tomcat.service has entered the 'failed' state with result 'exit-code'. Jul 05 10:40:55 ipa.int.example.es systemd[1]: Failed to start PKI Tomcat Server pki-tomcat. ░░ Subject: A start job for unit pki-tomcatd@pki-tomcat.service has failed ░░ Defined-By: systemd ░░ Support: https://wiki.rockylinux.org/rocky/support ░░ ░░ A start job for unit pki-tomcatd@pki-tomcat.service has finished with a failure. ░░ ░░ The job identifier is 11006 and the job result is failed.
Steps To Reproduce	Allways the service is restarted it fails: [ipa] ~ $ sudo systemctl restart pki-tomcatd@pki-tomcat.service [ipa] ~ $ sudo ipactl restart
Tags	No tags attached.

Louis Abel 2024-07-05 15:48 administrator ~0007756	You will need to go to /etc/pki/pki-tomcat/ca and check for a backup file. It is likely CS.cfg is empty and will need to be replaced with a previously working file, typically from CS.cfg.ipabkp in the same directory or /var/lib/pki/pki-tomcat/conf/ca/archives/. Note that you are currently running Rocky Linux 9.3, which is no longer supported. You are recommended to update your system after resolving any issue you are currently having.

victor belasco 2024-07-10 10:22 reporter ~0007822	Hi Louise, Thanks for the solution, it worked. What do you mean Rocky Linux 9.3 is no longer supported? for Tomcatd o for the IPA service? Which Rocky version should I install? Victor

Brian Clemens 2024-07-10 15:41 QA ~0007823	Hi Victor, The current supported release of Rocky Linux 9 is 9.4. See the supported version guide at https://wiki.rockylinux.org/rocky/version/#current-supported-releases

victor belasco 2024-07-15 09:56 reporter ~0007855	Hi Brian. I'm going to upgrade then. I didn't know the new version was already released. Thanks

Date Modified	Username	Field	Change
2024-07-05 09:12	victor belasco	New Issue
2024-07-05 15:48	Louis Abel	Assigned To	=> Louis Abel
2024-07-05 15:48	Louis Abel	Status	new => needinfo
2024-07-05 15:48	Louis Abel	Note Added: 0007756
2024-07-10 10:22	victor belasco	Note Added: 0007822
2024-07-10 15:41	Brian Clemens	Note Added: 0007823
2024-07-15 09:56	victor belasco	Note Added: 0007855