FreeIPA Centos7 fails after first reboot due to 389dir service crashing
I have reinstalled centos7 and ipa-server with SSSD & BIND etc several times now and configure everything to work fine with the global forwarders etc. Then after the first reboot, "kinit admin" fails with"Cannot contact any KDC" since the IPA service fails to start, and the IPA service says the 389DIR service didn't start. Then I find in the slapd log this error below. I do the same on Centos6 and it does not have this issue! Are my global forwarders maybe inflating the database and crashing 389dir?
[root@tarkin slapd-ANSYS-COM]# systemctl status ipa
ipa.service - Identity, Policy, Audit
Loaded: loaded (/usr/lib/systemd/system/ipa.service; enabled)
Active: failed (Result: exit-code) since Thu 2015-08-13 11:23:57 EDT; 8min ago
Process: 908 ExecStart=/usr/sbin/ipactl start (code=exited, status=1/FAILURE)
Main PID: 908 (code=exited, status=1/FAILURE)
CGroup: /system.slice/ipa.service
Aug 13 11:18:51 tarkin.ansys.com systemd[1]: Starting Identity, Policy, Audit...
Aug 13 11:23:57 tarkin.ansys.com ipactl[908]: Failed to start Directory Service:
Aug 13 11:23:57 tarkin.ansys.com ipactl[908]: Starting Directory Service
Aug 13 11:23:57 tarkin.ansys.com systemd[1]: ipa.service: main process exited, code=exited, status=1/FAILURE
Aug 13 11:23:57 tarkin.ansys.com systemd[1]: Failed to start Identity, Policy, Audit.
Aug 13 11:23:57 tarkin.ansys.com systemd[1]: Unit ipa.service entered failed state.
[root@tarkin slapd-ANSYS-COM]# systemctl start ipa
[13/Aug/2015:11:08:30 -0400] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2
[13/Aug/2015:11:08:30 -0400] - 389-Directory/1.3.3.1 B2015.218.023 starting up
[13/Aug/2015:11:08:30 -0400] nis-plugin - warning: no entries in domain=ansys.com,map=ethers.byaddr
[13/Aug/2015:11:08:30 -0400] nis-plugin - warning: no entries in domain=ansys.com,map=ethers.byname
[13/Aug/2015:11:08:30 -0400] nis-plugin - warning: no entries in domain=ansys.com,map=netgroup
[13/Aug/2015:11:18:56 -0400] - SSL alert: Configured NSS Ciphers
[13/Aug/2015:11:18:56 -0400] SSL Initialization - Configured SSL version range: min: TLS1.0, max: TLS1.2
[13/Aug/2015:11:18:56 -0400] - 389-Directory/1.3.3.1 B2015.218.023 starting up
[13/Aug/2015:11:18:56 -0400] - Detected Disorderly Shutdown last time Directory Server was running, recovering database.
[13/Aug/2015:11:18:57 -0400] nis-plugin - warning: no entries in domain=ansys.com,map=ethers.byaddr
[13/Aug/2015:11:18:57 -0400] nis-plugin - warning: no entries in domain=ansys.com,map=ethers.byname
[13/Aug/2015:11:18:57 -0400] nis-plugin - warning: no entries in domain=ansys.com,map=netgroup
[12/Aug/2015:11:02:37 -0400] - SSL alert: TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
[12/Aug/2015:11:02:37 -0400] - SSL alert: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
[12/Aug/2015:11:02:37 -0400] - SSL alert: TLS_RSA_WITH_SEED_CBC_SHA: enabled
[12/Aug/2015:11:02:37 -0400] - 389-Directory/1.3.3.1 B2015.064.2159 starting up
[12/Aug/2015:11:02:37 -0400] - WARNING: userRoot: entry cache size 1407372B is less than db size 5914624B; We recommend to increase the entry
cache size nsslapd
-cachememsize.
[12/Aug/2015:11:02:37 -0400] - WARNING: changelog: entry cache size 858992B is less than db size 29384704B; We recommend to increase the entry
cache size nsslapd-cachememsize.
[12/Aug/2015:11:02:37 -0400] - I'm resizing my cache now...cache was 1342176 and is now 1073740
[12/Aug/2015:11:02:38 -0400] nis-plugin - warning: no entries in domain=mon.ansys.com,map=ethers.byaddr
[12/Aug/2015:11:02:38 -0400] nis-plugin - warning: no entries in domain=mon.ansys.com,map=ethers.byname
[12/Aug/2015:11:02:39 -0400] nis-plugin - warning: no entries in domain=mon.ansys.com,map=netgroup
|