Open flo-renaud opened 4 months ago
Perhaps related - after rotation there was now more logging from pki tomcat on an EL9 IPA server:
-rw-r--r--. 1 pkiuser pkiuser 118080 Apr 23 23:58 debug.2024-04-23.log
2024-04-23 23:53:22 [Timer-0] INFO: SessionTimer: checking security domain sessions
2024-04-23 23:53:24 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Updating serial number counter
2024-04-23 23:53:24 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Checking serial number ranges
2024-04-23 23:53:24 [SerialNumberUpdateTask] INFO: Repository: Searching for conflicting entries
2024-04-23 23:53:24 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Checking request ID ranges
2024-04-23 23:53:24 [SerialNumberUpdateTask] INFO: Repository: Searching for conflicting entries
2024-04-23 23:58:22 [Timer-0] INFO: SessionTimer: checking security domain sessions
Requests for CRL started timing out.
[Thu Apr 25 04:01:01.617837 2024] [proxy_ajp:error] [pid 110419:tid 110426] (70007)The timeout specified has expired: AH01030: ajp_ilink_receive() can't receive header
[Thu Apr 25 04:01:01.617977 2024] [proxy_ajp:error] [pid 110419:tid 110426] [client 10.20.0.37:53184] AH00992: ajp_read_header: ajp_ilink_receive failed
[Thu Apr 25 04:01:01.618003 2024] [proxy_ajp:error] [pid 110419:tid 110426] (70007)The timeout specified has expired: [client 10.20.0.37:53184] AH00878: read response failed from [::1]:8009 (localhost:8009)
In FreeIPA nightly tests we can see random failures installing the KRA, for instance if the installation happens around the same time that PKI logs rotation is done. Example of issue: report.html, with the logs in this dir
/var/log/ipaserver-kra-install.log shows an error calling securityDomain/domainInfo:
Around the same time, the journal shows an Exception in PKI:
The list of installed packages: dogtag-pki-server-11.4.3-2.fc39.1.noarch dogtag-jss-5.4.2-1.fc39.1.x86_64