Luis Correia via FreeIPA-users wrote:
I looked at those logs, and saw that we're getting a lot of these: 2024-08-28 09:05:10 [main] INFO: PKISocketFactory: Creating SSL socket for <my-freeipa-hostname>:636 2024-08-28 09:05:10 [main] SEVERE: Add listener!!! org.dogtagpki.server.PKIClientSocketListener@79ac50fe 2024-08-28 09:05:10 [main] INFO: PKISocketFactory: Creating SSL socket for <my-freeipa-hostname>:636 2024-08-28 09:05:10 [main] SEVERE: Add listener!!! org.dogtagpki.server.PKIClientSocketListener@79ac50fe 2024-08-28 09:05:10 [main] INFO: PKISocketFactory: Creating SSL socket for <my-freeipa-hostname>:636 2024-08-28 09:05:10 [main] SEVERE: Add listener!!! org.dogtagpki.server.PKIClientSocketListener@79ac50fe 2024-08-28 09:05:10 [main] INFO: PKISocketFactory: Creating SSL socket for <my-freeipa-hostname>:636 2024-08-28 09:05:10 [main] SEVERE: Add listener!!! org.dogtagpki.server.PKIClientSocketListener@79ac50fe 2024-08-28 09:05:10 [main] INFO: PKISocketFactory: Creating SSL socket for <my-freeipa-hostname>:636 2024-08-28 09:05:10 [main] SEVERE: Add listener!!! org.dogtagpki.server.PKIClientSocketListener@79ac50fe 2024-08-28 09:05:10 [main] SEVERE: Exception sending context initialized event to listener instance of class [org.dogtagpki.server.ca.CAWebListener] java.lang.StackOverflowError: java.lang.StackOverflowError at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:481) at org.mozilla.jss.ssl.SocketBase.processExceptions(SocketBase.java:448) at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method) at com.netscape.cmscore.ldapconn.PKISocketFactory.makeSSLSocket(PKISocketFactory.java:240) at com.netscape.cmscore.ldapconn.PKISocketFactory.makeSocket(PKISocketFactory.java:256) at netscape.ldap.LDAPConnSetupMgr.connectServer(LDAPConnSetupMgr.java:525) at netscape.ldap.LDAPConnSetupMgr.openSerial(LDAPConnSetupMgr.java:451) at netscape.ldap.LDAPConnSetupMgr.connect(LDAPConnSetupMgr.java:290) at netscape.ldap.LDAPConnSetupMgr.openConnection(LDAPConnSetupMgr.java:215) at netscape.ldap.LDAPConnThread.connect(LDAPConnThread.java:136) at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:1126) at netscape.ldap.LDAPConnection.restoreConnection(LDAPConnection.java:1905) at netscape.ldap.LDAPConnection.sendRequest(LDAPConnection.java:1870) at netscape.ldap.LDAPSaslBind.saslBind(LDAPSaslBind.java:276) at netscape.ldap.LDAPSaslBind.bind(LDAPSaslBind.java:194) at netscape.ldap.LDAPSaslBind.bind(LDAPSaslBind.java:115) at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1446) at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1406) at netscape.ldap.LDAPConnection.checkClientAuth(LDAPConnection.java:1170) at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:1128)
I'm not sure what it could mean though. Do you have any idea?
There isn't really enough information. Probably need more context above this. PKI tends to continue past failures so bottom-up debugging isn't always fruitful. It also has some red herring warnings so it can be difficult, even for experienced admins, to tell what is going on.
It looks like it is having troubles reaching LDAP though. I guess what I'd suggest is:
ipactl start --skip-version-check --ignore-service-failures
That should bring the services up without trying the upgrade and without failing if PKI fails to start.
Then you can try starting PKI alone to see if that makes a difference.
And/or check on your certificates: getcert list
And see if any are expired or expiring.
rob