How to manually start IdM/IPA 4.0-4.4 server services for troubleshooting purposes in RHEL 7.0-7.3

Solution Verified - Updated -

Environment

  • Identity Management 4.0-4.4

  • Red Hat Enterprise Linux 7.0-7.3

  • If you would like steps for RHEL 7.4+ / IPA 4.5+, please see this article.

  • If you would like steps for RHEL 6 / IPA 3, please see this article.

Issue

  • IdM/IPA services are not starting as expected using the ipactl command and/or at boot time
  • Identify commands required to start IPA services manually

Resolution

Note: Order is very important due to dependencies

Red Hat Enterprise Linux 7.0-7.3

  • Directory Server
systemctl start dirsrv.target
  • Kerberos Server services
systemctl start krb5kdc
systemctl start kadmin
  • DNS Server
systemctl start named-pkcs11
  • IPA Memory Caching (for Performance only)
systemctl start ipa_memcached
  • Apache
systemctl start httpd
  • Certificate-PKI Tomcat server
systemctl start pki-tomcatd.target
  • sssd (optional)
systemctl start sssd
  • Samba/winbind (optional)
systemctl start smb
systemctl start winbind
  • IPA OTP (optional)
systemctl start ipa-otpd.socket

Root Cause

  • The IdM/IPA server starts in a 'all-or-nothing' approach, if one of the core IPA services fails to start up then ipactl command will shutdown all IdM/IPA Services. This functionality can be ignored if the -f argument is used but is not recommended in most cases
  -f, --force
         If any service start fails, do not rollback the services, continue with the operation

Diagnostic Steps

  • It is highly recommended to watch the messages that are logged to the journal while IPA server starts to check for any potentially significant errors
journalctl -f
  • To check the status of the PKI Dogtag service itself:
systemctl status pki-tomcatd@pki-tomcat.service; journalctl -u pki-tomcatd@pki-tomcat.service --no-pager

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments