[389-users] 389 upgrade
Juan Asensio Sánchez
okelet at gmail.com
Tue Sep 15 12:26:09 UTC 2009
Hi
I am trying to upgrade some of our FDS servers. The test versions we
are using for upgrade are (the same that the production servers):
[root at fdsold ~]# rpm -qa | grep -i fedora
fedora-ds-dsgw-1.1.1-1.fc6
fedora-ds-1.1.2-1.fc6
fedora-ds-admin-1.1.2-2.fc6
fedora-ds-console-1.1.2-1.fc6
fedora-idm-console-1.1.0-5.fc6
fedora-ds-base-1.1.3-2.fc6
fedora-ds-admin-console-1.1.2-1.fc6
We have two test servers, with replication agreements between them,
and SSL configured for directory and console; 389 port is disabled.
Then we upgrade FDS/389 with this command (we do not want to upgrade
the full server):
yum upgrade 389-admin 389-admin-console 389-console 389-ds 389-ds-base
389-ds-console 389-dsgw
The upgrade is done correctly, then we run "setup-ds-admin.pl -u":
[root at fdsnew ~]# setup-ds-admin.pl -u
==============================================================================
The update option will allow you to re-register your servers with the
configuration directory server and update the information about your
servers that the console and admin server uses. You will need your
configuration directory server admin ID and password to continue.
Continue? [yes]:
==============================================================================
Please specify the information about your configuration directory
server. The following information is required:
- host (fully qualified), port (non-secure or secure), suffix,
protocol (ldap or ldaps) - this information should be provided in the
form of an LDAP url e.g. for non-secure
ldap://host.example.com:389/o=NetscapeRoot
or for secure
ldaps://host.example.com:636/o=NetscapeRoot
- admin ID and password
- admin domain
- a CA certificate file may be required if you choose to use ldaps and
security has not yet been configured - the file must be in PEM/ASCII
format - specify the absolute path and filename
Configuration directory server URL
[ldaps://fdsnew.sacyl.es:636/o=NetscapeRoot]:
Configuration directory server admin ID [uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot]:
Configuration directory server admin password:
Configuration directory server admin domain [center2.sacyl.es]:
CA certificate filename: /etc/openldap/cacerts/cert-CA-cacert.pem
==============================================================================
The interactive phase is complete. The script will now set up your
servers. Enter No or go Back if you want to change something.
Are you ready to set up your servers? [yes]:
Registering the directory server instances with the configuration
directory server . . .
Beginning Admin Server reconfiguration . . .
Registering admin server with the configuration directory server . . .
Updating adm.conf with information from configuration directory server . . .
Exiting . . .
Log file is '/tmp/setupwDn6B0.log'
And reboot... After that, when connecting with the console, we have
two entries for the directory server and two for the administration
server. One of each does not show the icon it should, and when I click
on it, it tries to download new jars, but it can not. If I use the old
item for the administration console (that shows the icon), in the
encryption tab , SSL is disabled, but before the upgrade it was
enabled, but if i try to access the server with the browser, i must
use https (¿?). Why is SSL disabled? And if it is disabled, why must I
access using https? Is there any step I haven't done?
Regards and thanks in advance.
More information about the Fedora-directory-users
mailing list