[Freeipa-users] Upgrade failed -- how to recover?

Bret Wortman bret.wortman at damascusgrp.com
Tue Aug 13 17:12:10 UTC 2013 

I tried this, but no joy:

# /usr/sbin/ipa-upgradeconfig --debug
:
:
DEBUG: caSignedLogCert.cfg<http://bl-1.com/click/load/VWRaa1w-b0221U28CYQNlAT4-b0231>profile
validity range is 720
INFO: [Certificate renewal should stop the CA]
ERROR: Unable to find certmonger request ID for auditSigning Cert
INFO: The ipa-upgradeconfig command was successful
#

But I still can't connect to http://ipamaster/ipa/ui/; I get a 903 error
every time, and /var/log/httpd/error_log shows, in part:

[Tue Aug 13 13:07:20.786566 2013] [:error] [pid 5890] KeyError: 'ipadnszone'
[Tue Aug 13 13:07:20.786717 2013] [:error] [pid 5890] ipa: INFO:
bretw at FOO.NET: json_metadata(None, None, object=u'all'): KeyError
[Tue Aug 13 13:07:21.001525 2013] [:error] [pid 5890] ipa: INFO:
bretw at FOO.NET: json_metadata(None, None, command=u'all'): SUCCESS

DNS resolution, authentication and authorization all *appear* to be working
fine.


*
*
*Bret Wortman*

http://damascusgrp.com/
http://about.me/wortmanbret


On Tue, Aug 13, 2013 at 10:29 AM, Bret Wortman <bret.wortman at damascusgrp.com
> wrote:

> I just upgraded my IPA master from F17 to F18 and, in the process, updated
> IPA to 3.1.5-1. Apparently, though, all is not well, because there are a
> number of errors in /var/log/ipaupgrade.log<http://bl-1.com/click/load/BzZcbVU2VmpTOwFsCD4-b0231>,
> mostly related to things like (samples here; the server is on a private
> network so I'm having to transcribe, if it looks like a typo, it probably
> is):
>
> ERROR Cannot connect to LDAP to add DNS records: cannot connect to
> u'ldapi://%2fvar%2run%2fslapd-FOO-NET.socket': LDAP Server Down
>
> ERROR certmonger failed to start tracking certificate: Command
> '/usr/bin/getcert start-tracking -d /var/lib/pki-ca/alias -n
> auditSigningCert cert-pki-ca -c dogtag-ipa-retrieve-agent-submit -B
> /usr/lib64/ipa/certmonger/stop_pkicad -C
> /usr/lib64/ipa/certmonger/restart_pkicad "auditSigningCert cert-pki-ca" -P
> XXXXXXXX -T  auditSigningCert cert-pki-ca' returned non-zero exit status 1
>
> and numerous certmonger errors similar to this one. Finally, there's a
> stacktrace from ipapython/admintool.py<http://bl-1.com/click/load/BzYIOV0-b0221AT1QOFc6BjE-b0231>,
> line 171 which ends the whole thing.
>
> What's my best plan for re-attempting this upgrade?
>
> *
> *
> *Bret Wortman*
>
> http://damascusgrp.com/<http://bl-1.com/click/load/VWQAMVQ3UGxVPQBtADQ-b0231>
> http://about.me/wortmanbret<http://bl-1.com/click/load/XWwMPV0-b0221UW0CagZrBjM-b0231>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130813/0b20e12a/attachment.htm>

More information about the Freeipa-users mailing list