[Freeipa-users] F18 -> F19 upgrade
Martin Kosek
mkosek at redhat.com
Mon Jul 15 15:47:24 UTC 2013
On 07/13/2013 05:28 AM, Ian Chapman wrote:
> Hi,
>
> I've just recently upgrade my F18 server to F19 and IPA is failing to start:
>
> Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Aborting ipactl
> Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Starting Directory Service
> Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Starting krb5kdc Service
> Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Starting kadmin Service
> Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Starting ipa_memcached Service
> Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Starting httpd Service
> Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Starting pki-cad Service
> Jul 13 10:52:30 rex.homenet.lan systemd[1]: ipa.service: main process exited,
> code=exited, status=1/FAILURE
> Jul 13 10:52:30 rex.homenet.lan systemd[1]: Failed to start Identity, Policy,
> Audit.
> Jul 13 10:52:30 rex.homenet.lan systemd[1]: Unit ipa.service entered failed state.
>
>
>
> It seems that the pki-cad service fails to start. Is that in relation to dogtag
> upgrade of 9 to 10 or possibly another problem?
>
> There is of course this page:
>
> http://pki.fedoraproject.org/wiki/Migrating_Dogtag_9_Instances_to_Dogtag_10
>
> but frankly I don't really understand it. Well I get that the idea is to create
> a new pki cloned instance which would be dogtag 10 compatible and then delete
> the old one - I'm really don't know what I'm supposed to put in the
> configuration file. Has anybody else done this? Is there some more examples?
> Thanks.
>
>
> The status of pki-cad is:
>
> systemctl status pki-cad at pki-ca.service
> pki-cad at pki-ca.service - PKI Certificate Authority Server pki-ca
> Loaded: loaded (/usr/lib/systemd/system/pki-cad at .service; enabled)
> Active: failed (Result: exit-code) since Sat 2013-07-13 10:54:23 WST; 30min ago
> Process: 98170 ExecStart=/usr/bin/pkicontrol start ca %i (code=exited,
> status=1/FAILURE)
>
> Jul 13 10:54:23 rex.homenet.lan systemd[1]: Starting PKI Certificate Authority
> Server pki-ca...
> Jul 13 10:54:23 rex.homenet.lan pkicontrol[98170]: WARNING: Symbolic link
> '/var/lib/pki-ca/pki-ca' does NOT exist!
> Jul 13 10:54:23 rex.homenet.lan pkicontrol[98170]: INFO: Attempting to create
> '/var/lib/pki-ca/pki-ca' -> '/usr/sbin/tomcat6-sysd' . . .
> Jul 13 10:54:23 rex.homenet.lan pkicontrol[98170]: ERROR: Failed making
> '/var/lib/pki-ca/pki-ca' -> '/usr/sbin/tomcat6-sysd' since target '/usr/sb...T
> exist!
> Jul 13 10:54:23 rex.homenet.lan systemd[1]: pki-cad at pki-ca.service: control
> process exited, code=exited status=1
> Jul 13 10:54:23 rex.homenet.lan systemd[1]: Failed to start PKI Certificate
> Authority Server pki-ca.
> Jul 13 10:54:23 rex.homenet.lan systemd[1]: Unit pki-cad at pki-ca.service entered
> failed state.
>
Adding PKI/Dogtag developers to CC to advise.
Martin
More information about the Freeipa-users
mailing list