[Freeipa-users] RHEL 7 Upgrade experience so far
Erinn Looney-Triggs
erinn.looneytriggs at gmail.com
Sun Jul 27 00:25:08 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Well it hasn't been all the pretty trying to move from RHEL 6.5 to
RHEL 7.
I have two servers providing my ipa instances ipa and ipa2. Given that
I don't have a great deal of spare capacity the plan was to remove
ipa2 from the replication agreement, modify DNS so that only IPA was
available in SRV logs (IPA does not manage DNS at this point, was
waiting for DNSSEC). As well, I would change my sudo-ldap config files
to point to ipa and remove ipa2.
Well that all worked well, installed RHEL 7 on the system and began
working through the steps in the upgrade guide.
First major problem was running into this bug:
https://fedorahosted.org/freeipa/ticket/4375
ValueError: nsDS5ReplicaId has 2 values, one expected.
Went and patched the replication.py file to get around that issue, and
we moved on.
Next up is my current issue: Exception from Java Configuration
Servlet: Clone does not have all the required certificates.
I suspect this is because I am running the CA as a subordinate to an
AD CS instance, but I am unsure at this point.
It has been a haul to get here, despite the short explanation. It
seems that my primary ipa instance is working on only a hit or miss
basis for kerberos tickets which has made all this a bit of a pain.
You can kinit as admin once it will fail unable to find KDC, try again
another three times, it will work. I have even modified the krb5.conf
file to point directly at the server, thus bypassing DNS SRV lookups,
however, that hasn't worked.
Point is, any help would be appreciated on the aforementioned error.
- -Erinn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJT1EbkAAoJEFg7BmJL2iPOscwH/1ghb+CrY0raAanuTGbITL7R
eTuJKEPbHB3bfSo0Qt3gBKsOQiCo3vsX26LqmKVOPudNUlI4G49kqqPfrUjxoBuN
XrCRWcInTKA0pfzPuIKzueSinYR+d1x48J2tJkMovdYJwn8VaYoxadYaBFinj8/X
UFTBr7QWH0HO+/gIhyvfA5/V/0OHqNa+EbVuu61FlfjxYNSYLKPU2UDhXeV0T9DJ
R9MgeEPh7XUdhhiAIV9ccyqchS1kzWKALEetNJNDdZafuAhQOY/5LNyPYiZ8CVu4
yX3875zp4Rz8EDud9vVTfMTWGONVJ5LsEnr5NtBAyfDW5R8SM5HQUVI46vlsaJw=
=CJP5
-----END PGP SIGNATURE-----
More information about the Freeipa-users
mailing list