[Freeipa-users] dns stops working after upgrade
Rob Crittenden
rcritten at redhat.com
Sun Oct 26 20:38:10 UTC 2014
Rob Verduijn wrote:
> hmmmm....
>
> after some more digging (monitoring the upgrade more closely.)
> I saw that the upgrade kept waiting for the ca to start, which it did
> not do.
> and after 5 minutes the upgrade gave up with the following errors in the
> ipaupgrade log :
>
> at 85% it says :
> 2014-10-26T15:04:35Z DEBUG retrieving schema for SchemaCache
> url=ldapi://%2fvar%2frun%2fslapd-XXXX-XXXX.socket
> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x2b18cb0>
> 2014-10-26T15:04:35Z DEBUG Starting external process
> 2014-10-26T15:04:35Z DEBUG args='/usr/bin/certutil' '-d'
> '/etc/httpd/alias' '-L'
> 2014-10-26T15:04:35Z DEBUG Process finished, return code=0
> 2014-10-26T15:04:35Z DEBUG stdout=
> Certificate Nickname Trust
> Attributes
>
> SSL,S/MIME,JAR/XPI
>
> Signing-Cert u,u,u
> XXXX.XXXX IPA CA CT,C,C
> ipaCert u,u,u
> Server-Cert u,u,u
>
> 2014-10-26T15:04:35Z DEBUG stderr=
> 2014-10-26T15:04:35Z DEBUG Starting external process
> 2014-10-26T15:04:35Z DEBUG args='/usr/bin/certutil' '-d'
> '/etc/httpd/alias' '-L' '-n' 'TJAKO.THUIS IPA CA' '-a'
> 2014-10-26T15:04:35Z DEBUG Process finished, return code=0
> 2014-10-26T15:04:35Z DEBUG stdout=-----BEGIN CERTIFICATE-----
> < certificate-removed >
> -----END CERTIFICATE-----
> 2014-10-26T15:04:35Z DEBUG stderr=
> 2014-10-26T15:04:36Z ERROR Upgrade failed with cannot connect to
> 'ldapi://%2fvar%2frun%2fslapd-XXXX-XXXX.socket':\
This has nothing to do with the CA, the LDAP server didn't come up. I'd
start with those logs or look earlier in ipaupgrade.log
The CA requires 389-ds to be running so if it isn't up, then it will
fail to start too.
rob
More information about the Freeipa-users
mailing list