[Freeipa-users] Antwort: Re: Upgrade fail 3.3.3 (rhel7) to 4.1 (rhel7.1)
Martin Basti
mbasti at redhat.com
Tue Apr 7 08:49:59 UTC 2015
Hello,
comments inline
Martin
On 02/04/15 18:54, Christoph Kaminski wrote:
> see this in ipupgrade.log
>
> 2015-04-02T11:27:02Z ERROR Pre schema upgrade failed with [Errno 111]
> Connection refused
> 2015-04-02T11:27:02Z DEBUG Traceback (most recent call last):
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
> line 128, in __pre_schema_upgrade
> ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True,
> live_run=self.live_run, plugins=True)
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
> line 220, in __init__
> self.create_connection()
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
> line 783, in create_connection
> dm_password=self.dm_password, pw_name=self.pw_name)
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
> line 65, in connect
> conn.do_external_bind(pw_name)
> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
> 1761, in do_external_bind
> self.conn.sasl_interactive_bind_s, timeout, None, auth_tokens)
> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
> 1747, in __bind_with_wait
> self.__wait_for_connection(timeout)
> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
> 1733, in __wait_for_connection
> wait_for_open_socket(lurl.hostport, timeout)
> File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line
> 1173, in wait_for_open_socket
> raise e
> error: [Errno 111] Connection refused
This is the issue.
Do you have any errors in DS error log?
/var/log/dirsrv/slapd-INSTANCE/errors
>
> 2015-04-02T11:27:02Z DEBUG duration: 12 seconds
> 2015-04-02T11:27:02Z DEBUG [6/10]: updating schema
> 2015-04-02T11:27:12Z DEBUG Traceback (most recent call last):
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
> 382, in start_creation
> run_step(full_msg, method)
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
> 372, in run_step
> method()
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
> line 145, in __update_schema
> dm_password='', ldapi=True, live_run=self.live_run) or self.modified
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/schemaupdate.py",
> line 112, in update_schema
> fqdn=installutils.get_fqdn())
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
> line 65, in connect
> conn.do_external_bind(pw_name)
> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
> 1761, in do_external_bind
> self.conn.sasl_interactive_bind_s, timeout, None, auth_tokens)
> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
> 1747, in __bind_with_wait
> self.__wait_for_connection(timeout)
> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
> 1733, in __wait_for_connection
> wait_for_open_socket(lurl.hostport, timeout)
> File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line
> 1173, in wait_for_open_socket
> raise e
> error: [Errno 111] Connection refused
>
> 2015-04-02T11:27:12Z DEBUG [error] error: [Errno 111] Connection refused
> 2015-04-02T11:27:12Z DEBUG [cleanup]: stopping directory server
>
> ...
Is this another upgrade? Or why is here this time gap?
>
> 2015-04-02T12:46:11Z DEBUG stderr=
> 2015-04-02T12:46:12Z DEBUG File
> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171,
> in execute
> return_value = self.run()
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_ldap_updater.py",
> line 213, in run
> modified = ld.update(self.files, ordered=True) or modified
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
> line 874, in update
> updates = api.Backend.updateclient.update(POST_UPDATE,
> self.dm_password, self.ldapi, self.live_run)
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/plugins/updateclient.py",
> line 123, in update
> (restart, apply_now, res) = self.run(update.name, **kw)
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/plugins/updateclient.py",
> line 146, in run
> return self.Updater[method](**kw)
> File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line
> 1399, in __call__
> return self.execute(**options)
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/plugins/upload_cacrt.py",
> line 76, in execute
> ldap.add_entry(entry)
> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
> 1592, in add_entry
> self.conn.add_s(entry.dn, attrs.items())
> File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
> self.gen.throw(type, value, traceback)
> File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
> 1191, in error_handler
> raise errors.ObjectclassViolation(info=info)
>
> 2015-04-02T12:46:12Z DEBUG The ipa-ldap-updater command failed,
> exception: ObjectclassViolation: unknown object class "ipaKeyPolicy"
> 2015-04-02T12:46:12Z ERROR Unexpected error - see
> /var/log/ipaupgrade.log for details:
> ObjectclassViolation: unknown object class "ipaKeyPolicy"
>
> and:
> grep -i nsSchemaPolicy /etc/dirsrv/slapd-HSO/schema/01core389.ldif
>
> objectClasses: ( 2.16.840.1.113730.3.2.328 NAME 'nsSchemaPolicy' DESC
> 'Netscape defined objectclass' SUP top MAY ( cn $
> schemaUpdateObjectclassAccept $ schemaUpdateObjectclassReject $
> schemaUpdateAttributeAccept $ schemaUpdateAttributeReject) X-ORIGIN
> 'Netscape Directory Server' )
>
> grep -i nsSchemaPolicy /etc/dirsrv/schema/01core389.ldif
> objectClasses: ( 2.16.840.1.113730.3.2.328 NAME 'nsSchemaPolicy' DESC
> 'Netscape defined objectclass' SUP top MAY ( cn $
> schemaUpdateObjectclassAccept $ schemaUpdateObjectclassReject $
> schemaUpdateAttributeAccept $ schemaUpdateAttributeReject) X-ORIGIN
> 'Netscape Directory Server' )
You have objectclass there, it should not be bz1180325.
But send the errors from DS log if there are any.
>
> Greetz
> Christoph Kaminski
>
>
>
>
> Von: Martin Basti <mbasti at redhat.com>
> An: Christoph Kaminski <christoph.kaminski at biotronik.com>,
> freeipa-users at redhat.com
> Datum: 02.04.2015 17:25
> Betreff: Re: [Freeipa-users] Upgrade fail 3.3.3 (rhel7) to 4.1 (rhel7.1)
> ------------------------------------------------------------------------
>
>
>
> On 02/04/15 16:57, Christoph Kaminski wrote:
> Hi all!
>
> We have 6 IPA Servers here connected to each other. We want to upgrade
> all from RHEL 7 with IPA 3.3.3 to RHEL 7.1with IPA 4.1.
>
> I have done it one of the 6 servers and got a problem.
>
> After upgrade if I want to login to Web UI I get: "*IPA-Error 903:
> InternalError*" after typing the credentials...
> I have activated debug output of IPA and see this in
> /var/log/httpd/error_log:
>
> [Thu Apr 02 14:39:38.848474 2015] [:error] [pid 18020] ipa: ERROR:
> non-public: KeyError: 'idnsforwardzone'
> [Thu Apr 02 14:39:38.848536 2015] [:error] [pid 18020] Traceback (most
> recent call last):
> [Thu Apr 02 14:39:38.848600 2015] [:error] [pid 18020] File
> "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 348,
> in wsgi_execute
> [Thu Apr 02 14:39:38.848607 2015] [:error] [pid 18020] result =
> self.Command[name](*args, **options)
> [Thu Apr 02 14:39:38.848612 2015] [:error] [pid 18020] File
> "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 439, in
> __call__
> [Thu Apr 02 14:39:38.848671 2015] [:error] [pid 18020] ret =
> self.run(*args, **options)
> [Thu Apr 02 14:39:38.848701 2015] [:error] [pid 18020] File
> "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 754, in run
> [Thu Apr 02 14:39:38.848707 2015] [:error] [pid 18020] return
> self.execute(*args, **options)
> [Thu Apr 02 14:39:38.848776 2015] [:error] [pid 18020] File
> "/usr/lib/python2.7/site-packages/ipalib/plugins/internal.py", line
> 123, in execute
> [Thu Apr 02 14:39:38.848783 2015] [:error] [pid 18020] (o.name,
> json_serialize(o)) for o in self.api.Object()
> [Thu Apr 02 14:39:38.848789 2015] [:error] [pid 18020] File
> "/usr/lib/python2.7/site-packages/ipalib/plugins/internal.py", line
> 123, in <genexpr>
> [Thu Apr 02 14:39:38.848794 2015] [:error] [pid 18020] (o.name,
> json_serialize(o)) for o in self.api.Object()
> [Thu Apr 02 14:39:38.848799 2015] [:error] [pid 18020] File
> "/usr/lib/python2.7/site-packages/ipalib/util.py", line 60, in
> json_serialize
> [Thu Apr 02 14:39:38.848804 2015] [:error] [pid 18020] return
> json_serialize(obj.__json__())
> [Thu Apr 02 14:39:38.848809 2015] [:error] [pid 18020] File
> "/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py", line
> 710, in __json__
> [Thu Apr 02 14:39:38.848814 2015] [:error] [pid 18020] attrs =
> self.api.Backend.ldap2.schema.attribute_types(objectclasses)
> [Thu Apr 02 14:39:38.848820 2015] [:error] [pid 18020] File
> "/usr/lib64/python2.7/site-packages/ldap/schema/subentry.py", line
> 377, in attribute_types
> [Thu Apr 02 14:39:38.848825 2015] [:error] [pid 18020] object_class =
> self.sed[ObjectClass][object_class_oid]
> [Thu Apr 02 14:39:38.848830 2015] [:error] [pid 18020] KeyError:
> 'idnsforwardzone'
>
> I have found this bug report:
> _https://bugzilla.redhat.com/show_bug.cgi?id=1180325_
> It should be fixed in the last version?!
>
> I have read there I should start: setup-ds.pl -d --update
>
> But Im afraid that it kills the date on the IPA Servers with version
> 3.3.3... does it?
>
> What can I do? how can I fix it?
>
> Greetz
> Christoph Kaminski
>
>
>
> Hello, was the ipa upgrade successful? Do you have any errors in
> /var/log/ipaupgrade.log?
>
> If you think it is 1180325 issue you can check if nsSchemaPolicy is in
> 01core389.ldif:
> grep -i nsSchemaPolicy /etc/dirsrv/slapd-INSTANCE/schema/01core389.ldif
> grep -i nsSchemaPolicy /etc/dirsrv/schema/01core389.ldif
>
> Martin
>
> --
> Martin Basti
>
>
--
Martin Basti
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150407/cc02220f/attachment.htm>
More information about the Freeipa-users
mailing list