[Freeipa-users] Trouble installing F21 4.1.2 replica from F20 3.3.5 master

[Anthony Messina]

Quoting Martin Kosek <mkosek at redhat.com>:

> On 01/04/2015 12:29 AM, Anthony Messina wrote:
>> I was hoping to "migrate" from F20 to F21 using:
>> http://www.freeipa.org/page/Howto/Migration
>> http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master
>
> The migration procedure is only needed if you run FreeIPA server  
> with PKI based
> on Dogtag (pki-ca package) 9. Do you? Is your Fedora 20 FreeIPA&PKI instance
> functional? FreeIPA+Dogtag 9 is not supported since Fedora 18, so I was
> surprised such setup worked in Fedora 20.

I don't use Dogtag 9.  I installed FreeIPA freshly on a F19 VM, then  
yum upgraded to F20.  With the significant changes for Fedora.next,  
systemd-216, and FreeIPA 4, I wanted to create a new "master" (amd  
retire the old) by replicating the current F20 3.3.5 master to what  
would become an F21 4.1.2 master.

While I use the yum upgrade procedure often with great success on a  
number of my other servers, it can be tricky and sometimes unreliablem  
leaving around cruft that can interfere with proper operation.  I'm  
one of those folks that's waiting patiently for the FreeIPA-to-FreeIPA  
migration ;)

Is the proper, recommended procedure to yum upgrade the F20 FreeIPA  
3.3.5 VM instance to F21 FreeIPA 4.1.2?

Even so, it seems like I should be able to create a 4.1.2 replica of a  
3.3.5 master.


>> Where the new F21 replica would become the new "master" from which I would
>> later create other F21 replica(s).
>>
>> F20 master:  freeipa-server-3.3.5-1.fc20.x86_64
>> F21 replica: freeipa-server-4.1.2-1.fc21.x86_64
>>
>> The first F21 replica installation fails when attempting to setup the CA and
>> I'm not sure where to go from here.  Any guidance is appreciated.  Thanks.
>
> CCing Fraser and Endi from PKI team to advise.
>
>> 2015-01-03T23:09:39Z DEBUG Saving StateFile to
>> '/var/lib/ipa/sysrestore/sysrestore.state'
>> 2015-01-03T23:09:39Z DEBUG Starting external process
>> 2015-01-03T23:09:39Z DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f'
>> '/tmp/tmpZNHZWb'
>> 2015-01-03T23:09:39Z DEBUG Process finished, return code=1
>> 2015-01-03T23:09:39Z DEBUG stdout=Loading deployment configuration from
>> /tmp/tmpZNHZWb.
>>
>> 2015-01-03T23:09:39Z DEBUG stderr=Traceback (most recent call last):
>>   File "/usr/sbin/pkispawn", line 579, in <module>
>>     main(sys.argv)
>>   File "/usr/sbin/pkispawn", line 480, in main
>>     info = parser.sd_get_info()
>>   File  
>> "/usr/lib/python2.7/site-packages/pki/server/deployment/pkiparser.py",
>> line 464, in sd_get_info
>>     info = sd.get_security_domain_info()
>>   File "/usr/lib/python2.7/site-packages/pki/system.py", line 96, in
>> get_security_domain_info
>>     info = SecurityDomainInfo.from_json(response.json())
>>   File "/usr/lib/python2.7/site-packages/pki/system.py", line 83,  
>> in from_json
>>     ret.name = json_value['id']
>> KeyError: 'id'
>>
>> 2015-01-03T23:09:39Z CRITICAL failed to configure ca instance Command
>> ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpZNHZWb'' returned  
>> non-zero exit
>> status 1
>> 2015-01-03T23:09:39Z DEBUG Traceback (most recent call last):
>>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>> 382, in start_creation
>>     run_step(full_msg, method)
>>   File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>> 372, in run_step
>>     method()
>>   File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
>> line 671, in __spawn_instance
>>     raise RuntimeError('Configuration of CA failed')
>> RuntimeError: Configuration of CA failed
>>
>>
>>


-- 
Anthony - https://messinet.com - https://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: PGP Digital Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150105/c5cd5f70/attachment.sig>