[Freeipa-users] Trouble installing F21 4.1.2 replica from F20 3.3.5 master
Martin Kosek
mkosek at redhat.com
Mon Jan 5 13:53:04 UTC 2015
On 01/05/2015 02:05 PM, Anthony Messina wrote:
>
> Quoting Martin Kosek <mkosek at redhat.com>:
>
>> On 01/04/2015 12:29 AM, Anthony Messina wrote:
>>> I was hoping to "migrate" from F20 to F21 using:
>>> http://www.freeipa.org/page/Howto/Migration
>>> http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master
>>
>> The migration procedure is only needed if you run FreeIPA server with PKI based
>> on Dogtag (pki-ca package) 9. Do you? Is your Fedora 20 FreeIPA&PKI instance
>> functional? FreeIPA+Dogtag 9 is not supported since Fedora 18, so I was
>> surprised such setup worked in Fedora 20.
>
> I don't use Dogtag 9. I installed FreeIPA freshly on a F19 VM, then yum
> upgraded to F20. With the significant changes for Fedora.next, systemd-216,
> and FreeIPA 4, I wanted to create a new "master" (amd retire the old) by
> replicating the current F20 3.3.5 master to what would become an F21 4.1.2 master.
Ah, makes more sense then. The PKI error below gets more serious then - Fraser
and Endi, please help Anthony.
> While I use the yum upgrade procedure often with great success on a number of
> my other servers, it can be tricky and sometimes unreliablem leaving around
> cruft that can interfere with proper operation. I'm one of those folks that's
> waiting patiently for the FreeIPA-to-FreeIPA migration ;)
I am just afraid everyone is just waiting and no one is willing to invest in
this feature and code ;-) IIRC, the difficulty in implementing the migration
tool is mostly in handling Kerberos and certificate data, which are based on
data secret and unique to the original server.
> Is the proper, recommended procedure to yum upgrade the F20 FreeIPA 3.3.5 VM
> instance to F21 FreeIPA 4.1.2?
It should work, yes.
> Even so, it seems like I should be able to create a 4.1.2 replica of a 3.3.5
> master.
Indeed. This looks like a bug :-(
>>> Where the new F21 replica would become the new "master" from which I would
>>> later create other F21 replica(s).
>>>
>>> F20 master: freeipa-server-3.3.5-1.fc20.x86_64
>>> F21 replica: freeipa-server-4.1.2-1.fc21.x86_64
>>>
>>> The first F21 replica installation fails when attempting to setup the CA and
>>> I'm not sure where to go from here. Any guidance is appreciated. Thanks.
>>
>> CCing Fraser and Endi from PKI team to advise.
>>
>>> 2015-01-03T23:09:39Z DEBUG Saving StateFile to
>>> '/var/lib/ipa/sysrestore/sysrestore.state'
>>> 2015-01-03T23:09:39Z DEBUG Starting external process
>>> 2015-01-03T23:09:39Z DEBUG args='/usr/sbin/pkispawn' '-s' 'CA' '-f'
>>> '/tmp/tmpZNHZWb'
>>> 2015-01-03T23:09:39Z DEBUG Process finished, return code=1
>>> 2015-01-03T23:09:39Z DEBUG stdout=Loading deployment configuration from
>>> /tmp/tmpZNHZWb.
>>>
>>> 2015-01-03T23:09:39Z DEBUG stderr=Traceback (most recent call last):
>>> File "/usr/sbin/pkispawn", line 579, in <module>
>>> main(sys.argv)
>>> File "/usr/sbin/pkispawn", line 480, in main
>>> info = parser.sd_get_info()
>>> File "/usr/lib/python2.7/site-packages/pki/server/deployment/pkiparser.py",
>>> line 464, in sd_get_info
>>> info = sd.get_security_domain_info()
>>> File "/usr/lib/python2.7/site-packages/pki/system.py", line 96, in
>>> get_security_domain_info
>>> info = SecurityDomainInfo.from_json(response.json())
>>> File "/usr/lib/python2.7/site-packages/pki/system.py", line 83, in from_json
>>> ret.name = json_value['id']
>>> KeyError: 'id'
>>>
>>> 2015-01-03T23:09:39Z CRITICAL failed to configure ca instance Command
>>> ''/usr/sbin/pkispawn' '-s' 'CA' '-f' '/tmp/tmpZNHZWb'' returned non-zero exit
>>> status 1
>>> 2015-01-03T23:09:39Z DEBUG Traceback (most recent call last):
>>> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>>> 382, in start_creation
>>> run_step(full_msg, method)
>>> File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
>>> 372, in run_step
>>> method()
>>> File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
>>> line 671, in __spawn_instance
>>> raise RuntimeError('Configuration of CA failed')
>>> RuntimeError: Configuration of CA failed
>>>
>>>
>>>
>
>
More information about the Freeipa-users
mailing list