[Freeipa-users] freeipa server upgrade from fedora 20 to fedora 22 glitches
Rob Crittenden
rcritten at redhat.com
Mon Jun 1 14:50:40 UTC 2015
Thomas Sailer wrote:
> Hello everyone.
>
> I upgraded a freeipa server from fedora 20 to fedora 22. It mostly
> worked ok, but there are a few issues:
>
> - pki-tomcat didn't start after the upgrade, and that in turn made
> ipa-upgradeconfig fail, because /var/lib/pki/pki-tomcat/conf/ca/CS.cfg
> had the wrong owner (root).
>
> - ipa-ldap-updater stumbles over two problems:
> - Pre schema upgrade failed
> - when trying to modify cn=encryption,cn=config, it stumbles over
> allowWeakCipher not allowed
>
> Does anyone know how to fix this? Is the pre schema upgrade failure
> spurious? what bits am I missing about the allowWeakCipher issue?
I think the issue was that the upgrade was done in a chroot, so systemd
couldn't start 389-ds. I'm guessing, but I'll bet the "No such file or
directory" is the ldapi socket.
You can safely re-run the upgrade scripts:
# /usr/sbin/ipa-ldap-updater --upgrade
# /usr/sbin/ipa-upgradeconfig
I'd re-run those and see if the errors change, or hopefully, go away
completely.
rob
More information about the Freeipa-users
mailing list