[Freeipa-users] freeipa server upgrade from fedora 20 to fedora 22 glitches
Thomas Sailer
t.sailer at alumni.ethz.ch
Mon Jun 1 16:51:02 UTC 2015
Martin, Rob, thanks for your answers!
On 06/01/2015 09:52 AM, Martin Basti wrote:
> Could DS in chroot, cause the ipa-ldap-updater --upgrade cannot locate
> the DS socket?
> 2015-05-28T13:04:55Z DEBUG stderr=Running in chroot, ignoring request.
I used fedup for the distro upgrade, so yes initially it ran in a
chroot. However, the log excerpts were from a second run I manually
initiated, after the machine rebooted after the update. I am pretty sure
I ensured that enough of freeipa ran to successfully run ipa user-status
and kinit.
>
> 2)
> Allow weak ciphers.
> can you check objectclass definitions in
> /etc/dirsrv/slapd-XXXXX-COM/schema
> # grep 'allowWeakCipher' *
>
> If you find more than on objectclass definition, please remove the old
> from the ldif files and restart DS. (Probably there will be old in
> 99user.ldif)
I indeed had a file named 99user.ldif with a date from yesterday (even
newer than 01core389.ldif). I removed this.
Now ipa-ldap-updater --upgrade completes successfully, on one machine.
On the other replica, /usr/sbin/ipa-upgradeconfig fails. There's
something wrong with pki-tomcatd:
access_log:
a.b.c.d - - [01/Jun/2015:18:22:35 +0200] "GET /ca/admin/ca/getStatus
HTTP/1.1" 500 2108
Jun 01 18:47:03 server2.xxxxx.com server[9651]: Jun 01, 2015 6:47:03 PM
org.apache.catalina.core.ContainerBase backgroundProcess
Jun 01 18:47:03 server2.xxxxx.com server[9651]: WARNING: Exception
processing realm com.netscape.cms.tomcat.ProxyRealm at 548d946f background
process
Jun 01 18:47:03 server2.xxxxx.com server[9651]:
java.lang.NullPointerException
Jun 01 18:47:03 server2.xxxxx.com server[9651]: at
com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:108)
Jun 01 18:47:03 server2.xxxxx.com server[9651]: at
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1360)
Jun 01 18:47:03 server2.xxxxx.com server[9651]: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1546)
Jun 01 18:47:03 server2.xxxxx.com server[9651]: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1556)
Jun 01 18:47:03 server2.xxxxx.com server[9651]: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1556)
Jun 01 18:47:03 server2.xxxxx.com server[9651]: at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1524)
Jun 01 18:47:03 server2.xxxxx.com server[9651]: at
java.lang.Thread.run(Thread.java:745)
Apparently, I'm not the only one :)
http://pastebin.com/CtsW0GAt
More information about the Freeipa-users
mailing list