[Freeipa-users] Migration from RHEL6 (3.0.0-42) to CentOS7 (3.3.3-28.0.1)
Benjamin Reed
ranger at opennms.org
Tue Mar 10 14:29:23 UTC 2015
On 3/10/15 10:06 AM, Alexander Bokovoy wrote:
> We have http://www.freeipa.org/page/Documentation#User_Guides and going
> through user guide would be our recommended action. There is a whole
> chapter 6 in RHEL7 docs for upgrades and migration.
Ah, I see it now. I had no idea from the name that " Linux Domain
Identity, Authentication and Policy Guide for RHEL 7" referred to the
general user/admin guide. As a newb to FreeIPA and domain management in
general, it looked like word soup. Sorry for the noise. :P
> Looks like you don't have CA installed on auth.internal so you don't
> need to update CA schema there.
Great.
So I started the install on the CentOS7 machine, and it almost
completed, but failed out with this error:
> Configuring certificate server (pki-tomcatd): Estimated time 3 minutes
> 30 seconds
> [1/19]: creating certificate server user
> [2/19]: configuring certificate server instance
> ipa : CRITICAL failed to configure ca instance Command
> '/usr/sbin/pkispawn -s CA -f /tmp/tmp2_03I3' returned non-zero exit
> status 1
In the ipareplica-install.log file, I find this:
> Storing deployment configuration into
> /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
> Installation failed.
>
>
> 2015-03-10T14:12:04Z DEBUG stderr=pkispawn : WARNING .......
> unable to validate security domain user/password through REST
> interface. Interface not available
> pkispawn : ERROR ....... Exception from Java Configuration
> Servlet: Error while updating security domain: java.io.IOException:
> java.io.IOException: SocketException cannot read on socket
>
> 2015-03-10T14:12:04Z CRITICAL failed to configure ca instance Command
> '/usr/sbin/pkispawn -s CA -f /tmp/tmp2_03I3' returned non-zero exit
> status 1
> 2015-03-10T14:12:04Z DEBUG File
> "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
> line 638, in run_script
I ran `ipa-server-install --uninstall` to undo everything, as it
suggested. Then I generated a new replica file on the RHEL6 machine
with `ipa-replica-prepare` and tried the install again. This time, it
successfully finishes, but the last thing it says is:
> Done configuring directory server (dirsrv).
> A CA is already configured on this system.
...which makes me think it just didn't undo everything when I did
`ipa-server-install --uninstall` and the CA isn't actually set up
properly. Is there a good way to confirm everything is actually working
as expected?
Thanks,
Ben
--
Benjamin Reed
The OpenNMS Group
http://www.opennms.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150310/68c6ad4d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150310/68c6ad4d/attachment.sig>
More information about the Freeipa-users
mailing list