[Freeipa-users] IMPORTANT: FreeIPA upgrade broken in Fedora 23

John Obaterspok john.obaterspok at gmail.com
Fri Nov 6 08:18:06 UTC 2015 

2015-11-05 17:07 GMT+01:00 John Obaterspok <john.obaterspok at gmail.com>:

>
>
> 2015-11-05 12:26 GMT+01:00 Alexander Bokovoy <abokovoy at redhat.com>:
>
>> On Thu, 05 Nov 2015, John Obaterspok wrote:
>>
>>> Hi,
>>>
>>> I waited a couple of days and when "dnf list freeipa-server
>>> --releasever=23" said 4.2.3 I hit the upgrade. Unfortunately I noticed to
>>> late that I received 4.2.2 during "dnf system-upgrade".
>>>
>>> Any ideas how to get it going again? Or is it easier to start from
>>> scratch
>>> if I only have ~ 10 IPA clients?
>>>
>> Did you already upgrade to 4.2.3? Make sure you have
>> pki-core-10.2.6-12.fc23 and freeipa 4.2.3-1.fc23, run
>> ipa-server-upgrade. It should be able to recover.
>>
>>
> Hi Alexander,
>
> Untfortunatly not, it's not able to recover:
>
> #####  rpm -q pki-base freeipa-server
> pki-base-10.2.6-12.fc23.noarch
> freeipa-server-4.2.3-1.fc23.x86_64
>
> (Note I have pki-base, not pki-core... but I guess that was what you ment)
>
> #####  ipa-server-upgrade
> session memcached servers not running
> Missing version: no platform stored
> Upgrading IPA:
>   [1/8]: saving configuration
>   [2/8]: disabling listeners
>   [3/8]: enabling DS global lock
>   [4/8]: starting directory server
>   [error] CalledProcessError: Command ''/bin/systemctl' 'start'
> 'dirsrv at MY-LAN.service'' returned non-zero exit status 1
>   [cleanup]: stopping directory server
>   [cleanup]: restoring configuration
> IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command
> ipa-server-upgrade manually.
> Unexpected error - see /var/log/ipaupgrade.log for details:
> CalledProcessError: Command ''/bin/systemctl' 'start'
> 'dirsrv at MY-LAN.service'' returned non-zero exit status 1
>
> ns-slapd[2083]: [05/Nov/2015:16:55:32 +0100] - Cannot find parent
> attribute type "ipaPublicKey"
> ns-slapd[2083]: [05/Nov/2015:16:55:32 +0100] dse_read_one_file - The entry
> cn=schema in file /etc/dirsrv/slapd-MY-LAN/schema/99user.ldif (lineno: 1)
> is invalid, error code 21 (
> ns-slapd[2083]: [05/Nov/2015:16:55:32 +0100] dse - Please edit the file to
> correct the reported problems and then restart the server.
> systemd[1]: dirsrv at MY-LAN.service: Control process exited, code=exited
> status=1
>
> ##### 99user.ldif first lines has the following
> dn: cn=schema
> objectclass: top
> objectclass: ldapSubentry
> objectclass: subschema
> cn: schema
> aci: (target="ldap:///cn=schema")(targetattr !="aci")(version 3.0;acl
> "anonymous, no acis"; allow (read, search, compare) userdn =
> "ldap:///anyone";)
> modifiersname: cn=Directory Manager
>
>
> Any ideas?
>
> -- john
>

I just found
https://fedoraproject.org/wiki/Common_F23_bugs#freeipa-upgrade-fail which
allowed me to run freeipa-server-upgrade successfully.
Just a note:

It says "Find the entry (split across three lines) that starts attributeTypes:
( 2.16.840.1.113730.3.8.18.2.3 NAME 'ipaVaultPublicKey'"

However, it's all on one line without spaces
Then make sure the text you replace with don't have extra spaces. Should be
DESC 'IPA... & ...1466.115.121...

Thanks!

-- john
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151106/84d53bcf/attachment.htm>

More information about the Freeipa-users mailing list