[Freeipa-users] ipa fails to start after centos 7.3 upgrade
Petr Vobornik
pvoborni at redhat.com
Thu Dec 15 12:47:12 UTC 2016
On 12/12/2016 08:53 PM, Rob Verduijn wrote:
> Hello,
>
> I've recently upgraded to centos 7.3.
> Didn't intend to so soon but should have checked the anounce lists before
> launching my ansible update playbook.
>
> Most of my servers came through, and mostly also the ipa server.
> There were duplicate rpms and a failed rpm upgrade.
> After some yum magic the rpm duplicates where gone and all the updates installed.
>
> Manually running ipa-server-upgrade also seems to finish properly.
>
> However
> ipactl start keeps failing on the ntpd service.
> Not a big surprise since its running chronyd.
>
> I now start the ipa server with 'ipactl start --ignore-service-failure'
>
> Is there a way to explain the script that it should check for chronyd instead of
> ntpd ?
>
> I also see this a lot in the logs:
> dns_rdatatype_fromtext() failed for attribute
> 'idnsTemplateAttribute;cnamerecord': unknown class/type
>
> Is that a serious error ?
>
> Rob Verduijn
>
This looks like 7.3 update incorrectly added NTP service to IPA server
services (which is displayed as NTP role in `ipa server-show $server`).
A workaround might be to disable the service or remove the service
entry. Disabling is IMHO safer. IPA CLI tools don't allow
enabling/disabling of services so it must be done by LDAP mod.
It can be done by removing 'enabledService' config value from server's
service entry, e.g.:
dn: cn=NTP,cn=$SERVER_FQDN,cn=masters,cn=ipa,cn=etc,$SUFFIX
changetype: modify
delete: ipaConfigString
ipaConfigString: enabledService
-
Where $SERVER_FQDN is e.g. ipa.example.com and $SUFFIX is e.g.
dc=example,dc=com
Rob, have you originally installed the replica with NTPD and then later
switched manually to chrony?
--
Petr Vobornik
More information about the Freeipa-users
mailing list