[Freeipa-users] FreeIPA upgrade from ipa-server-4.2.0-15.0.1.el7.centos.18 to ipa-server-4.2.0-15.0.1.el7.centos.19 (went sideways)

Ludwig Krispenz lkrispen at redhat.com
Fri Sep 23 14:55:57 UTC 2016 

On 09/23/2016 04:42 PM, Devin Acosta wrote:
>
> Ludwig,
>
> Thanks for that, for some reason I had to re-create the 
> /var/lock/dirsrv/slapd-RSINC-LOCAL/server directory tree, it did not 
> exist. Once I re-created it now the server starts. Should it have 
> disappeared like that?
no. I don't know what was going during update and reboot. There have 
been cases when a dse.ldif was lost after crashing/rebooting a VM, but 
the missing lock directory is new to me.
>
>
>
> On Fri, Sep 23, 2016 at 12:18 AM, Ludwig Krispenz <lkrispen at redhat.com 
> <mailto:lkrispen at redhat.com>> wrote:
>
>     can you check if you have
>     /var/lock/dirsrv/slapd-RSINC-LOCAL
>
>     if the server user has permissions to write into this directory
>     and its subdirs or if any pid file still exists in
>     /var/lock/dirsrv/slapd-RSINC-LOCAL/server
>
>
>     On 09/23/2016 07:29 AM, Devin Acosta wrote:
>>
>>     Tonight,
>>
>>     I noticed there was like 30 packages to be applied on my IPA
>>     server. I did the normal 'yum update' process and it completed. I
>>     then rebooted the box for the new kernel to take affect and then
>>     that is when IPA stopped working completely.
>>
>>     When I try to start the dirsrv at RSINC-LOCAL.service
>>     <mailto:dirsrv at RSINC-LOCAL.service>, it throws up with:
>>
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert: Configured NSS Ciphers
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_DHE_RSA_WITH_AES_256_CBC_SHA: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_DHE_DSS_WITH_AES_256_CBC_SHA: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_DHE_RSA_WITH_AES_128_CBC_SHA: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_DHE_DSS_WITH_AES_128_CBC_SHA: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_RSA_WITH_AES_256_GCM_SHA384: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_RSA_WITH_AES_256_CBC_SHA: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_RSA_WITH_AES_256_CBC_SHA256: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_RSA_WITH_AES_128_GCM_SHA256: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_RSA_WITH_AES_128_CBC_SHA: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_RSA_WITH_AES_128_CBC_SHA256: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: enabled
>>     [23/Sep/2016:05:19:38 +0000] - SSL alert:
>>     TLS_RSA_WITH_SEED_CBC_SHA: enabled
>>     [23/Sep/2016:05:19:38 +0000] SSL Initialization - Configured SSL
>>     version range: min: TLS1.0, max: TLS1.2
>>     [23/Sep/2016:05:19:38 +0000] - Shutting down due to possible
>>     conflicts with other slapd processes
>>
>>     *I am not sure what to do about the error "Shutting down due to
>>     possible conflicts with other slapd processes"??*
>>     The dirserv won't start, and therefore IPA won't start either. Is
>>     there some way to do some cleanup or to have it repair the issue?
>>
>>     Any help is greatly appreciated!!!
>>
>>     Devin.
>>
>>
>>
>>
>>
>
>     -- 
>     Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn,
>     Commercial register: Amtsgericht Muenchen, HRB 153243,
>     Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander
>
>
>     --
>     Manage your subscription for the Freeipa-users mailing list:
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>     <https://www.redhat.com/mailman/listinfo/freeipa-users>
>     Go to http://freeipa.org for more info on the project
>
>

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric Shander

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160923/4517b37a/attachment.htm>

More information about the Freeipa-users mailing list