#6705 ipa-server-upgrade fails
Closed 2 years ago Opened 2 years ago by frenaud.

With IPA built from the master (commit e2d1b21), running ipa-server-upgrade fails with a set of different errors:

...
[Migrating certificate profiles to LDAP]
IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
Unexpected error - see /var/log/ipaupgrade.log for details:
NetworkError: cannot connect to 'https://vm-161.abc.idm.lab.eng.brq.redhat.com:8443/ca/rest/account/login': ''
The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information

or

...
The ipa-server-upgrade command failed, exception: NetworkError: cannot connect to 'ldapi://%2fvar%2frun%2fslapd-DOM-161-ABC-IDM-LAB-ENG-BRQ-REDHAT-COM.socket':

Adding the stack trace

2017-02-24T15:31:16Z INFO [Authorizing RA Agent to modify profiles]
2017-02-24T15:31:16Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
2017-02-24T15:31:16Z DEBUG   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 46, in run
    server.upgrade()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1880, in upgrade
    upgrade_configuration()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1749, in upgrade_configuration
    ca_configure_profiles_acl(ca),
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 333, in ca_configure_profiles_acl
    return cainstance.configure_profiles_acl()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 1500, in configure_profiles_acl
    return __add_acls(new_rules)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 1539, in __add_acls
    entry = conn.get_entry(dn)
  File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1483, in get_entry
    size_limit=size_limit
  File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1311, in get_entries
    **kwargs)
  File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1439, in find_entries
    break
  File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
    self.gen.throw(type, value, traceback)
  File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1002, in error_handler
    error=info)

2017-02-24T15:31:16Z DEBUG The ipa-server-upgrade command failed, exception: NetworkError: cannot connect to 'ldapi://%2fvar%2frun%2fslapd-DOM-161-ABC-IDM-LAB-ENG-BRQ-REDHAT-COM.socket':

The journal shows that ipa.service unit is shut down when gssproxy.service is stopped, hence stopping the LDAP server and breaking the api.Backend.ldap2 connection.

gssproxy restart should not stop the whole stack.

Metadata Update from @frenaud:
- Issue assigned to frenaud
- Issue set to the milestone: 0.0 NEEDS_TRIAGE

2 years ago

master:

  • 98e3b14 Fix ipa.service unit re. gssproxy

I cannot change milestone so I'm leaving it opened

Metadata Update from @mbasti:
- Custom field affects_doc reset
- Custom field component reset
- Custom field on_review reset
- Custom field type reset
- Issue close_status updated to: None
- Issue set to the milestone: None (was: 0.0 NEEDS_TRIAGE)

2 years ago

Metadata Update from @pvoborni:
- Custom field affects_doc reset
- Custom field tester adjusted to wanted
- Issue priority set to: 1 (was: 3)
- Issue set to the milestone: FreeIPA 4.5

2 years ago

Closing based on previous comment which mentions that it was not closed only because milestone could not be changed which is fixed now.

Metadata Update from @pvoborni:
- Issue status updated to: Closed (was: Open)

2 years ago

Login to comment on this ticket.

Metadata