Hi all,
So I tried today to upgrade FreeIPA demo [1] to Fedora 29 since I was touching the VM because of something else anyway.
I was not successful yet, I hit following issues:
1) A packaging issue before I could upgrade the system, that I could resolve by removing all python2*ipa* packages from Fedora 28 VM, before attempting system upgrade to 29 again.
2) Upgrade issue after system upgrade to F29 - httpd could not connect to 8443 because it was occupied by Java: Oct 26 07:42:25 ipa.demo1.freeipa.org httpd[2589]: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:8443 Oct 26 07:42:25 ipa.demo1.freeipa.org httpd[2589]: (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:8443 ... which made the upgrader fail.
Thomas (or others), are above new issues of F28 --> F29 upgrade or this is known and I did something wrong?
Martin Kosek via FreeIPA-devel wrote:
Hi all,
So I tried today to upgrade FreeIPA demo [1] to Fedora 29 since I was touching the VM because of something else anyway.
I was not successful yet, I hit following issues:
- A packaging issue before I could upgrade the system, that I could
resolve by removing all python2*ipa* packages from Fedora 28 VM, before attempting system upgrade to 29 again.
- Upgrade issue after system upgrade to F29 - httpd could not connect
to 8443 because it was occupied by Java: Oct 26 07:42:25 ipa.demo1.freeipa.org http://ipa.demo1.freeipa.org httpd[2589]: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:8443 Oct 26 07:42:25 ipa.demo1.freeipa.org http://ipa.demo1.freeipa.org httpd[2589]: (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:8443 http://0.0.0.0:8443 ... which made the upgrader fail.
Thomas (or others), are above new issues of F28 --> F29 upgrade or this is known and I did something wrong?
Is mod_nss still installed? Can you check to see if it was updated in the upgrade?
It listens on 8443 by default.
rob
On Fri, Oct 26, 2018 at 4:17 PM Rob Crittenden rcritten@redhat.com wrote:
Martin Kosek via FreeIPA-devel wrote:
Hi all,
So I tried today to upgrade FreeIPA demo [1] to Fedora 29 since I was touching the VM because of something else anyway.
I was not successful yet, I hit following issues:
- A packaging issue before I could upgrade the system, that I could
resolve by removing all python2*ipa* packages from Fedora 28 VM, before attempting system upgrade to 29 again.
- Upgrade issue after system upgrade to F29 - httpd could not connect
to 8443 because it was occupied by Java: Oct 26 07:42:25 ipa.demo1.freeipa.org http://ipa.demo1.freeipa.org httpd[2589]: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:8443 Oct 26 07:42:25 ipa.demo1.freeipa.org http://ipa.demo1.freeipa.org httpd[2589]: (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:8443 http://0.0.0.0:8443 ... which made the upgrader fail.
Thomas (or others), are above new issues of F28 --> F29 upgrade or this is known and I did something wrong?
Is mod_nss still installed? Can you check to see if it was updated in the upgrade?
It listens on 8443 by default.
Ah, yes, that's possible. But something wrong must have happened during the F28->F29 anyway, I do not think it should be crashing this way. I will remove mod_nss and retry.
Thanks! Martin
Martin Kosek via FreeIPA-devel wrote:
On Fri, Oct 26, 2018 at 4:17 PM Rob Crittenden <rcritten@redhat.com mailto:rcritten@redhat.com> wrote:
Martin Kosek via FreeIPA-devel wrote: > Hi all, > > So I tried today to upgrade FreeIPA demo [1] to Fedora 29 since I was > touching the VM because of something else anyway. > > I was not successful yet, I hit following issues: > > 1) A packaging issue before I could upgrade the system, that I could > resolve by removing all python2*ipa* packages from Fedora 28 VM, before > attempting system upgrade to 29 again. > > 2) Upgrade issue after system upgrade to F29 - httpd could not connect > to 8443 because it was occupied by Java: > Oct 26 07:42:25 ipa.demo1.freeipa.org <http://ipa.demo1.freeipa.org> <http://ipa.demo1.freeipa.org> > httpd[2589]: (98)Address already in use: AH00072: make_sock: could not > bind to address [::]:8443 > Oct 26 07:42:25 ipa.demo1.freeipa.org <http://ipa.demo1.freeipa.org> <http://ipa.demo1.freeipa.org> > httpd[2589]: (98)Address already in use: AH00072: make_sock: could not > bind to address 0.0.0.0:8443 <http://0.0.0.0:8443> <http://0.0.0.0:8443> > ... which made the upgrader fail. > > Thomas (or others), are above new issues of F28 --> F29 upgrade or this > is known and I did something wrong? > > [1] https://www.freeipa.org/page/Demo Is mod_nss still installed? Can you check to see if it was updated in the upgrade? It listens on 8443 by default.
Ah, yes, that's possible. But something wrong must have happened during the F28->F29 anyway, I do not think it should be crashing this way. I will remove mod_nss and retry.
Can you check the dnf log?
The current upgrade just deletes nss.conf which is wrong. What I think happened is this:
- upgrade happened, nss.conf goes away - mod_nss is updated. rpm sees its config file is gone, drops in default one pointing to 8443 - ipa-server-upgrade boom
httpd would have blown up whenever it was restarted next, it just happened to occur during the IPA upgrade.
A 0-length nss.conf should be left instead to thwart rpm. I'd have sworn I did that in my prototype patches, or maybe I just meant to and forgot.
If you can confirm that mod_nss was updated I can open a ticket.
rob
On Fri, Oct 26, 2018 at 9:26 PM Rob Crittenden rcritten@redhat.com wrote:
Martin Kosek via FreeIPA-devel wrote:
On Fri, Oct 26, 2018 at 4:17 PM Rob Crittenden <rcritten@redhat.com mailto:rcritten@redhat.com> wrote:
Martin Kosek via FreeIPA-devel wrote: > Hi all, > > So I tried today to upgrade FreeIPA demo [1] to Fedora 29 since I
was
> touching the VM because of something else anyway. > > I was not successful yet, I hit following issues: > > 1) A packaging issue before I could upgrade the system, that I
could
> resolve by removing all python2*ipa* packages from Fedora 28 VM, before > attempting system upgrade to 29 again. > > 2) Upgrade issue after system upgrade to F29 - httpd could not
connect
> to 8443 because it was occupied by Java: > Oct 26 07:42:25 ipa.demo1.freeipa.org <http://ipa.demo1.freeipa.org> <http://ipa.demo1.freeipa.org> > httpd[2589]: (98)Address already in use: AH00072: make_sock: could
not
> bind to address [::]:8443 > Oct 26 07:42:25 ipa.demo1.freeipa.org <http://ipa.demo1.freeipa.org> <http://ipa.demo1.freeipa.org> > httpd[2589]: (98)Address already in use: AH00072: make_sock: could
not
> bind to address 0.0.0.0:8443 <http://0.0.0.0:8443> <http://0.0.0.0:8443> > ... which made the upgrader fail. > > Thomas (or others), are above new issues of F28 --> F29 upgrade or this > is known and I did something wrong? > > [1] https://www.freeipa.org/page/Demo Is mod_nss still installed? Can you check to see if it was updated in the upgrade? It listens on 8443 by default.
Ah, yes, that's possible. But something wrong must have happened during the F28->F29 anyway, I do not think it should be crashing this way. I will remove mod_nss and retry.
Can you check the dnf log?
The current upgrade just deletes nss.conf which is wrong. What I think happened is this:
- upgrade happened, nss.conf goes away
- mod_nss is updated. rpm sees its config file is gone, drops in default
one pointing to 8443
- ipa-server-upgrade boom
Yup, this is what happened. Just tried the F28 upgrade again:
# grep VirtualHost /etc/httpd/conf.d/nss.conf <VirtualHost _default_:8443> </VirtualHost>
httpd would have blown up whenever it was restarted next, it just happened to occur during the IPA upgrade.
A 0-length nss.conf should be left instead to thwart rpm. I'd have sworn I did that in my prototype patches, or maybe I just meant to and forgot.
I fixed that by
[root@ipa ~]# echo "# Conflicts with FreeIPA" > /etc/httpd/conf.d/nss.conf
Then, "ipactl start" and the upgrade run as part of it succeeded.
If you can confirm that mod_nss was updated I can open a ticket.
Thanks! Martin
freeipa-devel@lists.fedorahosted.org