On Fri, Oct 26, 2018 at 9:26 PM Rob Crittenden <rcritten(a)redhat.com> wrote:
Martin Kosek via FreeIPA-devel wrote:
> On Fri, Oct 26, 2018 at 4:17 PM Rob Crittenden <rcritten(a)redhat.com
> <mailto:rcritten@redhat.com>> wrote:
> Martin Kosek via FreeIPA-devel wrote:
> > Hi all,
>
> > So I tried today to
upgrade FreeIPA demo [1] to Fedora 29 since I
was
> > touching the VM because of something else anyway.
>
> > I was not successful
yet, I hit following issues:
>
> > 1) A packaging issue
before I could upgrade the system, that I
could
> > resolve by removing all python2*ipa* packages from Fedora 28 VM,
> before
> > attempting system upgrade to 29 again.
>
> > 2) Upgrade issue
after system upgrade to F29 - httpd could not
connect
> > to 8443 because it was occupied by Java:
> > Oct 26 07:42:25
ipa.demo1.freeipa.org
> <
http://ipa.demo1.freeipa.org> <
http://ipa.demo1.freeipa.org
> > httpd[2589]: (98)Address already in use:
AH00072: make_sock: could
not
> > bind to address [::]:8443
> > Oct 26 07:42:25
ipa.demo1.freeipa.org
> <
http://ipa.demo1.freeipa.org> <
http://ipa.demo1.freeipa.org
> > httpd[2589]: (98)Address already in use:
AH00072: make_sock: could
not
> > bind to address 0.0.0.0:8443 <
http://0.0.0.0:8443
> <
http://0.0.0.0:8443
>
> ... which made the upgrader fail.
>
> > Thomas (or others),
are above new issues of F28 --> F29 upgrade or
> this
> > is known and I did something wrong?
>
> > [1]
https://www.freeipa.org/page/Demo
> Is mod_nss still installed? Can you check to see if it was updated in
> the upgrade?
> It listens on 8443 by default.
> Ah, yes, that's possible.
But something wrong must have happened during
> the F28->F29 anyway, I do not think it should be crashing this way. I
> will remove mod_nss and retry.
Can you check the dnf log?
The current upgrade just deletes nss.conf which is wrong. What I think
happened is this:
- upgrade happened, nss.conf goes away
- mod_nss is updated. rpm sees its config file is gone, drops in default
one pointing to 8443
- ipa-server-upgrade boom
Yup, this is what happened. Just tried the F28 upgrade again:
# grep VirtualHost /etc/httpd/conf.d/nss.conf
<VirtualHost _default_:8443
httpd would have blown up whenever it was restarted next, it just
happened to occur during the IPA upgrade.
A 0-length nss.conf should be left instead to thwart rpm. I'd have sworn
I did that in my prototype patches, or maybe I just meant to and forgot.
I fixed that by
[root@ipa ~]# echo "# Conflicts with FreeIPA" > /etc/httpd/conf.d/nss.conf
Then, "ipactl start" and the upgrade run as part of it succeeded.
If you can confirm that mod_nss was updated I can open a ticket.