3:58 a.m.
Hi all,
So I tried today to upgrade FreeIPA demo [1] to Fedora 29 since I was
touching the VM because of something else anyway.
I was not successful yet, I hit following issues:
1) A packaging issue before I could upgrade the system, that I could
resolve by removing all python2*ipa* packages from Fedora 28 VM, before
attempting system upgrade to 29 again.
2) Upgrade issue after system upgrade to F29 - httpd could not connect to
8443 because it was occupied by Java:
Oct 26 07:42:25 ipa.demo1.freeipa.org httpd[2589]: (98)Address already in
use: AH00072: make_sock: could not bind to address [::]:8443
Oct 26 07:42:25 ipa.demo1.freeipa.org httpd[2589]: (98)Address already in
use: AH00072: make_sock: could not bind to address 0.0.0.0:8443
... which made the upgrader fail.
Thomas (or others), are above new issues of F28 --> F29 upgrade or this is
known and I did something wrong?
[1] https://www.freeipa.org/page/Demo
9:17 a.m.
Martin Kosek via FreeIPA-devel wrote:
Hi all,
So I tried today to upgrade FreeIPA demo [1] to Fedora 29 since I was
touching the VM because of something else anyway.
I was not successful yet, I hit following issues:
1) A packaging issue before I could upgrade the system, that I could
resolve by removing all python2*ipa* packages from Fedora 28 VM, before
attempting system upgrade to 29 again.
2) Upgrade issue after system upgrade to F29 - httpd could not connect
to 8443 because it was occupied by Java:
Oct 26 07:42:25 ipa.demo1.freeipa.org <http://ipa.demo1.freeipa.org>
httpd[2589]: (98)Address already in use: AH00072: make_sock: could not
bind to address [::]:8443
Oct 26 07:42:25 ipa.demo1.freeipa.org <http://ipa.demo1.freeipa.org>
httpd[2589]: (98)Address already in use: AH00072: make_sock: could not
bind to address 0.0.0.0:8443 <http://0.0.0.0:8443>
... which made the upgrader fail.
Thomas (or others), are above new issues of F28 --> F29 upgrade or this
is known and I did something wrong?
[1] https://www.freeipa.org/page/Demo
Is mod_nss still installed? Can you check to
see if it was updated in
the upgrade?
It listens on 8443 by default.
rob
2:06 p.m.
On Fri, Oct 26, 2018 at 4:17 PM Rob Crittenden <rcritten(a)redhat.com> wrote:
Martin Kosek via FreeIPA-devel wrote:
> Hi all,
>
> So I tried today to upgrade FreeIPA demo [1] to Fedora 29 since I was
> touching the VM because of something else anyway.
>
> I was not successful yet, I hit following issues:
>
> 1) A packaging issue before I could upgrade the system, that I could
> resolve by removing all python2*ipa* packages from Fedora 28 VM, before
> attempting system upgrade to 29 again.
>
> 2) Upgrade issue after system upgrade to F29 - httpd could not connect
> to 8443 because it was occupied by Java:
> Oct 26 07:42:25 ipa.demo1.freeipa.org <http://ipa.demo1.freeipa.org>
> httpd[2589]: (98)Address already in use: AH00072: make_sock: could not
> bind to address [::]:8443
> Oct 26 07:42:25 ipa.demo1.freeipa.org <http://ipa.demo1.freeipa.org>
> httpd[2589]: (98)Address already in use: AH00072: make_sock: could not
> bind to address 0.0.0.0:8443 <http://0.0.0.0:8443>
> ... which made the upgrader fail.
>
> Thomas (or others), are above new issues of F28 --> F29 upgrade or this
> is known and I did something wrong?
>
> [1] https://www.freeipa.org/page/Demo
Is mod_nss still installed? Can you check to see if it was updated in
the upgrade?
It listens on 8443 by default.
Ah, yes, that's possible. But something wrong must have happened during the
F28->F29 anyway, I do not think it should be crashing this way. I will
remove mod_nss and retry.
Thanks!
Martin
2:26 p.m.
Martin Kosek via FreeIPA-devel wrote:
On Fri, Oct 26, 2018 at 4:17 PM Rob Crittenden
<rcritten(a)redhat.com
<mailto:rcritten@redhat.com>> wrote:
Martin Kosek via FreeIPA-devel wrote:
> Hi all,
>
> So I tried today to upgrade FreeIPA demo [1] to Fedora 29 since I was
> touching the VM because of something else anyway.
>
> I was not successful yet, I hit following issues:
>
> 1) A packaging issue before I could upgrade the system, that I could
> resolve by removing all python2*ipa* packages from Fedora 28 VM,
before
> attempting system upgrade to 29 again.
>
> 2) Upgrade issue after system upgrade to F29 - httpd could not connect
> to 8443 because it was occupied by Java:
> Oct 26 07:42:25 ipa.demo1.freeipa.org
<http://ipa.demo1.freeipa.org> <http://ipa.demo1.freeipa.org>
> httpd[2589]: (98)Address already in use: AH00072: make_sock: could not
> bind to address [::]:8443
> Oct 26 07:42:25 ipa.demo1.freeipa.org
<http://ipa.demo1.freeipa.org> <http://ipa.demo1.freeipa.org>
> httpd[2589]: (98)Address already in use: AH00072: make_sock: could not
> bind to address 0.0.0.0:8443 <http://0.0.0.0:8443>
<http://0.0.0.0:8443>
> ... which made the upgrader fail.
>
> Thomas (or others), are above new issues of F28 --> F29 upgrade or
this
> is known and I did something wrong?
>
> [1] https://www.freeipa.org/page/Demo
Is mod_nss still installed? Can you check to see if it was updated in
the upgrade?
It listens on 8443 by default.
Ah, yes, that's possible. But something wrong must have happened during
the F28->F29 anyway, I do not think it should be crashing this way. I
will remove mod_nss and retry.
Can you check the dnf log?
The current upgrade just deletes nss.conf which is wrong. What I think
happened is this:
- upgrade happened, nss.conf goes away
- mod_nss is updated. rpm sees its config file is gone, drops in default
one pointing to 8443
- ipa-server-upgrade boom
httpd would have blown up whenever it was restarted next, it just
happened to occur during the IPA upgrade.
A 0-length nss.conf should be left instead to thwart rpm. I'd have sworn
I did that in my prototype patches, or maybe I just meant to and forgot.
If you can confirm that mod_nss was updated I can open a ticket.
rob
7:16 a.m.
On Fri, Oct 26, 2018 at 9:26 PM Rob Crittenden <rcritten(a)redhat.com> wrote:
</VirtualHost
Thanks!
Martin
Martin Kosek via FreeIPA-devel wrote:
> On Fri, Oct 26, 2018 at 4:17 PM Rob Crittenden <rcritten(a)redhat.com
> <mailto:rcritten@redhat.com>> wrote:
> Martin Kosek via FreeIPA-devel wrote:
> > Hi all,
> > > So I tried today to
upgrade FreeIPA demo [1] to Fedora 29 since I
was
> > touching the VM because of something else anyway.
> > > I was not successful
yet, I hit following issues:
> > > 1) A packaging issue
before I could upgrade the system, that I
could
> > resolve by removing all python2*ipa* packages from Fedora 28 VM,
> before
> > attempting system upgrade to 29 again.
> > > 2) Upgrade issue
after system upgrade to F29 - httpd could not
connect
> > to 8443 because it was occupied by Java:
> > Oct 26 07:42:25 ipa.demo1.freeipa.org
> <http://ipa.demo1.freeipa.org> <http://ipa.demo1.freeipa.org > > httpd[2589]: (98)Address already in use:
AH00072: make_sock: could
not
> > bind to address [::]:8443
> > Oct 26 07:42:25 ipa.demo1.freeipa.org
> <http://ipa.demo1.freeipa.org> <http://ipa.demo1.freeipa.org > > httpd[2589]: (98)Address already in use:
AH00072: make_sock: could
not
> > bind to address 0.0.0.0:8443 <http://0.0.0.0:8443 > <http://0.0.0.0:8443 >
> ... which made the upgrader fail.
> > > Thomas (or others),
are above new issues of F28 --> F29 upgrade or
> this
> > is known and I did something wrong?
> > > [1]
https://www.freeipa.org/page/Demo
> Is mod_nss still installed? Can you check to see if it was updated in
> the upgrade?
> It listens on 8443 by default.
> Ah, yes, that's possible.
But something wrong must have happened during
> the F28->F29 anyway, I do not think it should be crashing this way. I
> will remove mod_nss and retry.
Can you check the dnf log?
The current upgrade just deletes nss.conf which is wrong. What I think
happened is this:
- upgrade happened, nss.conf goes away
- mod_nss is updated. rpm sees its config file is gone, drops in default
one pointing to 8443
- ipa-server-upgrade boom
Yup, this is what happened. Just tried the F28 upgrade again:
# grep VirtualHost /etc/httpd/conf.d/nss.conf
<VirtualHost _default_:8443
httpd would have blown up whenever it was restarted next, it just
happened to occur during the IPA upgrade.
A 0-length nss.conf should be left instead to thwart rpm. I'd have sworn
I did that in my prototype patches, or maybe I just meant to and forgot.
I fixed that by
[root@ipa ~]# echo "# Conflicts with FreeIPA" > /etc/httpd/conf.d/nss.conf
Then, "ipactl start" and the upgrade run as part of it succeeded.
If you can confirm that mod_nss was updated I can open a ticket.
2006
days inactive
2009
days old
freeipa-devel@lists.fedorahosted.org
4 comments
2 participants
participants (2)
-
Martin Kosek -
Rob Crittenden