Hello Florence, all

I have also only update ipa-*, but i have same Error. Its appears that unable to unlink the port 8433 TCPV6 by pki-tomcat used by FreeIPA. Im actually blocked with this minor update.

....

[Ensurung CA is using LDAPProfileSubsustem)

[Migration certificat profiles to LDAP]

IPA server upgrade failed : Inspect /var/log/ipaupgrade.log and run command ipa-upgrade manually. Unexpected error - see /var/log/ipaupgrade.log for details:

AttributeError: locked cannot see ra_certprofile.override_port to 8443

ipa: DEBUG : File /usr/lib/python2.7/site-packages/ipaserver/install/installutils.py at line 1015, in run_script

return_value = main_function ()

File /usr/sbin/ipactl, line 598, in main

ipa_start (options)

File /usr/sbin/ipactl, line 288, in main

version_check ()

File /usr/sbin/ipactl, line161, in version_ckeck

raise IpactlError ("Abording ipactl")

Regard

Karim

Le lun. 8 juin 2020 à 08:58, Florence Blanc-Renaud <flo@redhat.com> a écrit :

On 6/6/20 11:42 AM, Karim Bourenane via FreeIPA-users wrote:
> Hello Team
>
> I have some questions :
> 1°) I need your help, to find the better way to upgrade my 3 servers
> linked (replicat).
> I want to upgrade servers from CentOS 7.6 to CentOS7.7 with update in
> same time the IPAServer (or separately ?)

Hi,

in order to upgrade each server from centOS 7.6 to CentOS 7.7, you need
to run "yum update".
This command will also update ipa-* packages and internally call
ipa-server-upgrade, meaning you don't need to manually call
ipa-server-upgrade.
Please find more information in "Updating Identity Management" [1].

For multiple servers upgrade, keep in mind that the upgrade needs to be
done sequentially, i.e upgrade server 1, wait a few minutes for
replication to propagate changes, upgrade server 2, etc...

HTH,
flo

[1]
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/updating-migrating#update-ipa

>
> After searching on Freeipa.org and other site, i find :
> #ipactl stop
> #ipa-server-upgrade
> #ipactl start
>
> I not need to delete first the replication link before ?
> What is the better solution ways ?
>
> 2°) Is not better to migrate my IPAServers's to 4.7 or 4.8 version ?
> Or i need steps too ?
>
> Thanks you for your help
>
> Best Regard
> Bien à vous
> Mr Karim Bourenane
> +33686464439
> +32 493 86 63 54
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>