David Harvey wrote:
> Hoi,
>
> Anyone out there with experience of whether or not adding a replica of
> more recent version (4.4.4 and 389 dir 1.3.7.5-1 up from 4.4.3 with 389
> dir 1.3.5.15-2) would impact the existing servers in terms of schema or
> similar?
> I'm still trying to find a safe way to upgrade safely without going past
> a point of no return...
Yes, creating a replica with a newer version can add schema and modify
existing LDAP entries (like ACIs).
rob
>
> Kind regards,
>
> David
>
> On 17 November 2017 at 15:10, David Harvey <davidcharvey@googlemail.com
> <mailto:davidcharvey@googlemail.com >> wrote:
>
> Hi again,
>
> No joy yet with spotting CA anomalies. Any additional tips there Rob?
>
> Gentle bump Simon, are you confident that building a new replica
> won't fall foul of the below from the upgrade page (the schema part):
>
> Words of caution
>
> * Note that the server is in a *maintenance mode* during upgrade
> and does not respond to requests!
> * Schema or Directory Server
> <https://www.freeipa.org/page/Directory_Server > database object
> changes done during the upgrade are replicated to *all FreeIPA
> masters*
>
> *
> *
> Thanks again for the support,
>
> David
>
> On 15 November 2017 at 16:52, David Harvey
> <davidcharvey@googlemail.com <mailto:davidcharvey@googlemail.com >>
> wrote:
>
> Thanks Rob, Simon,
>
> Rob, will check, but thought my cert system was healthy before.
> It's relatively new (6months or less), and no sub-ca's
> involved.. Any specifics on how to invoke the selftests in some
> manner that might provide digestible output? Or could it be my
> dirty hack of cloning and isolation and I should do as Simon
> suggested :)?
>
> Simon. WRT spinning up a replica. I was under the impression
> that all running servers had to be of the same version, am I
> mistaken with that?
> I had avoided what you were suggesting as I feared the new
> server might update the schema on the existing ones!
>
> Thanks again, appreciate the steering!
>
>
> On 15 Nov 2017 14:34, "Rob Crittenden" <rcritten@redhat.com
> <mailto:rcritten@redhat.com>> wrote:
>
> David Harvey via FreeIPA-users wrote:
> > Sorry for the dump size, but not sure if the below from
> > /var/log/pki/pki-tomcat/localhost.date.log helps:
>
> Looks like the selftests are failing. I'd check that your CA
> subsystem
> certificates are not expired, etc.
>
> rob
>
> >
> > 15-Nov-2017 12:14:50.557 SEVERE [localhost-startStop-1]
> > org.apache.catalina.core.ApplicationContext.log
> StandardWrapper.Throwable
> > java.lang.NullPointerException
> > at
> >
> com.netscape.cmscore.selftests.SelfTestSubsystem. shutdown(SelfTestSubsystem. java:1886)
> > at
> >
> com.netscape.cmscore.apps.CMSEngine.shutdownSubsystems( CMSEngine.java:2118)
> > at
> com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine. java:2013)
> > at com.netscape.certsrv.apps.CMS.shutdown(CMS.java:234)
> > at com.netscape.certsrv.apps.CMS.start(CMS.java:1630)
> > at
> >
> com.netscape.cms.servlet.base.CMSStartServlet.init( CMSStartServlet.java:114)
> > at javax.servlet.GenericServlet.init(GenericServlet.java:158)
> > at
> >
> org.apache.catalina.core.StandardWrapper.initServlet( StandardWrapper.java:1227)
> > at
> >
> org.apache.catalina.core.StandardWrapper.loadServlet( StandardWrapper.java:1140)
> > at
> org.apache.catalina.core.StandardWrapper.load( StandardWrapper.java:1027)
> > at
> >
> org.apache.catalina.core.StandardContext.loadOnStartup( StandardContext.java:5038)
> > at
> >
> org.apache.catalina.core.StandardContext.startInternal( StandardContext.java:5348)
> > at
> org.apache.catalina.util.LifecycleBase.start( LifecycleBase.java:145)
> > at
> >
> org.apache.catalina.core.ContainerBase. addChildInternal( ContainerBase.java:753)
> > at
> org.apache.catalina.core.ContainerBase.addChild( ContainerBase.java:729)
> > at
> org.apache.catalina.core.StandardHost.addChild( StandardHost.java:717)
> > at
> >
> org.apache.catalina.startup.HostConfig.deployDescriptor( HostConfig.java:621)
> > at
> >
> org.apache.catalina.startup.HostConfig$DeployDescriptor. run(HostConfig.java:1835)
> > at
> java.util.concurrent.Executors$RunnableAdapter. call(Executors.java:511)
> > at java.util.concurrent.FutureTask.run(FutureTask. java:266)
> > at
> >
> java.util.concurrent.ThreadPoolExecutor.runWorker( ThreadPoolExecutor.java:1149)
> > at
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.run( ThreadPoolExecutor.java:624)
> > at java.lang.Thread.run(Thread.java:748)
> >
> > 15-Nov-2017 12:14:50.558 SEVERE [localhost-startStop-1]
> > org.apache.catalina.core.StandardContext.loadOnStartup
> Servlet [castart]
> > in web application [/ca] threw load() exception
> > java.lang.NullPointerException
> > at
> >
> com.netscape.cmscore.selftests.SelfTestSubsystem. shutdown(SelfTestSubsystem. java:1886)
> > at
> >
> com.netscape.cmscore.apps.CMSEngine.shutdownSubsystems( CMSEngine.java:2118)
> > at
> com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine. java:2013)
> > at com.netscape.certsrv.apps.CMS.shutdown(CMS.java:234)
> > at com.netscape.certsrv.apps.CMS.start(CMS.java:1630)
> > at
> >
> com.netscape.cms.servlet.base.CMSStartServlet.init( CMSStartServlet.java:114)
> > at javax.servlet.GenericServlet.init(GenericServlet.java:158)
> > at
> >
> org.apache.catalina.core.StandardWrapper.initServlet( StandardWrapper.java:1227)
> > at
> >
> org.apache.catalina.core.StandardWrapper.loadServlet( StandardWrapper.java:1140)
> > at
> org.apache.catalina.core.StandardWrapper.load( StandardWrapper.java:1027)
> > at
> >
> org.apache.catalina.core.StandardContext.loadOnStartup( StandardContext.java:5038)
> > at
> >
> org.apache.catalina.core.StandardContext.startInternal( StandardContext.java:5348)
> > at
> org.apache.catalina.util.LifecycleBase.start( LifecycleBase.java:145)
> > at
> >
> org.apache.catalina.core.ContainerBase. addChildInternal( ContainerBase.java:753)
> > at
> org.apache.catalina.core.ContainerBase.addChild( ContainerBase.java:729)
> > at
> org.apache.catalina.core.StandardHost.addChild( StandardHost.java:717)
> > at
> >
> org.apache.catalina.startup.HostConfig.deployDescriptor( HostConfig.java:621)
> > at
> >
> org.apache.catalina.startup.HostConfig$DeployDescriptor. run(HostConfig.java:1835)
> > at
> java.util.concurrent.Executors$RunnableAdapter. call(Executors.java:511)
> > at java.util.concurrent.FutureTask.run(FutureTask. java:266)
> > at
> >
> java.util.concurrent.ThreadPoolExecutor.runWorker( ThreadPoolExecutor.java:1149)
> > at
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.run( ThreadPoolExecutor.java:624)
> > at java.lang.Thread.run(Thread.java:748)
> >
> > 15-Nov-2017 12:14:54.509 SEVERE [http-bio-8443-exec-1]
> > org.apache.catalina.core.StandardHostValve.invoke
> Exception Processing
> > /ca/rest/account/login
> > javax.ws.rs
> <http://javax.ws.rs>.ServiceUnavailableException: Subsystem
> unavailable
> > at
> >
> com.netscape.cms.tomcat.ProxyRealm. findSecurityConstraints( ProxyRealm.java:138)
> > at
> >
> org.apache.catalina.authenticator. AuthenticatorBase.invoke( AuthenticatorBase.java:498)
> > at
> >
> org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:141)
> > at
> >
> org.apache.catalina.valves.ErrorReportValve.invoke( ErrorReportValve.java:79)
> > at
> >
> org.apache.catalina.valves.AbstractAccessLogValve.invoke( AbstractAccessLogValve.java: 620)
> > at
> >
> org.apache.catalina.core.StandardEngineValve.invoke( StandardEngineValve.java:88)
> > at
> >
> org.apache.catalina.connector.CoyoteAdapter.service( CoyoteAdapter.java:502)
> > at
> >
> org.apache.coyote.http11.AbstractHttp11Processor. process( AbstractHttp11Processor.java: 1132)
> > at
> >
> org.apache.coyote.AbstractProtocol$ AbstractConnectionHandler. process(AbstractProtocol.java: 684)
> > at
> > org.apache.tomcat.util.net
> <http://org.apache.tomcat.util.net >.JIoEndpoint$SocketProcessor.run( JIoEndpoint.java:283)
> > at
> >
> java.util.concurrent.ThreadPoolExecutor.runWorker( ThreadPoolExecutor.java:1149)
> > at
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.run( ThreadPoolExecutor.java:624)
> > at
> >
> org.apache.tomcat.util.threads.TaskThread$ WrappingRunnable.run( TaskThread.java:61)
> > at java.lang.Thread.run(Thread.java:748)
> >
> > 15-Nov-2017 13:05:55.874 SEVERE [localhost-startStop-1]
> > org.apache.catalina.core.ApplicationContext.log
> StandardWrapper.Throwable
> > java.lang.NullPointerException
> > at
> >
> com.netscape.cmscore.selftests.SelfTestSubsystem. shutdown(SelfTestSubsystem. java:1886)
> > at
> >
> com.netscape.cmscore.apps.CMSEngine.shutdownSubsystems( CMSEngine.java:2118)
> > at
> com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine. java:2013)
> > at com.netscape.certsrv.apps.CMS.shutdown(CMS.java:234)
> > at com.netscape.certsrv.apps.CMS.start(CMS.java:1630)
> > at
> >
> com.netscape.cms.servlet.base.CMSStartServlet.init( CMSStartServlet.java:114)
> > at javax.servlet.GenericServlet.init(GenericServlet.java:158)
> > at
> >
> org.apache.catalina.core.StandardWrapper.initServlet( StandardWrapper.java:1227)
> > at
> >
> org.apache.catalina.core.StandardWrapper.loadServlet( StandardWrapper.java:1140)
> > at
> org.apache.catalina.core.StandardWrapper.load( StandardWrapper.java:1027)
> > at
> >
> org.apache.catalina.core.StandardContext.loadOnStartup( StandardContext.java:5038)
> > at
> >
> org.apache.catalina.core.StandardContext.startInternal( StandardContext.java:5348)
> > at
> org.apache.catalina.util.LifecycleBase.start( LifecycleBase.java:145)
> > at
> >
> org.apache.catalina.core.ContainerBase. addChildInternal( ContainerBase.java:753)
> > at
> org.apache.catalina.core.ContainerBase.addChild( ContainerBase.java:729)
> > at
> org.apache.catalina.core.StandardHost.addChild( StandardHost.java:717)
> > at
> >
> org.apache.catalina.startup.HostConfig.deployDescriptor( HostConfig.java:621)
> > at
> >
> org.apache.catalina.startup.HostConfig$DeployDescriptor. run(HostConfig.java:1835)
> > at
> java.util.concurrent.Executors$RunnableAdapter. call(Executors.java:511)
> > at java.util.concurrent.FutureTask.run(FutureTask. java:266)
> > at
> >
> java.util.concurrent.ThreadPoolExecutor.runWorker( ThreadPoolExecutor.java:1149)
> > at
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.run( ThreadPoolExecutor.java:624)
> > at java.lang.Thread.run(Thread.java:748)
> >
> > 15-Nov-2017 13:05:55.875 SEVERE [localhost-startStop-1]
> > org.apache.catalina.core.StandardContext.loadOnStartup
> Servlet [castart]
> > in web application [/ca] threw load() exception
> > java.lang.NullPointerException
> > at
> >
> com.netscape.cmscore.selftests.SelfTestSubsystem. shutdown(SelfTestSubsystem. java:1886)
> > at
> >
> com.netscape.cmscore.apps.CMSEngine.shutdownSubsystems( CMSEngine.java:2118)
> > at
> com.netscape.cmscore.apps.CMSEngine.shutdown(CMSEngine. java:2013)
> > at com.netscape.certsrv.apps.CMS.shutdown(CMS.java:234)
> > at com.netscape.certsrv.apps.CMS.start(CMS.java:1630)
> > at
> >
> com.netscape.cms.servlet.base.CMSStartServlet.init( CMSStartServlet.java:114)
> > at javax.servlet.GenericServlet.init(GenericServlet.java:158)
> > at
> >
> org.apache.catalina.core.StandardWrapper.initServlet( StandardWrapper.java:1227)
> > at
> >
> org.apache.catalina.core.StandardWrapper.loadServlet( StandardWrapper.java:1140)
> > at
> org.apache.catalina.core.StandardWrapper.load( StandardWrapper.java:1027)
> > at
> >
> org.apache.catalina.core.StandardContext.loadOnStartup( StandardContext.java:5038)
> > at
> >
> org.apache.catalina.core.StandardContext.startInternal( StandardContext.java:5348)
> > at
> org.apache.catalina.util.LifecycleBase.start( LifecycleBase.java:145)
> > at
> >
> org.apache.catalina.core.ContainerBase. addChildInternal( ContainerBase.java:753)
> > at
> org.apache.catalina.core.ContainerBase.addChild( ContainerBase.java:729)
> > at
> org.apache.catalina.core.StandardHost.addChild( StandardHost.java:717)
> > at
> >
> org.apache.catalina.startup.HostConfig.deployDescriptor( HostConfig.java:621)
> > at
> >
> org.apache.catalina.startup.HostConfig$DeployDescriptor. run(HostConfig.java:1835)
> > at
> java.util.concurrent.Executors$RunnableAdapter. call(Executors.java:511)
> > at java.util.concurrent.FutureTask.run(FutureTask. java:266)
> > at
> >
> java.util.concurrent.ThreadPoolExecutor.runWorker( ThreadPoolExecutor.java:1149)
> > at
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.run( ThreadPoolExecutor.java:624)
> > at java.lang.Thread.run(Thread.java:748)
> >
> > 15-Nov-2017 13:05:59.706 SEVERE [http-bio-8443-exec-1]
> > org.apache.catalina.core.StandardHostValve.invoke
> Exception Processing
> > /ca/rest/account/login
> > javax.ws.rs
> <http://javax.ws.rs>.ServiceUnavailableException: Subsystem
> unavailable
> > at
> >
> com.netscape.cms.tomcat.ProxyRealm. findSecurityConstraints( ProxyRealm.java:138)
> > at
> >
> org.apache.catalina.authenticator. AuthenticatorBase.invoke( AuthenticatorBase.java:498)
> > at
> >
> org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:141)
> > at
> >
> org.apache.catalina.valves.ErrorReportValve.invoke( ErrorReportValve.java:79)
> > at
> >
> org.apache.catalina.valves.AbstractAccessLogValve.invoke( AbstractAccessLogValve.java: 620)
> > at
> >
> org.apache.catalina.core.StandardEngineValve.invoke( StandardEngineValve.java:88)
> > at
> >
> org.apache.catalina.connector.CoyoteAdapter.service( CoyoteAdapter.java:502)
> > at
> >
> org.apache.coyote.http11.AbstractHttp11Processor. process( AbstractHttp11Processor.java: 1132)
> > at
> >
> org.apache.coyote.AbstractProtocol$ AbstractConnectionHandler. process(AbstractProtocol.java: 684)
> > at
> > org.apache.tomcat.util.net
> <http://org.apache.tomcat.util.net >.JIoEndpoint$SocketProcessor.run( JIoEndpoint.java:283)
> > at
> >
> java.util.concurrent.ThreadPoolExecutor.runWorker( ThreadPoolExecutor.java:1149)
> > at
> >
> java.util.concurrent.ThreadPoolExecutor$Worker.run( ThreadPoolExecutor.java:624)
> > at
> >
> org.apache.tomcat.util.threads.TaskThread$