Hello
I found a track, its appear that the JAVA dont want to leave the TCPV6 port
connexion:
#netstat -plten | grep 8433
tcp6 0 0 :::8443 :::* LISTEN 17 178055 25551/java
And also http with tcp6 443
This connexion launched if the command : yum update (come in libcc ) or
when i launch ipa-server-update
How i can correct this behavior ?
Bien à vous
Mr Karim Bourenane
+33686464439
+32 493 86 63 54
Le lun. 8 juin 2020 à 13:10, Karim Bourenane <karim.bourenane(a)gmail.com> a
écrit :
Hello François, Florence, All
After checking and disabling my local firewall.
I have the same problem:
....
[Ensurung CA is using LDAPProfileSubsustem)
[Migration certificat profiles to LDAP]
IPA server upgrade failed : Inspect /var/log/ipaupgrade.log and run
command ipa-upgrade manually.
Unexpected error - see /var/log/ipaupgrade.log for details:
AttributeError: locked cannot see ra_certprofile.override_port to 8443
Regard
Bien à vous
Mr Karim Bourenane
+33686464439
+32 493 86 63 54
Le lun. 8 juin 2020 à 11:54, Karim Bourenane <karim.bourenane(a)gmail.com>
a écrit :
> Hello François, All
>
> Thanks you for your answer / update
>
> Here's what I did:
> All process RUNNING with : ipactl status
> yum update
>
> *I have several error into the yum update command *:
> 2020-06-08T09:39:42Z ERROR IPA server upgrade failed: Inspect
> /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
> 2020-06-08T09:39:42Z DEBUG File
> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in
> execute
> return_value = self.run()
> File
>
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py",
> line 54, in run
> server.upgrade()
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py",
> line 2146, in upgrade
> upgrade_configuration()
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py",
> line 2018, in upgrade_configuration
> ca_enable_ldap_profile_subsystem(ca)
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py",
> line 406, in ca_enable_ldap_profile_subsystem
> cainstance.migrate_profiles_to_ldap()
> File
> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
> 1990, in migrate_profiles_to_ldap
> api.Backend.ra_certprofile.override_port = 8443
> File "/usr/lib/python2.7/site-packages/ipalib/base.py", line 134, in
> __setattr__
> SET_ERROR % (self.__class__.__name__, name, value)
>
> 2020-06-08T09:39:42Z DEBUG The ipa-server-upgrade command failed,
> exception: AttributeError: locked: cannot set ra_certprofile.override_port
> to 8443
> 2020-06-08T09:39:42Z ERROR Unexpected error - see /var/log/ipaupgrade.log
> for details:
> AttributeError: locked: cannot set ra_certprofile.override_port to 8443
> 2020-06-08T09:39:42Z ERROR The ipa-server-upgrade command failed. See
> /var/log/ipaupgrade.log for more information
>
>
> Regards
>
>
> Bien à vous
> Mr Karim Bourenane
> +33686464439
> +32 493 86 63 54
>
>
>
> Le lun. 8 juin 2020 à 08:56, François Cami <fcami(a)redhat.com> a écrit :
>
>> Hi,
>>
>> On Sun, Jun 7, 2020 at 11:13 PM Karim Bourenane via FreeIPA-users
>> <freeipa-users(a)lists.fedorahosted.org> wrote:
>> >
>> > Hello Team
>> >
>> > I have some questions :
>> > 1°) I need your help, to find the better way to upgrade my 3 servers
>> linked (replicat).
>> > I want to upgrade servers from CentOS 7.6 to CentOS7.7 with update in
>> same time the IPAServer (or separately ?)
>>
>> Not at the same time. The upgrade logic is bound to update some data
>> in LDAP. It is best to wait until the first update is done, and the
>> resulting replication traffic has subsided. Then do the other replica
>> one at a time.
>>
>> > After searching on
Freeipa.org and other site, i find :
>> > #ipactl stop
>> > #ipa-server-upgrade
>> > #ipactl start
>>
>> You do not need to do that. "yum update" is enough.
>>
>> > I not need to delete first the replication link before ?
>>
>> Certainly not.
>>
>> > What is the better solution ways ?
>>
>> See above.
>>
>> > 2°) Is not better to migrate my IPAServers's to 4.7 or 4.8 version ?
>> > Or i need steps too ?
>>
>> You would need to migrate to RHEL8 / CentOS8 to have ipa-4-8.
>>
>>
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/...
>>
>> Best regards,
>> François
>>
>> > Thanks you for your help
>> >
>> > Best Regard
>> > Bien à vous
>> > Mr Karim Bourenane
>> > +33686464439
>> > +32 493 86 63 54
>> >
>> > _______________________________________________
>> > FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>> > To unsubscribe send an email to
>> freeipa-users-leave(a)lists.fedorahosted.org
>> > Fedora Code of Conduct:
>>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> > List Guidelines:
>>
https://fedoraproject.org/wiki/Mailing_list_guidelines
>> > List Archives:
>>
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
>>
>>