Karim Bourenane via FreeIPA-users wrote:
Hello François, All
Thanks you for your answer / update
Here's what I did:
All process RUNNING with : ipactl status
yum update
*I have several error into the yum update command *:
2020-06-08T09:39:42Z ERROR IPA server upgrade failed: Inspect
/var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
2020-06-08T09:39:42Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in
execute
return_value = self.run()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py",
line 54, in run
server.upgrade()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py",
line 2146, in upgrade
upgrade_configuration()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py",
line 2018, in upgrade_configuration
ca_enable_ldap_profile_subsystem(ca)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py",
line 406, in ca_enable_ldap_profile_subsystem
cainstance.migrate_profiles_to_ldap()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
1990, in migrate_profiles_to_ldap
api.Backend.ra_certprofile.override_port = 8443
File "/usr/lib/python2.7/site-packages/ipalib/base.py", line 134, in
__setattr__
SET_ERROR % (self.__class__.__name__, name, value)
2020-06-08T09:39:42Z DEBUG The ipa-server-upgrade command failed,
exception: AttributeError: locked: cannot set
ra_certprofile.override_port to 8443
2020-06-08T09:39:42Z ERROR Unexpected error - see
/var/log/ipaupgrade.log for details:
AttributeError: locked: cannot set ra_certprofile.override_port to 8443
2020-06-08T09:39:42Z ERROR The ipa-server-upgrade command failed. See
/var/log/ipaupgrade.log for more information
Note that this has nothing to do with anything listening on port 8443.
This is trying to change the IPA runtime environment for some reason and
it's in a locked state. I don't know this code very well so I'm not sure
what the remediation is. It seems like something that should have either
always or never worked but it could be it was affected by some later
change, I don't know.
It thinks it needs to migrate your disk-based profiles into LDAP and
that's not something that should be skipped.
rob
Regards
Bien à vous
Mr Karim Bourenane
+33686464439
+32 493 86 63 54
Le lun. 8 juin 2020 à 08:56, François Cami <fcami(a)redhat.com
<mailto:fcami@redhat.com>> a écrit :
Hi,
On Sun, Jun 7, 2020 at 11:13 PM Karim Bourenane via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>> wrote:
>
> Hello Team
>
> I have some questions :
> 1°) I need your help, to find the better way to upgrade my 3
servers linked (replicat).
> I want to upgrade servers from CentOS 7.6 to CentOS7.7 with update
in same time the IPAServer (or separately ?)
Not at the same time. The upgrade logic is bound to update some data
in LDAP. It is best to wait until the first update is done, and the
resulting replication traffic has subsided. Then do the other replica
one at a time.
> After searching on
Freeipa.org and other site, i find :
> #ipactl stop
> #ipa-server-upgrade
> #ipactl start
You do not need to do that. "yum update" is enough.
> I not need to delete first the replication link before ?
Certainly not.
> What is the better solution ways ?
See above.
> 2°) Is not better to migrate my IPAServers's to 4.7 or 4.8 version ?
> Or i need steps too ?
You would need to migrate to RHEL8 / CentOS8 to have ipa-4-8.
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/...
Best regards,
François
> Thanks you for your help
>
> Best Regard
> Bien à vous
> Mr Karim Bourenane
> +33686464439
> +32 493 86 63 54
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to
freeipa-users-leave(a)lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...