I’d suggest creating a new server, enrolling it as a replica (well, it’s multi-master so
technically it’s just another FreeIPA server) instead of upgrading.
If you have other servers that still work, do that and nuke this one. If this is the
last/only server you have, I’d restore it from backups (you have those, right?).
If you neither have additional servers that work, nor backups, prepare for a nightmare. If
you know ahead of time that rebuilding your IPA infrastructure might be a slight hassle
yet only take an hour or so to re-enroll all hosts and reset your users, do that as it’ll
be faster in many cases.
John
On 29 May 2019, at 21:35, Darac Marjal via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
Hello good people,
Due to being unfamiliar with Fedora, my home FreeIPA server has been
languishing on Fedora version 25 for ages. I recently twigged that it
hadn't been updated in ages to upgraded to Fedora version 30. That
seemed to go OK, but now, when I try to run ipactl start, I get the
following:
# ipactl start
IPA version error: data needs to be upgraded (expected version
'4.7.90.pre1-4.fc30', current version '4.4.4-1.fc25')
Automatically running upgrade, for details see /var/log/ipaupgrade.log
Be patient, this may take a few minutes.
Automatic upgrade failed: IPA server upgrade failed: Inspect
/var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
Unexpected error - see /var/log/ipaupgrade.log for details:
CalledProcessError: CalledProcessError(Command ['/bin/systemctl',
'start', 'dirsrv(a)GHIBLI-DARAC-ORG-UK.service'] returned non-zero exit
status 1: 'Job for dirsrv(a)GHIBLI-DARAC-ORG-UK.service failed because the
control process exited with error code.\nSee "systemctl status
dirsrv(a)GHIBLI-DARAC-ORG-UK.service" and "journalctl -xe" for
details.\n')
The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for
more information
See the upgrade log for more details and/or run
/usr/sbin/ipa-server-upgrade again
Aborting ipactl
Looking into the logs for dirsrv@<REALM>, I see the following:
May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]:
[29/May/2019:20:30:52.917492045 +0100] - ERR - dse_read_one_file - The
entry cn=schema in file /usr/share/dirsrv/schema/00core.ldif (lineno: 1)
is invalid, error code >
May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]:
[29/May/2019:20:30:52.989705116 +0100] - ERR - setup_internal_backends -
Please edit the file to correct the reported problems and then restart
the server.
May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]:
dirsrv(a)GHIBLI-DARAC-ORG-UK.service: Main process exited, code=exited,
status=1/FAILURE
May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]:
dirsrv(a)GHIBLI-DARAC-ORG-UK.service: Failed with result 'exit-code'.
May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: Failed to start
389 Directory Server GHIBLI-DARAC-ORG-UK..
Now, in an attempt to fix this, I spun up a new VM, installed
freeipa-server and then copied /usr/share/dirsrv/schema/*.ldif over, but
that doesn't seem do have had any effect.
Can anyone assist in pointing me in a direction to fixing this?
Many thanks!
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...