Thanks Angus for the reply.
In my case, original IPA server is completely damaged / deleted, and now I am attempting to create an exactly similar server using "full-server" backup. Do you have any suggestions for such a scenario?
Thanks sgarg
On Fri, Oct 25, 2019 at 6:05 PM Angus Clarke post@angusclarke.com wrote:
Hi
An alternative approach would be to setup your new server as an IPA client and then to promote it.
On new server: # ipa-client-install
Followed by # ipa-replica-install
Check the man pages for options suitable to your environment, otherwise I specify --setup-ca for all our new IPA instances.
I use this process for rolling out new IPA servers when we add new environments.
Regards Angus
*From:* Saurabh Garg via FreeIPA-users < freeipa-users@lists.fedorahosted.org> *Sent:* Friday, October 25, 2019 11:55:40 AM *To:* freeipa-users@lists.fedorahosted.org < freeipa-users@lists.fedorahosted.org> *Cc:* Saurabh Garg saurabh.grg@gmail.com *Subject:* [Freeipa-users] Full Server backup fails with IPA version error
Background - We are trying to restore "full server" from an existing IPA server (with replication ON to another server) to a newly created IPA Server from the same golden image as all other servers.
Source IPA Server: Red Hat Enterprise Linux Server release 7.7 (Maipo) # ipa-server-install --version 4.6.4
Destination IPA Server: Red Hat Enterprise Linux Server release 7.7 (Maipo) # ipa-server-install --version 4.6.4
Problem Statement - While running "ipa-restore" (exact command: # ipa-restore /root/backup/) on the new IPA server for full server backup, system throws the following error lines in iparestore.log:
2019-10-25T08:19:26Z DEBUG stderr=IPA version error: data needs to be upgraded (expected version '4.6.4-10.el7_6.6', current version '4.6.4-10.el7_6.3') Automatically running upgrade, for details see /var/log/ipaupgrade.log Be patient, this may take a few minutes. Automatic upgrade failed: Update complete Upgrading the configuration of the IPA services [Verifying that root certificate is published] [Migrate CRL publish directory] Publish directory already set to new location [Verifying that CA proxy configuration is correct] IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. CA did not start in 300.0s The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
See the upgrade log for more details and/or run /usr/sbin/ipa-server-upgrade again Aborting ipactl
2019-10-25T08:19:26Z INFO Restoring umask to 23 2019-10-25T08:19:26Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_restore.py", line 428, in run run(['ipactl', 'start']) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 562, in run raise CalledProcessError(p.returncode, arg_string, str(output))
2019-10-25T08:19:26Z DEBUG The ipa-restore command failed, exception: CalledProcessError: Command 'ipactl start' returned non-zero exit status 1 2019-10-25T08:19:26Z ERROR Command 'ipactl start' returned non-zero exit status 1 2019-10-25T08:19:26Z ERROR The ipa-restore command failed. See /var/log/iparestore.log for more information
In case you are aware of its fix/workaround, kindly share the steps.
Thanks, sgarg _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedor... List Guidelines: https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproj... List Archives: https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedo...