This process number : 25551, its launched by pkiuser for pki-tomcat service.
Bien à vous
Mr Karim Bourenane
+33686464439
+32 493 86 63 54
Le lun. 8 juin 2020 à 16:25, Karim Bourenane <karim.bourenane(a)gmail.com> a
écrit :
Hello
I found a track, its appear that the JAVA dont want to leave the TCPV6
port connexion:
#netstat -plten | grep 8433
tcp6 0 0 :::8443 :::* LISTEN 17 178055 25551/java
And also http with tcp6 443
This connexion launched if the command : yum update (come in libcc ) or
when i launch ipa-server-update
How i can correct this behavior ?
Bien à vous
Mr Karim Bourenane
+33686464439
+32 493 86 63 54
Le lun. 8 juin 2020 à 13:10, Karim Bourenane <karim.bourenane(a)gmail.com>
a écrit :
> Hello François, Florence, All
>
> After checking and disabling my local firewall.
> I have the same problem:
> ....
> [Ensurung CA is using LDAPProfileSubsustem)
> [Migration certificat profiles to LDAP]
> IPA server upgrade failed : Inspect /var/log/ipaupgrade.log and run
> command ipa-upgrade manually.
> Unexpected error - see /var/log/ipaupgrade.log for details:
> AttributeError: locked cannot see ra_certprofile.override_port to 8443
>
>
> Regard
>
>
> Bien à vous
> Mr Karim Bourenane
> +33686464439
> +32 493 86 63 54
>
>
>
> Le lun. 8 juin 2020 à 11:54, Karim Bourenane <karim.bourenane(a)gmail.com>
> a écrit :
>
>> Hello François, All
>>
>> Thanks you for your answer / update
>>
>> Here's what I did:
>> All process RUNNING with : ipactl status
>> yum update
>>
>> *I have several error into the yum update command *:
>> 2020-06-08T09:39:42Z ERROR IPA server upgrade failed: Inspect
>> /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
>> 2020-06-08T09:39:42Z DEBUG File
>> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178,
in
>> execute
>> return_value = self.run()
>> File
>>
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py",
>> line 54, in run
>> server.upgrade()
>> File
>>
"/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py",
>> line 2146, in upgrade
>> upgrade_configuration()
>> File
>>
"/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py",
>> line 2018, in upgrade_configuration
>> ca_enable_ldap_profile_subsystem(ca)
>> File
>>
"/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py",
>> line 406, in ca_enable_ldap_profile_subsystem
>> cainstance.migrate_profiles_to_ldap()
>> File
>> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py",
line
>> 1990, in migrate_profiles_to_ldap
>> api.Backend.ra_certprofile.override_port = 8443
>> File "/usr/lib/python2.7/site-packages/ipalib/base.py", line 134, in
>> __setattr__
>> SET_ERROR % (self.__class__.__name__, name, value)
>>
>> 2020-06-08T09:39:42Z DEBUG The ipa-server-upgrade command failed,
>> exception: AttributeError: locked: cannot set ra_certprofile.override_port
>> to 8443
>> 2020-06-08T09:39:42Z ERROR Unexpected error - see
>> /var/log/ipaupgrade.log for details:
>> AttributeError: locked: cannot set ra_certprofile.override_port to 8443
>> 2020-06-08T09:39:42Z ERROR The ipa-server-upgrade command failed. See
>> /var/log/ipaupgrade.log for more information
>>
>>
>> Regards
>>
>>
>> Bien à vous
>> Mr Karim Bourenane
>> +33686464439
>> +32 493 86 63 54
>>
>>
>>
>> Le lun. 8 juin 2020 à 08:56, François Cami <fcami(a)redhat.com> a écrit :
>>
>>> Hi,
>>>
>>> On Sun, Jun 7, 2020 at 11:13 PM Karim Bourenane via FreeIPA-users
>>> <freeipa-users(a)lists.fedorahosted.org> wrote:
>>> >
>>> > Hello Team
>>> >
>>> > I have some questions :
>>> > 1°) I need your help, to find the better way to upgrade my 3 servers
>>> linked (replicat).
>>> > I want to upgrade servers from CentOS 7.6 to CentOS7.7 with update in
>>> same time the IPAServer (or separately ?)
>>>
>>> Not at the same time. The upgrade logic is bound to update some data
>>> in LDAP. It is best to wait until the first update is done, and the
>>> resulting replication traffic has subsided. Then do the other replica
>>> one at a time.
>>>
>>> > After searching on
Freeipa.org and other site, i find :
>>> > #ipactl stop
>>> > #ipa-server-upgrade
>>> > #ipactl start
>>>
>>> You do not need to do that. "yum update" is enough.
>>>
>>> > I not need to delete first the replication link before ?
>>>
>>> Certainly not.
>>>
>>> > What is the better solution ways ?
>>>
>>> See above.
>>>
>>> > 2°) Is not better to migrate my IPAServers's to 4.7 or 4.8 version
?
>>> > Or i need steps too ?
>>>
>>> You would need to migrate to RHEL8 / CentOS8 to have ipa-4-8.
>>>
>>>
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/...
>>>
>>> Best regards,
>>> François
>>>
>>> > Thanks you for your help
>>> >
>>> > Best Regard
>>> > Bien à vous
>>> > Mr Karim Bourenane
>>> > +33686464439
>>> > +32 493 86 63 54
>>> >
>>> > _______________________________________________
>>> > FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>>> > To unsubscribe send an email to
>>> freeipa-users-leave(a)lists.fedorahosted.org
>>> > Fedora Code of Conduct:
>>>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>> > List Guidelines:
>>>
https://fedoraproject.org/wiki/Mailing_list_guidelines
>>> > List Archives:
>>>
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
>>>
>>>