Hello,
Thank you for your answer, now dirsrv can start, but after running the " dirsrv@IPA-UNICC-ORG.service " it hungs: # ipa-server-upgrade Upgrading IPA:. Estimated time: 1 minute 30 seconds [1/8]: saving configuration [2/8]: disabling listeners [3/8]: enabling DS global lock [4/8]: starting directory server [5/8]: updating schema [6/8]: upgrading server The latest messages on the log is (there are no logs on the lasts 2h): 2018-05-01T08:13:14Z DEBUG --------------------------------------------- 2018-05-01T08:13:14Z DEBUG Final value after applying updates 2018-05-01T08:13:14Z DEBUG dn: cn=description,cn=index,cn=userroot,cn=ldbm database,cn=plugins,cn=config 2018-05-01T08:13:14Z DEBUG objectclass: 2018-05-01T08:13:14Z DEBUG top 2018-05-01T08:13:14Z DEBUG nsindex 2018-05-01T08:13:14Z DEBUG nsindextype: 2018-05-01T08:13:14Z DEBUG eq 2018-05-01T08:13:14Z DEBUG sub 2018-05-01T08:13:14Z DEBUG cn: 2018-05-01T08:13:14Z DEBUG description 2018-05-01T08:13:14Z DEBUG nssystemindex: 2018-05-01T08:13:14Z DEBUG false 2018-05-01T08:13:19Z DEBUG Creating task to index attribute: description 2018-05-01T08:13:19Z DEBUG Task id: cn=indextask_description_137444551994158920_5958,cn=index,cn=tasks,cn=config If I check the ipa services, dirsrv is the only one running: # ipactl status Directory Service: RUNNING krb5kdc Service: STOPPED kadmin Service: STOPPED named Service: STOPPED httpd Service: STOPPED ipa-custodia Service: STOPPED ntpd Service: RUNNING pki-tomcatd Service: STOPPED smb Service: STOPPED winbind Service: STOPPED ipa-otpd Service: STOPPED ipa-dnskeysyncd Service: STOPPED ipa: INFO: The ipactl command was successful Should I stop the ipa-server-upgrade and start ipa services? Thanks. -----Original Message----- From: Alexander Bokovoy <aboko...@redhat.com> Sent: Tuesday, May 01, 2018 9:56 To: FreeIPA users list <freeipa-users@lists.fedorahosted.org> Cc: SOLER SANGUESA Miguel <sol...@unicc.org> Subject: Re: [Freeipa-users] Problem on dirsrv when updating from 4.5.0 (RHEL 7.4) to 4.5.4 (RHEL 7.5) On ti, 01 touko 2018, SOLER SANGUESA Miguel via FreeIPA-users wrote: >hello, > >I have an IPA master that updated from 4.5.0 (RHEL 7.4) to 4.5.4 (RHEL 7.5). >An hour later I tried to do the same with the unique replica I have, but after >update dirsrv is not starting. >It says it is needed run "ipa-server-upgrade", but it also fails: ># ipactl start >Upgrade required: please run ipa-server-upgrade command Aborting ipactl > ># ipa-server-upgrade >Upgrading IPA:. Estimated time: 1 minute 30 seconds > [1/8]: saving configuration > [2/8]: disabling listeners > [3/8]: enabling DS global lock > [4/8]: starting directory server > [error] CalledProcessError: Command '/bin/systemctl start >dirsrv@IPA-EXAMOLE-ORG.service<mailto:dirsrv@IPA-EXAMOLE-ORG.service>' >returned non-zero exit status 1 > [cleanup]: stopping directory server > [cleanup]: restoring configuration >IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command >ipa-server-upgrade manually. >Unexpected error - see /var/log/ipaupgrade.log for details: >CalledProcessError: Command '/bin/systemctl start >dirsrv@IPA-EXAMPLE-ORG.service<mailto:dirsrv@IPA-EXAMPLE-ORG.service>' >returned non-zero exit status 1 The >ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more >information > >On the log I can see: >2018-04-30T14:36:15Z DEBUG Starting external process >2018-04-30T14:36:15Z DEBUG args=/bin/systemctl is-active >dirsrv@IPA-EXAMPLE-ORG.service<mailto:dirsrv@IPA-EXAMPLE-ORG.service> >2018-04-30T14:36:15Z DEBUG Process >finished, return code=3 2018-04-30T14:36:15Z DEBUG stdout=failed ... >2018-04-30T14:36:15Z DEBUG [4/8]: starting directory server >2018-04-30T14:36:15Z DEBUG Starting external process >2018-04-30T14:36:15Z DEBUG args=/bin/systemctl start >dirsrv@IPA-EXAMPLE-ORG.service<mailto:dirsrv@IPA-EXAMPLE-ORG.service> >2018-04-30T14:36:15Z DEBUG Process >finished, return code=1 2018-04-30T14:36:15Z DEBUG stdout= >2018-04-30T14:36:15Z DEBUG stderr=Job for >dirsrv@IPA-EXAMPLE-ORG.service<mailto:dirsrv@IPA-EXAMPLE-ORG.service> failed >because the control process exited with error code. See "systemctl status >dirsrv@IPA-EXAMPLE-ORG.service<mailto:dirsrv@IPA-EXAMPLE-ORG.service>" and >"journalctl -xe" for details. > >2018-04-30T14:36:15Z DEBUG Traceback (most recent call last): > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line > 504, in start_creation > run_step(full_msg, method) > File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line > 494, in run_step > method() > File > "/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py", line > 95, in __start > srv.start(self.serverid, ldapi=True) > File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line > 161, in start > instance_name, capture_output=capture_output, wait=wait) > File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line > 294, in start > skip_output=not capture_output) > File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 542, in > run > raise CalledProcessError(p.returncode, arg_string, str(output)) >CalledProcessError: Command '/bin/systemctl start >dirsrv@IPA-EXAMPLE-ORG.service<mailto:dirsrv@IPA-EXAMPLE-ORG.service>' >returned non-zero exit status 1 > >2018-04-30T14:36:15Z DEBUG [error] CalledProcessError: Command >'/bin/systemctl start >dirsrv@IPA-EXAMPLE-ORG.service<mailto:dirsrv@IPA-EXAMPLE-ORG.service>' >returned non-zero exit status 1 > >Checking /var/log/dirsrv/slapd-IPA-EXAMPLE-ORG/errors I show: >[30/Apr/2018:16:04:52.584220922 +0200] - ERR - slapd_bootstrap_config - The >default password storage scheme could not be read or was not found in the file >/etc/dirsrv/slapd-IPA-EXAMPLE-ORG/dse.ldif. It is mandatory. > >Checking on internet I show that "dse.ldif" could be corrupted, so I changed >with "dse.ldif.startOK" without any change and then I changed with >"dse.ldif.bak". The problem persist but the error has changed: >[30/Apr/2018:16:32:13.435210918 +0200] - NOTICE - config_set_port - >Non-Secure Port Disabled >[30/Apr/2018:16:32:13.556581301 +0200] - ERR - symload_report_error - >Netscape Portable Runtime error -5975: >/usr/lib64/dirsrv/plugins/libreplication-plugin.so: undefined symbol: >replication_legacy_plugin_init >[30/Apr/2018:16:32:13.561590553 +0200] - ERR - symload_report_error - >Could not load symbol "replication_legacy_plugin_init" from >"/usr/lib64/dirsrv/plugins/libreplication-plugin.so" for plugin Legacy >Replication Plugin >[30/Apr/2018:16:32:13.564590264 +0200] - ERR - load_plugin_entry - Unable to >load plugin "cn=Legacy Replication Plugin,cn=plugins,cn=config" > >I saw a bug about this problem, but it is still opened: >https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=1529442 > >Any idea how to fix the issue? > >If it is not possible to fix it, can I remove the replica from IPA and install >it again with the same name? A quick fix could be to remove an entry for cn=Legacy Replication Plugin,cn=plugins,cn=config from /etc/dirsrv/slapd-IPA-EXAMPLE-ORG/dse/ldif when dirsrv is down. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
