Ah, is FreeIPA generally okay with servers being at different versions, then? Could I upgrade by creating a new server, enrolling it as a replica of then old server and then shut down the old server. Can I do that as a general behaviour?
On 29/05/2019 21:21, John Keates via FreeIPA-users wrote: > I’d suggest creating a new server, enrolling it as a replica (well, it’s > multi-master so technically it’s just another FreeIPA server) instead of > upgrading. > If you have other servers that still work, do that and nuke this one. If this > is the last/only server you have, I’d restore it from backups (you have > those, right?). > > If you neither have additional servers that work, nor backups, prepare for a > nightmare. If you know ahead of time that rebuilding your IPA infrastructure > might be a slight hassle yet only take an hour or so to re-enroll all hosts > and reset your users, do that as it’ll be faster in many cases. > > John > >> On 29 May 2019, at 21:35, Darac Marjal via FreeIPA-users >> <freeipa-users@lists.fedorahosted.org> wrote: >> >> Hello good people, >> >> Due to being unfamiliar with Fedora, my home FreeIPA server has been >> languishing on Fedora version 25 for ages. I recently twigged that it >> hadn't been updated in ages to upgraded to Fedora version 30. That >> seemed to go OK, but now, when I try to run ipactl start, I get the >> following: >> >> # ipactl start >> IPA version error: data needs to be upgraded (expected version >> '4.7.90.pre1-4.fc30', current version '4.4.4-1.fc25') >> Automatically running upgrade, for details see /var/log/ipaupgrade.log >> Be patient, this may take a few minutes. >> Automatic upgrade failed: IPA server upgrade failed: Inspect >> /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. >> Unexpected error - see /var/log/ipaupgrade.log for details: >> CalledProcessError: CalledProcessError(Command ['/bin/systemctl', >> 'start', 'dirsrv@GHIBLI-DARAC-ORG-UK.service'] returned non-zero exit >> status 1: 'Job for dirsrv@GHIBLI-DARAC-ORG-UK.service failed because the >> control process exited with error code.\nSee "systemctl status >> dirsrv@GHIBLI-DARAC-ORG-UK.service" and "journalctl -xe" for details.\n') >> The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for >> more information >> >> See the upgrade log for more details and/or run >> /usr/sbin/ipa-server-upgrade again >> Aborting ipactl >> >> Looking into the logs for dirsrv@<REALM>, I see the following: >> >> May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: >> [29/May/2019:20:30:52.917492045 +0100] - ERR - dse_read_one_file - The >> entry cn=schema in file /usr/share/dirsrv/schema/00core.ldif (lineno: 1) >> is invalid, error code > >> May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: >> [29/May/2019:20:30:52.989705116 +0100] - ERR - setup_internal_backends - >> Please edit the file to correct the reported problems and then restart >> the server. >> May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: >> dirsrv@GHIBLI-DARAC-ORG-UK.service: Main process exited, code=exited, >> status=1/FAILURE >> May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: >> dirsrv@GHIBLI-DARAC-ORG-UK.service: Failed with result 'exit-code'. >> May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: Failed to start >> 389 Directory Server GHIBLI-DARAC-ORG-UK.. >> >> Now, in an attempt to fix this, I spun up a new VM, installed >> freeipa-server and then copied /usr/share/dirsrv/schema/*.ldif over, but >> that doesn't seem do have had any effect. >> >> Can anyone assist in pointing me in a direction to fixing this? >> >> >> Many thanks! >> >> _______________________________________________ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
