Hello Florence, all I have also only update ipa-*, but i have same Error. Its appears that unable to unlink the port 8433 TCPV6 by pki-tomcat used by FreeIPA. Im actually blocked with this minor update.
.... [Ensurung CA is using LDAPProfileSubsustem) [Migration certificat profiles to LDAP] IPA server upgrade failed : Inspect /var/log/ipaupgrade.log and run command ipa-upgrade manually. Unexpected error - see /var/log/ipaupgrade.log for details: AttributeError: locked cannot see ra_certprofile.override_port to 8443 ipa: DEBUG : File /usr/lib/python2.7/site-packages/ipaserver/install/installutils.py at line 1015, in run_script return_value = main_function () File /usr/sbin/ipactl, line 598, in main ipa_start (options) File /usr/sbin/ipactl, line 288, in main version_check () File /usr/sbin/ipactl, line161, in version_ckeck raise IpactlError ("Abording ipactl") Regard Karim Le lun. 8 juin 2020 à 08:58, Florence Blanc-Renaud <f...@redhat.com> a écrit : > On 6/6/20 11:42 AM, Karim Bourenane via FreeIPA-users wrote: > > Hello Team > > > > I have some questions : > > 1°) I need your help, to find the better way to upgrade my 3 servers > > linked (replicat). > > I want to upgrade servers from CentOS 7.6 to CentOS7.7 with update in > > same time the IPAServer (or separately ?) > > Hi, > > in order to upgrade each server from centOS 7.6 to CentOS 7.7, you need > to run "yum update". > This command will also update ipa-* packages and internally call > ipa-server-upgrade, meaning you don't need to manually call > ipa-server-upgrade. > Please find more information in "Updating Identity Management" [1]. > > For multiple servers upgrade, keep in mind that the upgrade needs to be > done sequentially, i.e upgrade server 1, wait a few minutes for > replication to propagate changes, upgrade server 2, etc... > > HTH, > flo > > [1] > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/updating-migrating#update-ipa > > > > > After searching on Freeipa.org and other site, i find : > > #ipactl stop > > #ipa-server-upgrade > > #ipactl start > > > > I not need to delete first the replication link before ? > > What is the better solution ways ? > > > > 2°) Is not better to migrate my IPAServers's to 4.7 or 4.8 version ? > > Or i need steps too ? > > > > Thanks you for your help > > > > Best Regard > > Bien à vous > > Mr Karim Bourenane > > +33686464439 > > +32 493 86 63 54 > > > > _______________________________________________ > > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > > To unsubscribe send an email to > freeipa-users-le...@lists.fedorahosted.org > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > > > >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org