Hello,
comments inline
Martin
On 02/04/15 18:54, Christoph Kaminski wrote:
see this in ipupgrade.log
2015-04-02T11:27:02Z ERROR Pre schema upgrade failed with [Errno 111]
Connection refused
2015-04-02T11:27:02Z DEBUG Traceback (most recent call last):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
line 128, in __pre_schema_upgrade
ld = ldapupdate.LDAPUpdate(dm_password='', ldapi=True,
live_run=self.live_run, plugins=True)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 220, in __init__
self.create_connection()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 783, in create_connection
dm_password=self.dm_password, pw_name=self.pw_name)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 65, in connect
conn.do_external_bind(pw_name)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1761, in do_external_bind
self.conn.sasl_interactive_bind_s, timeout, None, auth_tokens)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1747, in __bind_with_wait
self.__wait_for_connection(timeout)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1733, in __wait_for_connection
wait_for_open_socket(lurl.hostport, timeout)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line
1173, in wait_for_open_socket
raise e
error: [Errno 111] Connection refused
This is the issue.
Do you have any errors in DS error log?
/var/log/dirsrv/slapd-INSTANCE/errors
2015-04-02T11:27:02Z DEBUG duration: 12 seconds
2015-04-02T11:27:02Z DEBUG [6/10]: updating schema
2015-04-02T11:27:12Z DEBUG Traceback (most recent call last):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
382, in start_creation
run_step(full_msg, method)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line
372, in run_step
method()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py",
line 145, in __update_schema
dm_password='', ldapi=True, live_run=self.live_run) or self.modified
File
"/usr/lib/python2.7/site-packages/ipaserver/install/schemaupdate.py",
line 112, in update_schema
fqdn=installutils.get_fqdn())
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 65, in connect
conn.do_external_bind(pw_name)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1761, in do_external_bind
self.conn.sasl_interactive_bind_s, timeout, None, auth_tokens)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1747, in __bind_with_wait
self.__wait_for_connection(timeout)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1733, in __wait_for_connection
wait_for_open_socket(lurl.hostport, timeout)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line
1173, in wait_for_open_socket
raise e
error: [Errno 111] Connection refused
2015-04-02T11:27:12Z DEBUG [error] error: [Errno 111] Connection refused
2015-04-02T11:27:12Z DEBUG [cleanup]: stopping directory server
...
Is this another upgrade? Or why is here this time gap?
2015-04-02T12:46:11Z DEBUG stderr=
2015-04-02T12:46:12Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171,
in execute
return_value = self.run()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ipa_ldap_updater.py",
line 213, in run
modified = ld.update(self.files, ordered=True) or modified
File
"/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py",
line 874, in update
updates = api.Backend.updateclient.update(POST_UPDATE,
self.dm_password, self.ldapi, self.live_run)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/plugins/updateclient.py",
line 123, in update
(restart, apply_now, res) = self.run(update.name, **kw)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/plugins/updateclient.py",
line 146, in run
return self.Updater[method](**kw)
File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line
1399, in __call__
return self.execute(**options)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/plugins/upload_cacrt.py",
line 76, in execute
ldap.add_entry(entry)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1592, in add_entry
self.conn.add_s(entry.dn, attrs.items())
File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line
1191, in error_handler
raise errors.ObjectclassViolation(info=info)
2015-04-02T12:46:12Z DEBUG The ipa-ldap-updater command failed,
exception: ObjectclassViolation: unknown object class "ipaKeyPolicy"
2015-04-02T12:46:12Z ERROR Unexpected error - see
/var/log/ipaupgrade.log for details:
ObjectclassViolation: unknown object class "ipaKeyPolicy"
and:
grep -i nsSchemaPolicy /etc/dirsrv/slapd-HSO/schema/01core389.ldif
objectClasses: ( 2.16.840.1.113730.3.2.328 NAME 'nsSchemaPolicy' DESC
'Netscape defined objectclass' SUP top MAY ( cn $
schemaUpdateObjectclassAccept $ schemaUpdateObjectclassReject $
schemaUpdateAttributeAccept $ schemaUpdateAttributeReject) X-ORIGIN
'Netscape Directory Server' )
grep -i nsSchemaPolicy /etc/dirsrv/schema/01core389.ldif
objectClasses: ( 2.16.840.1.113730.3.2.328 NAME 'nsSchemaPolicy' DESC
'Netscape defined objectclass' SUP top MAY ( cn $
schemaUpdateObjectclassAccept $ schemaUpdateObjectclassReject $
schemaUpdateAttributeAccept $ schemaUpdateAttributeReject) X-ORIGIN
'Netscape Directory Server' )
You have objectclass there, it should not be bz1180325.
But send the errors from DS log if there are any.
Greetz
Christoph Kaminski
Von: Martin Basti <mba...@redhat.com>
An: Christoph Kaminski <christoph.kamin...@biotronik.com>,
freeipa-users@redhat.com
Datum: 02.04.2015 17:25
Betreff: Re: [Freeipa-users] Upgrade fail 3.3.3 (rhel7) to 4.1 (rhel7.1)
------------------------------------------------------------------------
On 02/04/15 16:57, Christoph Kaminski wrote:
Hi all!
We have 6 IPA Servers here connected to each other. We want to upgrade
all from RHEL 7 with IPA 3.3.3 to RHEL 7.1with IPA 4.1.
I have done it one of the 6 servers and got a problem.
After upgrade if I want to login to Web UI I get: "*IPA-Error 903:
InternalError*" after typing the credentials...
I have activated debug output of IPA and see this in
/var/log/httpd/error_log:
[Thu Apr 02 14:39:38.848474 2015] [:error] [pid 18020] ipa: ERROR:
non-public: KeyError: 'idnsforwardzone'
[Thu Apr 02 14:39:38.848536 2015] [:error] [pid 18020] Traceback (most
recent call last):
[Thu Apr 02 14:39:38.848600 2015] [:error] [pid 18020] File
"/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 348,
in wsgi_execute
[Thu Apr 02 14:39:38.848607 2015] [:error] [pid 18020] result =
self.Command[name](*args, **options)
[Thu Apr 02 14:39:38.848612 2015] [:error] [pid 18020] File
"/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 439, in
__call__
[Thu Apr 02 14:39:38.848671 2015] [:error] [pid 18020] ret =
self.run(*args, **options)
[Thu Apr 02 14:39:38.848701 2015] [:error] [pid 18020] File
"/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 754, in run
[Thu Apr 02 14:39:38.848707 2015] [:error] [pid 18020] return
self.execute(*args, **options)
[Thu Apr 02 14:39:38.848776 2015] [:error] [pid 18020] File
"/usr/lib/python2.7/site-packages/ipalib/plugins/internal.py", line
123, in execute
[Thu Apr 02 14:39:38.848783 2015] [:error] [pid 18020] (o.name,
json_serialize(o)) for o in self.api.Object()
[Thu Apr 02 14:39:38.848789 2015] [:error] [pid 18020] File
"/usr/lib/python2.7/site-packages/ipalib/plugins/internal.py", line
123, in <genexpr>
[Thu Apr 02 14:39:38.848794 2015] [:error] [pid 18020] (o.name,
json_serialize(o)) for o in self.api.Object()
[Thu Apr 02 14:39:38.848799 2015] [:error] [pid 18020] File
"/usr/lib/python2.7/site-packages/ipalib/util.py", line 60, in
json_serialize
[Thu Apr 02 14:39:38.848804 2015] [:error] [pid 18020] return
json_serialize(obj.__json__())
[Thu Apr 02 14:39:38.848809 2015] [:error] [pid 18020] File
"/usr/lib/python2.7/site-packages/ipalib/plugins/baseldap.py", line
710, in __json__
[Thu Apr 02 14:39:38.848814 2015] [:error] [pid 18020] attrs =
self.api.Backend.ldap2.schema.attribute_types(objectclasses)
[Thu Apr 02 14:39:38.848820 2015] [:error] [pid 18020] File
"/usr/lib64/python2.7/site-packages/ldap/schema/subentry.py", line
377, in attribute_types
[Thu Apr 02 14:39:38.848825 2015] [:error] [pid 18020] object_class =
self.sed[ObjectClass][object_class_oid]
[Thu Apr 02 14:39:38.848830 2015] [:error] [pid 18020] KeyError:
'idnsforwardzone'
I have found this bug report:
_https://bugzilla.redhat.com/show_bug.cgi?id=1180325_
It should be fixed in the last version?!
I have read there I should start: setup-ds.pl -d --update
But Im afraid that it kills the date on the IPA Servers with version
3.3.3... does it?
What can I do? how can I fix it?
Greetz
Christoph Kaminski
Hello, was the ipa upgrade successful? Do you have any errors in
/var/log/ipaupgrade.log?
If you think it is 1180325 issue you can check if nsSchemaPolicy is in
01core389.ldif:
grep -i nsSchemaPolicy /etc/dirsrv/slapd-INSTANCE/schema/01core389.ldif
grep -i nsSchemaPolicy /etc/dirsrv/schema/01core389.ldif
Martin
--
Martin Basti
--
Martin Basti
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project