Please ignore my mails about tomcat/pki. An update fixed the issue. On 5 November 2015 at 12:58, Prashant Bapat <prash...@apigee.com> wrote:
> Looks like there are issues with dogtag and tomcat8. > http://pki.fedoraproject.org/wiki/Tomcat_8 > > On 5 November 2015 at 11:32, Prashant Bapat <prash...@apigee.com> wrote: > >> New issue with upgrade. >> >> I setup a test IPA server. Its on AWS EC2 instance in a VPC. Fedora 21. >> freeipa 4.1.4. >> >> Upgraded OS from F21 --> F22 --> F23. All OK. >> >> Once in F23 *ipactl start* command tells me an upgrade is needed. >> >> Ran* ipa-server-upgrade* command. This command seems to do everything >> but somehow fails during upgrading the PKI (Tomcat). Now the tomcat service >> wont start. Other components are upgraded to 4.2.2 but Tomcat is down. >> >> Attached is the *ipaupgrade.log* and *catalina.2015-11-05.log*. >> >> Any help appreciated. >> >> Thanks. >> --Prashant >> >> On 5 November 2015 at 06:31, Prashant Bapat <prash...@apigee.com> wrote: >> >>> Great idea! Is that possible ? Any documentation on how to do this would >>> be very helpful. >>> >>> Thanks. >>> >>> On 4 November 2015 at 19:17, Rob Crittenden <rcrit...@redhat.com> wrote: >>> >>>> Martin Kosek wrote: >>>> > On 11/04/2015 10:27 AM, Prashant Bapat wrote: >>>> >> Ack. But in a live replicated setup wont upgrading from F21->F22 and >>>> >> F22->F23 take a long time. I mean couple of hours ? >>>> > >>>> > It will take some outage time, yes. But if you have appropriate >>>> number of >>>> > replicas and are upgrading one by one, you should be fine - the >>>> clients should >>>> > fail over to other replicas. >>>> > >>>> >> Are there any other ways to do this. Perhaps do a fresh install of >>>> F23 and >>>> >> then restore data from FreeIPA 4.1.4 (F21) ? >>>> > >>>> > FreeIPA upgrade also updates the data themselves. Restoring old data >>>> and >>>> > configuration files on fresh F23 using full backup + running the >>>> upgrade may >>>> > work, but there may be also a lot of hurdles. It is not really a >>>> tested approach. >>>> >>>> Or he could one by one install a new F23 system and configure it as a >>>> new master to replace one of the old ones until they are all running >>>> F23. >>>> >>>> I'm pretty sure backup/restore only works within the same version. >>>> >>>> rob >>>> >>>> > >>>> >> >>>> >> On 4 November 2015 at 14:52, Martin Kosek <mko...@redhat.com> wrote: >>>> >> >>>> >>> On 11/04/2015 10:15 AM, Lukas Slebodnik wrote: >>>> >>>> On (04/11/15 14:37), Prashant Bapat wrote: >>>> >>>>> Hi All, >>>> >>>>> >>>> >>>>> We rolled out freeipa in our setup somewhere in beginning of >>>> 2015. Since >>>> >>>>> then there have been couple of new releases. Latest being 4.2.3. >>>> >>>>> >>>> >>>>> The FreeIPA servers are installed on Fedora 21 hosts and at this >>>> point >>>> >>>>> there is no direct way of upgrading to 4.2.3 unless we also >>>> upgrade the >>>> >>> OS. >>>> >>>>> The COPR repos do not support Fedora 21. >>>> >>>>> >>>> >>>> Fedora 23 was released yesterday. >>>> >>>> It means then Fedora 21 will be out of support in a month. >>>> >>>> I would definitelly recomment to upgrade it to newer Fedora. >>>> >>> >>>> >>> +1. I did the same actually for FreeIPA demo which was also running >>>> on F21 >>>> >>> before: >>>> >>> http://www.freeipa.org/page/Demo >>>> >>> I had to do it in two steps: F21->F22, F22->F23. >>>> >>> >>>> >>> If you make sure that F22->F23 upgrade updates to >>>> freeipa-4.2.3-1.fc23 or >>>> >>> later >>>> >>> (https://bodhi.fedoraproject.org/updates/FEDORA-2015-4d94884a7e), >>>> it >>>> >>> should >>>> >>> work just fine. >>>> >>> >>>> >>>> If you do not want t upgrade so often you might use FreeIPA >>>> >>>> on CentOS 7 >>>> >>>> >>>> >>>> LS >>>> >>>> >>>> >>> >>>> >>> >>>> >> >>>> > >>>> >>>> >>> >> >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project