2015-11-05 12:26 GMT+01:00 Alexander Bokovoy <aboko...@redhat.com>: > On Thu, 05 Nov 2015, John Obaterspok wrote: > >> Hi, >> >> I waited a couple of days and when "dnf list freeipa-server >> --releasever=23" said 4.2.3 I hit the upgrade. Unfortunately I noticed to >> late that I received 4.2.2 during "dnf system-upgrade". >> >> Any ideas how to get it going again? Or is it easier to start from scratch >> if I only have ~ 10 IPA clients? >> > Did you already upgrade to 4.2.3? Make sure you have > pki-core-10.2.6-12.fc23 and freeipa 4.2.3-1.fc23, run > ipa-server-upgrade. It should be able to recover. > > Hi Alexander,
Untfortunatly not, it's not able to recover: ##### rpm -q pki-base freeipa-server pki-base-10.2.6-12.fc23.noarch freeipa-server-4.2.3-1.fc23.x86_64 (Note I have pki-base, not pki-core... but I guess that was what you ment) ##### ipa-server-upgrade session memcached servers not running Missing version: no platform stored Upgrading IPA: [1/8]: saving configuration [2/8]: disabling listeners [3/8]: enabling DS global lock [4/8]: starting directory server [error] CalledProcessError: Command ''/bin/systemctl' 'start' 'dirsrv@MY-LAN.service'' returned non-zero exit status 1 [cleanup]: stopping directory server [cleanup]: restoring configuration IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. Unexpected error - see /var/log/ipaupgrade.log for details: CalledProcessError: Command ''/bin/systemctl' 'start' 'dirsrv@MY-LAN.service'' returned non-zero exit status 1 ns-slapd[2083]: [05/Nov/2015:16:55:32 +0100] - Cannot find parent attribute type "ipaPublicKey" ns-slapd[2083]: [05/Nov/2015:16:55:32 +0100] dse_read_one_file - The entry cn=schema in file /etc/dirsrv/slapd-MY-LAN/schema/99user.ldif (lineno: 1) is invalid, error code 21 ( ns-slapd[2083]: [05/Nov/2015:16:55:32 +0100] dse - Please edit the file to correct the reported problems and then restart the server. systemd[1]: dirsrv@MY-LAN.service: Control process exited, code=exited status=1 ##### 99user.ldif first lines has the following dn: cn=schema objectclass: top objectclass: ldapSubentry objectclass: subschema cn: schema aci: (target="ldap:///cn=schema")(targetattr !="aci")(version 3.0;acl "anonymous, no acis"; allow (read, search, compare) userdn = "ldap:///anyone";) modifiersname: cn=Directory Manager Any ideas? -- john
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project