2015-11-05 17:07 GMT+01:00 John Obaterspok <john.obaters...@gmail.com>:
> > > 2015-11-05 12:26 GMT+01:00 Alexander Bokovoy <aboko...@redhat.com>: > >> On Thu, 05 Nov 2015, John Obaterspok wrote: >> >>> Hi, >>> >>> I waited a couple of days and when "dnf list freeipa-server >>> --releasever=23" said 4.2.3 I hit the upgrade. Unfortunately I noticed to >>> late that I received 4.2.2 during "dnf system-upgrade". >>> >>> Any ideas how to get it going again? Or is it easier to start from >>> scratch >>> if I only have ~ 10 IPA clients? >>> >> Did you already upgrade to 4.2.3? Make sure you have >> pki-core-10.2.6-12.fc23 and freeipa 4.2.3-1.fc23, run >> ipa-server-upgrade. It should be able to recover. >> >> > Hi Alexander, > > Untfortunatly not, it's not able to recover: > > ##### rpm -q pki-base freeipa-server > pki-base-10.2.6-12.fc23.noarch > freeipa-server-4.2.3-1.fc23.x86_64 > > (Note I have pki-base, not pki-core... but I guess that was what you ment) > > ##### ipa-server-upgrade > session memcached servers not running > Missing version: no platform stored > Upgrading IPA: > [1/8]: saving configuration > [2/8]: disabling listeners > [3/8]: enabling DS global lock > [4/8]: starting directory server > [error] CalledProcessError: Command ''/bin/systemctl' 'start' > 'dirsrv@MY-LAN.service'' returned non-zero exit status 1 > [cleanup]: stopping directory server > [cleanup]: restoring configuration > IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command > ipa-server-upgrade manually. > Unexpected error - see /var/log/ipaupgrade.log for details: > CalledProcessError: Command ''/bin/systemctl' 'start' > 'dirsrv@MY-LAN.service'' returned non-zero exit status 1 > > ns-slapd[2083]: [05/Nov/2015:16:55:32 +0100] - Cannot find parent > attribute type "ipaPublicKey" > ns-slapd[2083]: [05/Nov/2015:16:55:32 +0100] dse_read_one_file - The entry > cn=schema in file /etc/dirsrv/slapd-MY-LAN/schema/99user.ldif (lineno: 1) > is invalid, error code 21 ( > ns-slapd[2083]: [05/Nov/2015:16:55:32 +0100] dse - Please edit the file to > correct the reported problems and then restart the server. > systemd[1]: dirsrv@MY-LAN.service: Control process exited, code=exited > status=1 > > ##### 99user.ldif first lines has the following > dn: cn=schema > objectclass: top > objectclass: ldapSubentry > objectclass: subschema > cn: schema > aci: (target="ldap:///cn=schema")(targetattr !="aci")(version 3.0;acl > "anonymous, no acis"; allow (read, search, compare) userdn = > "ldap:///anyone";) > modifiersname: cn=Directory Manager > > > Any ideas? > > -- john > I just found https://fedoraproject.org/wiki/Common_F23_bugs#freeipa-upgrade-fail which allowed me to run freeipa-server-upgrade successfully. Just a note: It says "Find the entry (split across three lines) that starts attributeTypes: ( 2.16.840.1.113730.3.8.18.2.3 NAME 'ipaVaultPublicKey'" However, it's all on one line without spaces Then make sure the text you replace with don't have extra spaces. Should be DESC 'IPA... & ...1466.115.121... Thanks! -- john
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project