2016-10-10T19:51:38Z DEBUG Updating managed permission: System: Modify Certificate Profile 2016-10-10T19:51:38Z DEBUG Destroyed connection context.ldap2_82077392 2016-10-10T19:51:38Z ERROR Upgrade failed with This entry already exists 2016-10-10T19:51:38Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py", line 306, in __upgrade self.modified = (ld.update(self.files) or self.modified) File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line 905, in update self._run_updates(all_updates) File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line 877, in _run_updates self._run_update_plugin(update['plugin']) File "/usr/lib/python2.7/site-packages/ipaserver/install/ldapupdate.py", line 852, in _run_update_plugin restart_ds, updates = self.api.Updater[plugin_name]() File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 1400, in __call__ return self.execute(**options) File "/usr/lib/python2.7/site-packages/ipaserver/install/plugins/update_managed_permissions.py", line 433, in execute anonymous_read_aci) File "/usr/lib/python2.7/site-packages/ipaserver/install/plugins/update_managed_permissions.py", line 529, in update_permission ldap.add_entry(entry) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1428, in add_entry self.conn.add_s(str(entry.dn), attrs.items()) File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__ self.gen.throw(type, value, traceback) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 938, in error_handler raise errors.DuplicateEntry() DuplicateEntry: This entry already exists
2016-10-10T19:51:38Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 418, in start_creation run_step(full_msg, method) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 408, in run_step method() File "/usr/lib/python2.7/site-packages/ipaserver/install/upgradeinstance.py", line 314, in __upgrade raise RuntimeError(e) RuntimeError: This entry already exists 2016-10-10T19:51:38Z DEBUG [error] RuntimeError: This entry already exists 2016-10-10T19:51:38Z DEBUG [cleanup]: stopping directory server 2016-10-10T19:51:38Z DEBUG Starting external process 2016-10-10T19:51:38Z DEBUG args='/bin/systemctl' 'stop' 'dirsrv@AWS-CAPPEX-COM.service' 2016-10-10T19:51:40Z DEBUG Process finished, return code=0 2016-10-10T19:51:40Z DEBUG stdout= 2016-10-10T19:51:40Z DEBUG stderr= 2016-10-10T19:51:40Z DEBUG duration: 1 seconds 2016-10-10T19:51:40Z DEBUG [cleanup]: restoring configuration 2016-10-10T19:51:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-10-10T19:51:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-10-10T19:51:40Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2016-10-10T19:51:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-10-10T19:51:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-10-10T19:51:40Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2016-10-10T19:51:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2016-10-10T19:51:40Z DEBUG duration: 0 seconds 2016-10-10T19:51:40Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. 2016-10-10T19:51:40Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 50, in run raise admintool.ScriptError(str(e)) 2016-10-10T19:51:40Z DEBUG The ipa-server-upgrade command failed, exception: ScriptError: ('IPA upgrade failed.', 1) 2016-10-10T19:51:40Z ERROR ('IPA upgrade failed.', 1) From: Martin Basti [mailto:mba...@redhat.com] Sent: Tuesday, October 11, 2016 1:53 AM To: John Popowitch; freeipa-users@redhat.com Subject: Re: [Freeipa-users] FreeIPA v4.2 stopped working, wants me to run ipa-server-upgrade, but has errors On 10.10.2016 23:30, John Popowitch wrote: Hello FreeIPA community. I've inherited a group of three FreeIPA v4.2 servers on CentOS 7.2. I had to reboot one of the servers and now IPA won't run saying, "Upgrade required: please run ipa-server-upgrade command." But when I run ipa-server-upgrade I get an error: ipa: ERROR: Upgrade failed with This entry already exists When I run it in debug mode the last action before the error is: ipa.ipaserver.install.plugins.update_managed_permissions.update_managed_permissions: DEBUG: Updating managed permission: System: Modify Certificate Profile It appears that several of the other managed permissions are processed successfully. When I look in the UI on one of the other servers it appears that this permission exists under IPA Server -> Role Based Access Control -> Permissions. I'm not familiar with FreeIPA so any help would be greatly appreciated. Thanks in advance. -John Hello, can you post the related part of ipaupgrade.log here? Martin
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project