[Freeipa-users] Re: ipa server upgrade fails - dirsrv complains about Unknown attribute syntax OID
Hello, all. Most likely, you faced with 389-ds upgrade issue: https://pagure.io/389-ds-base/issue/50410 30.05.2019 12:40, Dirk Streubel via FreeIPA-users пишет: > Hello Darac, > > i have the same problem like you at two IPA Servers. > > After an update my 389 Directory Server doesn't start with the same > Problem you have: > > "dse_read_one_file - The entry cn=schema in file > /etc/dirsrv/slapd-FRITZ-BOX/schema/99user.ldif (lineno: 1) is invalid, > error code 20 (Type or value exists)" > > For me, it looks like something wrong with the new 389-ds-base package > that came out. > > I'm not an 389 Directory Server Professional and can't I help you. I do > the same like you to fix the problem a few days before. Copy from one > working IPA Server to broken IPA Server with the same result. > > My Hope is that Fedora bring out a new 389-ds-base* package that will > fix this Problem. > > Regards > > Dirk > > > > > > Am 29.05.19 um 22:25 schrieb Darac Marjal via FreeIPA-users: >> Ah, is FreeIPA generally okay with servers being at different versions, >> then? Could I upgrade by creating a new server, enrolling it as a >> replica of then old server and then shut down the old server. Can I do >> that as a general behaviour? >> >> On 29/05/2019 21:21, John Keates via FreeIPA-users wrote: >>> I’d suggest creating a new server, enrolling it as a replica (well, it’s >>> multi-master so technically it’s just another FreeIPA server) instead of >>> upgrading. >>> If you have other servers that still work, do that and nuke this one. If >>> this is the last/only server you have, I’d restore it from backups (you >>> have those, right?). >>> >>> If you neither have additional servers that work, nor backups, prepare for >>> a nightmare. If you know ahead of time that rebuilding your IPA >>> infrastructure might be a slight hassle yet only take an hour or so to >>> re-enroll all hosts and reset your users, do that as it’ll be faster in >>> many cases. >>> >>> John >>> On 29 May 2019, at 21:35, Darac Marjal via FreeIPA-users wrote: Hello good people, Due to being unfamiliar with Fedora, my home FreeIPA server has been languishing on Fedora version 25 for ages. I recently twigged that it hadn't been updated in ages to upgraded to Fedora version 30. That seemed to go OK, but now, when I try to run ipactl start, I get the following: # ipactl start IPA version error: data needs to be upgraded (expected version '4.7.90.pre1-4.fc30', current version '4.4.4-1.fc25') Automatically running upgrade, for details see /var/log/ipaupgrade.log Be patient, this may take a few minutes. Automatic upgrade failed: IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. Unexpected error - see /var/log/ipaupgrade.log for details: CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'dirsrv@GHIBLI-DARAC-ORG-UK.service'] returned non-zero exit status 1: 'Job for dirsrv@GHIBLI-DARAC-ORG-UK.service failed because the control process exited with error code.\nSee "systemctl status dirsrv@GHIBLI-DARAC-ORG-UK.service" and "journalctl -xe" for details.\n') The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information See the upgrade log for more details and/or run /usr/sbin/ipa-server-upgrade again Aborting ipactl Looking into the logs for dirsrv@, I see the following: May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: [29/May/2019:20:30:52.917492045 +0100] - ERR - dse_read_one_file - The entry cn=schema in file /usr/share/dirsrv/schema/00core.ldif (lineno: 1) is invalid, error code > May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: [29/May/2019:20:30:52.989705116 +0100] - ERR - setup_internal_backends - Please edit the file to correct the reported problems and then restart the server. May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: dirsrv@GHIBLI-DARAC-ORG-UK.service: Main process exited, code=exited, status=1/FAILURE May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: dirsrv@GHIBLI-DARAC-ORG-UK.service: Failed with result 'exit-code'. May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: Failed to start 389 Directory Server GHIBLI-DARAC-ORG-UK.. Now, in an attempt to fix this, I spun up a new VM, installed freeipa-server and then copied /usr/share/dirsrv/schema/*.ldif over, but that doesn't seem do have had any effect. Can anyone assist in pointing me in a direction to fixing this? Many thanks! ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfe
[Freeipa-users] Re: ipa server upgrade fails - dirsrv complains about Unknown attribute syntax OID
Hello Levin, thanks a lot for this information and the link. Regards Dirk Am 30.05.19 um 12:21 schrieb Levin Stanislav: > Hello, all. > > Most likely, you faced with 389-ds upgrade issue: > > https://pagure.io/389-ds-base/issue/50410 > > > > 30.05.2019 12:40, Dirk Streubel via FreeIPA-users пишет: >> Hello Darac, >> >> i have the same problem like you at two IPA Servers. >> >> After an update my 389 Directory Server doesn't start with the same >> Problem you have: >> >> "dse_read_one_file - The entry cn=schema in file >> /etc/dirsrv/slapd-FRITZ-BOX/schema/99user.ldif (lineno: 1) is invalid, >> error code 20 (Type or value exists)" >> >> For me, it looks like something wrong with the new 389-ds-base package >> that came out. >> >> I'm not an 389 Directory Server Professional and can't I help you. I do >> the same like you to fix the problem a few days before. Copy from one >> working IPA Server to broken IPA Server with the same result. >> >> My Hope is that Fedora bring out a new 389-ds-base* package that will >> fix this Problem. >> >> Regards >> >> Dirk >> >> >> >> >> >> Am 29.05.19 um 22:25 schrieb Darac Marjal via FreeIPA-users: >>> Ah, is FreeIPA generally okay with servers being at different versions, >>> then? Could I upgrade by creating a new server, enrolling it as a >>> replica of then old server and then shut down the old server. Can I do >>> that as a general behaviour? >>> >>> On 29/05/2019 21:21, John Keates via FreeIPA-users wrote: I’d suggest creating a new server, enrolling it as a replica (well, it’s multi-master so technically it’s just another FreeIPA server) instead of upgrading. If you have other servers that still work, do that and nuke this one. If this is the last/only server you have, I’d restore it from backups (you have those, right?). If you neither have additional servers that work, nor backups, prepare for a nightmare. If you know ahead of time that rebuilding your IPA infrastructure might be a slight hassle yet only take an hour or so to re-enroll all hosts and reset your users, do that as it’ll be faster in many cases. John > On 29 May 2019, at 21:35, Darac Marjal via FreeIPA-users > wrote: > > Hello good people, > > Due to being unfamiliar with Fedora, my home FreeIPA server has been > languishing on Fedora version 25 for ages. I recently twigged that it > hadn't been updated in ages to upgraded to Fedora version 30. That > seemed to go OK, but now, when I try to run ipactl start, I get the > following: > > # ipactl start > IPA version error: data needs to be upgraded (expected version > '4.7.90.pre1-4.fc30', current version '4.4.4-1.fc25') > Automatically running upgrade, for details see /var/log/ipaupgrade.log > Be patient, this may take a few minutes. > Automatic upgrade failed: IPA server upgrade failed: Inspect > /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. > Unexpected error - see /var/log/ipaupgrade.log for details: > CalledProcessError: CalledProcessError(Command ['/bin/systemctl', > 'start', 'dirsrv@GHIBLI-DARAC-ORG-UK.service'] returned non-zero exit > status 1: 'Job for dirsrv@GHIBLI-DARAC-ORG-UK.service failed because the > control process exited with error code.\nSee "systemctl status > dirsrv@GHIBLI-DARAC-ORG-UK.service" and "journalctl -xe" for details.\n') > The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for > more information > > See the upgrade log for more details and/or run > /usr/sbin/ipa-server-upgrade again > Aborting ipactl > > Looking into the logs for dirsrv@, I see the following: > > May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: > [29/May/2019:20:30:52.917492045 +0100] - ERR - dse_read_one_file - The > entry cn=schema in file /usr/share/dirsrv/schema/00core.ldif (lineno: 1) > is invalid, error code > > May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: > [29/May/2019:20:30:52.989705116 +0100] - ERR - setup_internal_backends - > Please edit the file to correct the reported problems and then restart > the server. > May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: > dirsrv@GHIBLI-DARAC-ORG-UK.service: Main process exited, code=exited, > status=1/FAILURE > May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: > dirsrv@GHIBLI-DARAC-ORG-UK.service: Failed with result 'exit-code'. > May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: Failed to start > 389 Directory Server GHIBLI-DARAC-ORG-UK.. > > Now, in an attempt to fix this, I spun up a new VM, installed > freeipa-server and then copied /usr/share/dirsrv/schema/*.ldif over, but > that doesn't seem do have had any effect. > > Can anyone assist in pointing me in a direction to fixing this? > > > Many thanks! >
[Freeipa-users] Re: ipa server upgrade fails - dirsrv complains about Unknown attribute syntax OID
Hello Darac, i have the same problem like you at two IPA Servers. After an update my 389 Directory Server doesn't start with the same Problem you have: "dse_read_one_file - The entry cn=schema in file /etc/dirsrv/slapd-FRITZ-BOX/schema/99user.ldif (lineno: 1) is invalid, error code 20 (Type or value exists)" For me, it looks like something wrong with the new 389-ds-base package that came out. I'm not an 389 Directory Server Professional and can't I help you. I do the same like you to fix the problem a few days before. Copy from one working IPA Server to broken IPA Server with the same result. My Hope is that Fedora bring out a new 389-ds-base* package that will fix this Problem. Regards Dirk Am 29.05.19 um 22:25 schrieb Darac Marjal via FreeIPA-users: > Ah, is FreeIPA generally okay with servers being at different versions, > then? Could I upgrade by creating a new server, enrolling it as a > replica of then old server and then shut down the old server. Can I do > that as a general behaviour? > > On 29/05/2019 21:21, John Keates via FreeIPA-users wrote: >> I’d suggest creating a new server, enrolling it as a replica (well, it’s >> multi-master so technically it’s just another FreeIPA server) instead of >> upgrading. >> If you have other servers that still work, do that and nuke this one. If >> this is the last/only server you have, I’d restore it from backups (you have >> those, right?). >> >> If you neither have additional servers that work, nor backups, prepare for a >> nightmare. If you know ahead of time that rebuilding your IPA infrastructure >> might be a slight hassle yet only take an hour or so to re-enroll all hosts >> and reset your users, do that as it’ll be faster in many cases. >> >> John >> >>> On 29 May 2019, at 21:35, Darac Marjal via FreeIPA-users >>> wrote: >>> >>> Hello good people, >>> >>> Due to being unfamiliar with Fedora, my home FreeIPA server has been >>> languishing on Fedora version 25 for ages. I recently twigged that it >>> hadn't been updated in ages to upgraded to Fedora version 30. That >>> seemed to go OK, but now, when I try to run ipactl start, I get the >>> following: >>> >>> # ipactl start >>> IPA version error: data needs to be upgraded (expected version >>> '4.7.90.pre1-4.fc30', current version '4.4.4-1.fc25') >>> Automatically running upgrade, for details see /var/log/ipaupgrade.log >>> Be patient, this may take a few minutes. >>> Automatic upgrade failed: IPA server upgrade failed: Inspect >>> /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. >>> Unexpected error - see /var/log/ipaupgrade.log for details: >>> CalledProcessError: CalledProcessError(Command ['/bin/systemctl', >>> 'start', 'dirsrv@GHIBLI-DARAC-ORG-UK.service'] returned non-zero exit >>> status 1: 'Job for dirsrv@GHIBLI-DARAC-ORG-UK.service failed because the >>> control process exited with error code.\nSee "systemctl status >>> dirsrv@GHIBLI-DARAC-ORG-UK.service" and "journalctl -xe" for details.\n') >>> The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for >>> more information >>> >>> See the upgrade log for more details and/or run >>> /usr/sbin/ipa-server-upgrade again >>> Aborting ipactl >>> >>> Looking into the logs for dirsrv@, I see the following: >>> >>> May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: >>> [29/May/2019:20:30:52.917492045 +0100] - ERR - dse_read_one_file - The >>> entry cn=schema in file /usr/share/dirsrv/schema/00core.ldif (lineno: 1) >>> is invalid, error code > >>> May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: >>> [29/May/2019:20:30:52.989705116 +0100] - ERR - setup_internal_backends - >>> Please edit the file to correct the reported problems and then restart >>> the server. >>> May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: >>> dirsrv@GHIBLI-DARAC-ORG-UK.service: Main process exited, code=exited, >>> status=1/FAILURE >>> May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: >>> dirsrv@GHIBLI-DARAC-ORG-UK.service: Failed with result 'exit-code'. >>> May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: Failed to start >>> 389 Directory Server GHIBLI-DARAC-ORG-UK.. >>> >>> Now, in an attempt to fix this, I spun up a new VM, installed >>> freeipa-server and then copied /usr/share/dirsrv/schema/*.ldif over, but >>> that doesn't seem do have had any effect. >>> >>> Can anyone assist in pointing me in a direction to fixing this? >>> >>> >>> Many thanks! >>> >>> ___ >>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >>> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >>> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>> List Archives: >>> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org >> ___ >> FreeIPA-users mailing list -- free
[Freeipa-users] Re: ipa server upgrade fails - dirsrv complains about Unknown attribute syntax OID
Yes, while in general upgrades should be possible, the big jump you made combined with a distro that isn’t as robust as say, CentOS or RHEL I’d suggest always simply rolling a replacement server to replace the old ones one by one. Also always run at least 2 servers with all the roles so you don’t end up in a situation where you cannot recover from a broken system. Keep in mind that enrolments and server replication only works as long as you have at least 1 functional server. John > On 29 May 2019, at 22:25, Darac Marjal via FreeIPA-users > wrote: > > Ah, is FreeIPA generally okay with servers being at different versions, > then? Could I upgrade by creating a new server, enrolling it as a > replica of then old server and then shut down the old server. Can I do > that as a general behaviour? > > On 29/05/2019 21:21, John Keates via FreeIPA-users wrote: >> I’d suggest creating a new server, enrolling it as a replica (well, it’s >> multi-master so technically it’s just another FreeIPA server) instead of >> upgrading. >> If you have other servers that still work, do that and nuke this one. If >> this is the last/only server you have, I’d restore it from backups (you have >> those, right?). >> >> If you neither have additional servers that work, nor backups, prepare for a >> nightmare. If you know ahead of time that rebuilding your IPA infrastructure >> might be a slight hassle yet only take an hour or so to re-enroll all hosts >> and reset your users, do that as it’ll be faster in many cases. >> >> John >> >>> On 29 May 2019, at 21:35, Darac Marjal via FreeIPA-users >>> wrote: >>> >>> Hello good people, >>> >>> Due to being unfamiliar with Fedora, my home FreeIPA server has been >>> languishing on Fedora version 25 for ages. I recently twigged that it >>> hadn't been updated in ages to upgraded to Fedora version 30. That >>> seemed to go OK, but now, when I try to run ipactl start, I get the >>> following: >>> >>> # ipactl start >>> IPA version error: data needs to be upgraded (expected version >>> '4.7.90.pre1-4.fc30', current version '4.4.4-1.fc25') >>> Automatically running upgrade, for details see /var/log/ipaupgrade.log >>> Be patient, this may take a few minutes. >>> Automatic upgrade failed: IPA server upgrade failed: Inspect >>> /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. >>> Unexpected error - see /var/log/ipaupgrade.log for details: >>> CalledProcessError: CalledProcessError(Command ['/bin/systemctl', >>> 'start', 'dirsrv@GHIBLI-DARAC-ORG-UK.service'] returned non-zero exit >>> status 1: 'Job for dirsrv@GHIBLI-DARAC-ORG-UK.service failed because the >>> control process exited with error code.\nSee "systemctl status >>> dirsrv@GHIBLI-DARAC-ORG-UK.service" and "journalctl -xe" for details.\n') >>> The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for >>> more information >>> >>> See the upgrade log for more details and/or run >>> /usr/sbin/ipa-server-upgrade again >>> Aborting ipactl >>> >>> Looking into the logs for dirsrv@, I see the following: >>> >>> May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: >>> [29/May/2019:20:30:52.917492045 +0100] - ERR - dse_read_one_file - The >>> entry cn=schema in file /usr/share/dirsrv/schema/00core.ldif (lineno: 1) >>> is invalid, error code > >>> May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: >>> [29/May/2019:20:30:52.989705116 +0100] - ERR - setup_internal_backends - >>> Please edit the file to correct the reported problems and then restart >>> the server. >>> May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: >>> dirsrv@GHIBLI-DARAC-ORG-UK.service: Main process exited, code=exited, >>> status=1/FAILURE >>> May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: >>> dirsrv@GHIBLI-DARAC-ORG-UK.service: Failed with result 'exit-code'. >>> May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: Failed to start >>> 389 Directory Server GHIBLI-DARAC-ORG-UK.. >>> >>> Now, in an attempt to fix this, I spun up a new VM, installed >>> freeipa-server and then copied /usr/share/dirsrv/schema/*.ldif over, but >>> that doesn't seem do have had any effect. >>> >>> Can anyone assist in pointing me in a direction to fixing this? >>> >>> >>> Many thanks! >>> >>> ___ >>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >>> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >>> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>> List Archives: >>> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org >> ___ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guideli
[Freeipa-users] Re: ipa server upgrade fails - dirsrv complains about Unknown attribute syntax OID
Ah, is FreeIPA generally okay with servers being at different versions, then? Could I upgrade by creating a new server, enrolling it as a replica of then old server and then shut down the old server. Can I do that as a general behaviour? On 29/05/2019 21:21, John Keates via FreeIPA-users wrote: > I’d suggest creating a new server, enrolling it as a replica (well, it’s > multi-master so technically it’s just another FreeIPA server) instead of > upgrading. > If you have other servers that still work, do that and nuke this one. If this > is the last/only server you have, I’d restore it from backups (you have > those, right?). > > If you neither have additional servers that work, nor backups, prepare for a > nightmare. If you know ahead of time that rebuilding your IPA infrastructure > might be a slight hassle yet only take an hour or so to re-enroll all hosts > and reset your users, do that as it’ll be faster in many cases. > > John > >> On 29 May 2019, at 21:35, Darac Marjal via FreeIPA-users >> wrote: >> >> Hello good people, >> >> Due to being unfamiliar with Fedora, my home FreeIPA server has been >> languishing on Fedora version 25 for ages. I recently twigged that it >> hadn't been updated in ages to upgraded to Fedora version 30. That >> seemed to go OK, but now, when I try to run ipactl start, I get the >> following: >> >> # ipactl start >> IPA version error: data needs to be upgraded (expected version >> '4.7.90.pre1-4.fc30', current version '4.4.4-1.fc25') >> Automatically running upgrade, for details see /var/log/ipaupgrade.log >> Be patient, this may take a few minutes. >> Automatic upgrade failed: IPA server upgrade failed: Inspect >> /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. >> Unexpected error - see /var/log/ipaupgrade.log for details: >> CalledProcessError: CalledProcessError(Command ['/bin/systemctl', >> 'start', 'dirsrv@GHIBLI-DARAC-ORG-UK.service'] returned non-zero exit >> status 1: 'Job for dirsrv@GHIBLI-DARAC-ORG-UK.service failed because the >> control process exited with error code.\nSee "systemctl status >> dirsrv@GHIBLI-DARAC-ORG-UK.service" and "journalctl -xe" for details.\n') >> The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for >> more information >> >> See the upgrade log for more details and/or run >> /usr/sbin/ipa-server-upgrade again >> Aborting ipactl >> >> Looking into the logs for dirsrv@, I see the following: >> >> May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: >> [29/May/2019:20:30:52.917492045 +0100] - ERR - dse_read_one_file - The >> entry cn=schema in file /usr/share/dirsrv/schema/00core.ldif (lineno: 1) >> is invalid, error code > >> May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: >> [29/May/2019:20:30:52.989705116 +0100] - ERR - setup_internal_backends - >> Please edit the file to correct the reported problems and then restart >> the server. >> May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: >> dirsrv@GHIBLI-DARAC-ORG-UK.service: Main process exited, code=exited, >> status=1/FAILURE >> May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: >> dirsrv@GHIBLI-DARAC-ORG-UK.service: Failed with result 'exit-code'. >> May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: Failed to start >> 389 Directory Server GHIBLI-DARAC-ORG-UK.. >> >> Now, in an attempt to fix this, I spun up a new VM, installed >> freeipa-server and then copied /usr/share/dirsrv/schema/*.ldif over, but >> that doesn't seem do have had any effect. >> >> Can anyone assist in pointing me in a direction to fixing this? >> >> >> Many thanks! >> >> ___ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: ipa server upgrade fails - dirsrv complains about Unknown attribute syntax OID
I’d suggest creating a new server, enrolling it as a replica (well, it’s multi-master so technically it’s just another FreeIPA server) instead of upgrading. If you have other servers that still work, do that and nuke this one. If this is the last/only server you have, I’d restore it from backups (you have those, right?). If you neither have additional servers that work, nor backups, prepare for a nightmare. If you know ahead of time that rebuilding your IPA infrastructure might be a slight hassle yet only take an hour or so to re-enroll all hosts and reset your users, do that as it’ll be faster in many cases. John > On 29 May 2019, at 21:35, Darac Marjal via FreeIPA-users > wrote: > > Hello good people, > > Due to being unfamiliar with Fedora, my home FreeIPA server has been > languishing on Fedora version 25 for ages. I recently twigged that it > hadn't been updated in ages to upgraded to Fedora version 30. That > seemed to go OK, but now, when I try to run ipactl start, I get the > following: > > # ipactl start > IPA version error: data needs to be upgraded (expected version > '4.7.90.pre1-4.fc30', current version '4.4.4-1.fc25') > Automatically running upgrade, for details see /var/log/ipaupgrade.log > Be patient, this may take a few minutes. > Automatic upgrade failed: IPA server upgrade failed: Inspect > /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. > Unexpected error - see /var/log/ipaupgrade.log for details: > CalledProcessError: CalledProcessError(Command ['/bin/systemctl', > 'start', 'dirsrv@GHIBLI-DARAC-ORG-UK.service'] returned non-zero exit > status 1: 'Job for dirsrv@GHIBLI-DARAC-ORG-UK.service failed because the > control process exited with error code.\nSee "systemctl status > dirsrv@GHIBLI-DARAC-ORG-UK.service" and "journalctl -xe" for details.\n') > The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for > more information > > See the upgrade log for more details and/or run > /usr/sbin/ipa-server-upgrade again > Aborting ipactl > > Looking into the logs for dirsrv@, I see the following: > > May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: > [29/May/2019:20:30:52.917492045 +0100] - ERR - dse_read_one_file - The > entry cn=schema in file /usr/share/dirsrv/schema/00core.ldif (lineno: 1) > is invalid, error code > > May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: > [29/May/2019:20:30:52.989705116 +0100] - ERR - setup_internal_backends - > Please edit the file to correct the reported problems and then restart > the server. > May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: > dirsrv@GHIBLI-DARAC-ORG-UK.service: Main process exited, code=exited, > status=1/FAILURE > May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: > dirsrv@GHIBLI-DARAC-ORG-UK.service: Failed with result 'exit-code'. > May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: Failed to start > 389 Directory Server GHIBLI-DARAC-ORG-UK.. > > Now, in an attempt to fix this, I spun up a new VM, installed > freeipa-server and then copied /usr/share/dirsrv/schema/*.ldif over, but > that doesn't seem do have had any effect. > > Can anyone assist in pointing me in a direction to fixing this? > > > Many thanks! > > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
