Thank you Rob.
I have inherited current setup and being new I took some time to understand and then attempt to upgrade. Certificate issue is on our second master, and having issue fixing that. I will submit separate thread for that. On ds01, certificates are all in MONITORING status. [root@ds01 ~]# ipa-getcert list Number of certificates and requests being tracked: 11. Request ID '20150203033017': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-ARTERIS-COM',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dirsrv/slapd-ARTERIS-COM/pwdfile.txt' certificate: type=NSSDB,location='/etc/dirsrv/slapd-ARTERIS-COM',nickname='Server-Cert',token='NSS Certificate DB' CA: IPA issuer: CN=Certificate Authority,O=ARTERIS.COM subject: CN=ds01.arteris.com,O=ARTERIS.COM expires: 2019-01-07 21:02:49 UTC principal name: ldap/ds01.arteris....@arteris.com key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save command: track: yes auto-renew: yes Request ID '20150203033320': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt' certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB' CA: IPA issuer: CN=Certificate Authority,O=ARTERIS.COM subject: CN=ds01.arteris.com,O=ARTERIS.COM expires: 2019-01-07 21:04:38 UTC principal name: HTTP/ds01.arteris....@arteris.com key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save command: track: yes auto-renew: yes As I didn't install the current setup, don't know why pki-tps-tomcat was installed. If not required, is it safe to remove the pki-tps-tomcat RPM and then attempt upgrade? Regards, Bhavin ________________________________ From: Rob Crittenden <rcrit...@redhat.com> Sent: Monday, July 24, 2017 7:46 AM To: FreeIPA users list Cc: Bhavin Vaidya Subject: Re: [Freeipa-users] FreeIPA upgrade Bhavin Vaidya via FreeIPA-users wrote: > Hello, > We are trying to upgrade FreeIPA- v4.1.3-1.el7 on our master server > which is CentOS 7.0.1406. > We were getting other conflict issues, which were fixed with updating yum. > > We are not able to go further without following Error, while both RPMs > in questions are already present and I can same message if tried to > update pki-server, while for pki-tps-tomcat it says nothing to update. > > We have CA certificate on our server ds01. > We are also not able to add a replica, because of some certificate issue. I'd fix the certificate issue(s) before trying to upgrade. You are asking for more trouble trying to upgrade an install that has issues. > > [root@ds01 pki-ca]# yum update freeipa-server > > <SNIP> > --> Finished Dependency Resolution > Error: Package: pki-tps-tomcat-10.1.2-7.1.el7.centos.noarch > (@mkosek-freeipa) > Requires: pki-server = 10.1.2-7.1.el7.centos > Removing: pki-server-10.1.2-7.1.el7.centos.noarch > (@mkosek-freeipa) I don't believe that pki-tps-tomcat is required for IPA. I'm concerned that you have unofficial bits installed though. Was this to temporarily work around some issue? rob > pki-server = 10.1.2-7.1.el7.centos > Updated By: pki-server-10.3.3-19.el7_3.noarch (updates) > pki-server = 10.3.3-19.el7_3 > Available: pki-server-10.3.3-10.el7.noarch (base) > pki-server = 10.3.3-10.el7 > Available: pki-server-10.3.3-14.el7_3.noarch (updates) > pki-server = 10.3.3-14.el7_3 > Available: pki-server-10.3.3-16.el7_3.noarch (updates) > pki-server = 10.3.3-16.el7_3 > Available: pki-server-10.3.3-17.el7_3.noarch (updates) > pki-server = 10.3.3-17.el7_3 > Available: pki-server-10.3.3-18.el7_3.noarch (updates) > pki-server = 10.3.3-18.el7_3 > You could try using --skip-broken to work around the problem > You could try running: rpm -Va --nofiles --nodigest > [root@ds01 pki-ca]# rpm -qa | grep pki-server > pki-server-10.1.2-7.1.el7.centos.noarch > dogtag-pki-server-theme-10.1.1-1.el7.centos.noarch > [root@ds01 pki-ca]# rpm -qa | grep pki-tps-tomcat > pki-tps-tomcat-10.1.2-7.1.el7.centos.noarch > > Thank you and with regards, > Bhavin > > > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
