Hi Florence,

Thanks for the email.

I am on CentOS 7 system and would like to use yum to go for the Upgrade. I
beleive dnf is intended for Fedora. Can you please provide me a solution
for CentOS on the Upgrade process.

Regards,
Alka Murali


On Thu, Sep 28, 2017 at 4:58 PM, Florence Blanc-Renaud <f...@redhat.com>
wrote:

> On 09/28/2017 09:52 AM, Alka Murali wrote:
>
>> Hi Florence,
>>
>> Thanks for the reply.
>>
>> However do you mean that I need to create a new repo file for Version 4.6
>> and try the Upgrade? Or do you mean that I need to remove the current
>> installation and go for a fresh install?
>>
>> Hi,
>
> the easiest path is to do:
> sudo dnf copr enable @freeipa/freeipa-4-6
> sudo dnf update freeipa-server
>
> This will upgrade your existing installation to FreeIPA 4.6.
>
> HTH,
> Flo
>
> Regards,
>> Alka Murali
>>
>>
>> On Thu, Sep 28, 2017 at 3:43 PM, Florence Blanc-Renaud <f...@redhat.com
>> <mailto:f...@redhat.com>> wrote:
>>
>>     On 09/28/2017 04:12 AM, Alka Murali wrote:
>>
>>         Hi Florence,
>>
>>         Thanks for the email. As you have mentioned, I tried updating
>>         the corresponding python files under IPA Server and tried for
>>         the Upgrade.
>>
>>     Hi,
>>
>>     do you mean that you manually edited the python files? In this case
>>     it is likely that some files were forgotten. The patch for 4-5
>>     branch is
>>     https://pagure.io/freeipa/c/52853875e298e38a1e5a9a56c02aac9e30916044
>>     <https://pagure.io/freeipa/c/52853875e298e38a1e5a9a56c02aac9e30916044
>> >
>>     but may depend on other commits applied on the branch between the
>>     4.5.3 release and the patch.
>>
>>     For consistency, I'd rather recommend to upgrade the packages to 4.6
>>     (available in the copr repo @freeipa/freeipa-4-6 for fedora 26 and
>>     fedora27).
>>
>>     Flo
>>
>>         However I was getting the error below:
>>
>>         -----
>>
>>         ipa.ipaserver.install.ipa_server_upgrade.ServerUpgrade: DEBUG:
>>         File "/usr/lib/python2.7/site-packages/ipapython/admintool.py",
>>         line 172, in execute
>>
>>         return_value = self.run()
>>
>>         File
>>         "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_
>> server_upgrade.py",
>>         line 46, in run
>>
>>         server.upgrade()
>>
>>         File
>>         "/usr/lib/python2.7/site-packages/ipaserver/install/server/
>> upgrade.py",
>>         line 1913, in upgrade
>>
>>         upgrade_configuration()
>>
>>         File
>>         "/usr/lib/python2.7/site-packages/ipaserver/install/server/
>> upgrade.py",
>>         line 1788, in upgrade_configuration
>>
>>         certificate_renewal_update(ca, ds, http),
>>
>>         File
>>         "/usr/lib/python2.7/site-packages/ipaserver/install/server/
>> upgrade.py",
>>         line 966, in certificate_renewal_update
>>
>>         'cert-nickname': ds.get_server_cert_nickname(serverid),
>>
>>
>>         ipa.ipaserver.install.ipa_server_upgrade.ServerUpgrade: DEBUG:
>>         The ipa-server-upgrade command failed, exception:
>>         AttributeError: 'DsInstance' object has no attribute
>>         'get_server_cert_nickname'
>>
>>         ipa.ipaserver.install.ipa_server_upgrade.ServerUpgrade: ERROR:
>>         Unexpected error - see /var/log/ipaupgrade.log for details:
>>
>>         AttributeError: 'DsInstance' object has no attribute
>>         'get_server_cert_nickname'
>>
>>         ipa.ipaserver.install.ipa_server_upgrade.ServerUpgrade: ERROR:
>>         The ipa-server-upgrade command failed. See
>>         /var/log/ipaupgrade.log for more information
>>
>>         ------
>>
>>         So do I need to define "get_server_cert_nickname"  in certs.py
>>         script too.
>>
>>
>>         Awaiting your reply.
>>
>>
>>         Thanks and Regards,
>>
>>         Alka Murali
>>
>>
>>         On Tue, Sep 26, 2017 at 5:01 PM, Florence Blanc-Renaud
>>         <f...@redhat.com <mailto:f...@redhat.com> <mailto:f...@redhat.com
>>
>>         <mailto:f...@redhat.com>>> wrote:
>>
>>              On 09/26/2017 05:18 AM, Alka Murali via FreeIPA-users wrote:
>>
>>                  Hello,
>>
>>                  Currently my server is running on IPA Server Version
>>         4.4. I have
>>                  tried to upgrade the Version to 4.5 using the
>>         ipa-server-upgrade
>>                  command and got ended with the following error:
>>
>>
>>                  --------
>>
>>                  2017-09-26T02:27:32Z DEBUG stderr=
>>
>>                  2017-09-26T02:27:50Z DEBUG Loading Index file from
>>                  '/var/lib/ipa/sysrestore/sysrestore.index'
>>
>>                  2017-09-26T02:27:53Z DEBUG Starting external process
>>
>>                  2017-09-26T02:27:53Z DEBUG args=/usr/bin/certutil -d
>>                  /etc/dirsrv/slapd-LGA-NET-SG -L -n Server-Cert -a -f
>>                  /etc/dirsrv/slapd-LGA-NET-SG/pwdfile.txt
>>
>>                  2017-09-26T02:27:56Z DEBUG Process finished, return
>>         code=255
>>
>>                  2017-09-26T02:27:56Z DEBUG stdout=
>>
>>                  2017-09-26T02:27:56Z DEBUG stderr=certutil: Could not
>>         find cert:
>>                  Server-Cert
>>
>>                  : PR_FILE_NOT_FOUND_ERROR: File not found
>>
>>
>>                  2017-09-26T02:27:56Z ERROR IPA server upgrade failed:
>>         Inspect
>>                  /var/log/ipaupgrade.log and run command
>>         ipa-server-upgrade manually.
>>
>>                  2017-09-26T02:27:56Z DEBUG File
>>                         
>> "/usr/lib/python2.7/site-packages/ipapython/admintool.py",
>> line
>>                  172, in execute
>>
>>                  return_value = self.run()
>>
>>                  File
>>                         "/usr/lib/python2.7/site-packa
>> ges/ipaserver/install/ipa_server_upgrade.py",
>>                  line 46, in run
>>
>>                  server.upgrade()
>>
>>                  File
>>                         "/usr/lib/python2.7/site-packa
>> ges/ipaserver/install/server/upgrade.py",
>>                  line 1913, in upgrade
>>
>>                  upgrade_configuration()
>>
>>                  File
>>                         "/usr/lib/python2.7/site-packa
>> ges/ipaserver/install/server/upgrade.py",
>>                  line 1788, in upgrade_configuration
>>
>>                  certificate_renewal_update(ca, ds, http),
>>
>>                  File
>>                         "/usr/lib/python2.7/site-packa
>> ges/ipaserver/install/server/upgrade.py",
>>                  line 1018, in certificate_renewal_update
>>
>>                  ds.start_tracking_certificates(serverid)
>>
>>                  File
>>                         "/usr/lib/python2.7/site-packa
>> ges/ipaserver/install/dsinstance.py",
>>                  line 1046, in start_tracking_certificates
>>
>>                  'restart_dirsrv %s' % serverid)
>>
>>                  File
>>                         "/usr/lib/python2.7/site-packa
>> ges/ipaserver/install/certs.py",
>>                  line 362, in track_server_cert
>>
>>                  cert_obj = x509.load_certificate(cert)
>>
>>                  File "/usr/lib/python2.7/site-packages/ipalib/x509.py",
>>         line
>>                  119, in load_certificate
>>
>>                  return cryptography.x509.load_der_x509_certificate(data,
>>                  default_backend())
>>
>>                  File
>>                         "/usr/lib64/python2.7/site-pac
>> kages/cryptography/x509/base.py",
>>                  line 47, in load_der_x509_certificate
>>
>>                  return backend.load_der_x509_certificate(data)
>>
>>                  File
>>                         "/usr/lib64/python2.7/site-pac
>> kages/cryptography/hazmat/backends/multibackend.py",
>>                  line 350, in load_der_x509_certificate
>>
>>                  return b.load_der_x509_certificate(data)
>>
>>                  File
>>                         "/usr/lib64/python2.7/site-pac
>> kages/cryptography/hazmat/backends/openssl/backend.py",
>>                  line 1185, in load_der_x509_certificate
>>
>>                  raise ValueError("Unable to load certificate")
>>
>>
>>                  2017-09-26T02:27:56Z DEBUG The ipa-server-upgrade command
>>                  failed, exception: ValueError: Unable to load certificate
>>
>>                  2017-09-26T02:27:56Z ERROR Unexpected error - see
>>                  /var/log/ipaupgrade.log for details:
>>
>>                  ValueError: Unable to load certificate
>>
>>                  2017-09-26T02:27:56Z ERROR The ipa-server-upgrade command
>>                  failed. See /var/log/ipaupgrade.log for more information
>>
>>                  -------
>>
>>                  I am using a third party signed certificate along with my
>>                  IPA-CA. Is it an issue with my current CA. I can see
>>         that while
>>                  fetching for the certificate, the name given to be
>>         "Server-cert"
>>                  instead of the exact CA name.
>>
>>
>>                  --         Regards,
>>                  Alka Murali
>>
>>
>>                  _______________________________________________
>>                  FreeIPA-users mailing list --
>>         freeipa-users@lists.fedorahosted.org
>>         <mailto:freeipa-users@lists.fedorahosted.org>
>>                  <mailto:freeipa-users@lists.fedorahosted.org
>>         <mailto:freeipa-users@lists.fedorahosted.org>>
>>                  To unsubscribe send an email to
>>         freeipa-users-le...@lists.fedorahosted.org
>>         <mailto:freeipa-users-le...@lists.fedorahosted.org>
>>                  <mailto:freeipa-users-le...@lists.fedorahosted.org
>>         <mailto:freeipa-users-le...@lists.fedorahosted.org>>
>>
>>              Hi,
>>
>>              you are probably hitting issue 7141 [1]. The upgrade is
>>         trying to
>>              track the HTTPd/LDAP server certificates but shouldn't if
>>         they were
>>              issued by an external CA.
>>
>>              The fix is available in FreeIPA 4.6.1 [2]
>>
>>              HTH,
>>              Flo
>>
>>              [1] https://pagure.io/freeipa/issue/7141
>>         <https://pagure.io/freeipa/issue/7141>
>>              <https://pagure.io/freeipa/issue/7141
>>         <https://pagure.io/freeipa/issue/7141>>
>>              [2] http://www.freeipa.org/page/Releases/4.6.1
>>         <http://www.freeipa.org/page/Releases/4.6.1>
>>              <http://www.freeipa.org/page/Releases/4.6.1
>>         <http://www.freeipa.org/page/Releases/4.6.1>>
>>
>>
>>
>>
>>         --         Regards,
>>         Alka Murali
>>
>>
>>
>>
>>
>> --
>> Regards,
>> Alka Murali
>>
>
>


-- 
Regards,
Alka Murali
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to