Hi Florence, Thanks for the email.
I am on CentOS 7 system and would like to use yum to go for the Upgrade. I beleive dnf is intended for Fedora. Can you please provide me a solution for CentOS on the Upgrade process. Regards, Alka Murali On Thu, Sep 28, 2017 at 4:58 PM, Florence Blanc-Renaud <[email protected]> wrote: > On 09/28/2017 09:52 AM, Alka Murali wrote: > >> Hi Florence, >> >> Thanks for the reply. >> >> However do you mean that I need to create a new repo file for Version 4.6 >> and try the Upgrade? Or do you mean that I need to remove the current >> installation and go for a fresh install? >> >> Hi, > > the easiest path is to do: > sudo dnf copr enable @freeipa/freeipa-4-6 > sudo dnf update freeipa-server > > This will upgrade your existing installation to FreeIPA 4.6. > > HTH, > Flo > > Regards, >> Alka Murali >> >> >> On Thu, Sep 28, 2017 at 3:43 PM, Florence Blanc-Renaud <[email protected] >> <mailto:[email protected]>> wrote: >> >> On 09/28/2017 04:12 AM, Alka Murali wrote: >> >> Hi Florence, >> >> Thanks for the email. As you have mentioned, I tried updating >> the corresponding python files under IPA Server and tried for >> the Upgrade. >> >> Hi, >> >> do you mean that you manually edited the python files? In this case >> it is likely that some files were forgotten. The patch for 4-5 >> branch is >> https://pagure.io/freeipa/c/52853875e298e38a1e5a9a56c02aac9e30916044 >> <https://pagure.io/freeipa/c/52853875e298e38a1e5a9a56c02aac9e30916044 >> > >> but may depend on other commits applied on the branch between the >> 4.5.3 release and the patch. >> >> For consistency, I'd rather recommend to upgrade the packages to 4.6 >> (available in the copr repo @freeipa/freeipa-4-6 for fedora 26 and >> fedora27). >> >> Flo >> >> However I was getting the error below: >> >> ----- >> >> ipa.ipaserver.install.ipa_server_upgrade.ServerUpgrade: DEBUG: >> File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", >> line 172, in execute >> >> return_value = self.run() >> >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_ >> server_upgrade.py", >> line 46, in run >> >> server.upgrade() >> >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/server/ >> upgrade.py", >> line 1913, in upgrade >> >> upgrade_configuration() >> >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/server/ >> upgrade.py", >> line 1788, in upgrade_configuration >> >> certificate_renewal_update(ca, ds, http), >> >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/server/ >> upgrade.py", >> line 966, in certificate_renewal_update >> >> 'cert-nickname': ds.get_server_cert_nickname(serverid), >> >> >> ipa.ipaserver.install.ipa_server_upgrade.ServerUpgrade: DEBUG: >> The ipa-server-upgrade command failed, exception: >> AttributeError: 'DsInstance' object has no attribute >> 'get_server_cert_nickname' >> >> ipa.ipaserver.install.ipa_server_upgrade.ServerUpgrade: ERROR: >> Unexpected error - see /var/log/ipaupgrade.log for details: >> >> AttributeError: 'DsInstance' object has no attribute >> 'get_server_cert_nickname' >> >> ipa.ipaserver.install.ipa_server_upgrade.ServerUpgrade: ERROR: >> The ipa-server-upgrade command failed. See >> /var/log/ipaupgrade.log for more information >> >> ------ >> >> So do I need to define "get_server_cert_nickname" in certs.py >> script too. >> >> >> Awaiting your reply. >> >> >> Thanks and Regards, >> >> Alka Murali >> >> >> On Tue, Sep 26, 2017 at 5:01 PM, Florence Blanc-Renaud >> <[email protected] <mailto:[email protected]> <mailto:[email protected] >> >> <mailto:[email protected]>>> wrote: >> >> On 09/26/2017 05:18 AM, Alka Murali via FreeIPA-users wrote: >> >> Hello, >> >> Currently my server is running on IPA Server Version >> 4.4. I have >> tried to upgrade the Version to 4.5 using the >> ipa-server-upgrade >> command and got ended with the following error: >> >> >> -------- >> >> 2017-09-26T02:27:32Z DEBUG stderr= >> >> 2017-09-26T02:27:50Z DEBUG Loading Index file from >> '/var/lib/ipa/sysrestore/sysrestore.index' >> >> 2017-09-26T02:27:53Z DEBUG Starting external process >> >> 2017-09-26T02:27:53Z DEBUG args=/usr/bin/certutil -d >> /etc/dirsrv/slapd-LGA-NET-SG -L -n Server-Cert -a -f >> /etc/dirsrv/slapd-LGA-NET-SG/pwdfile.txt >> >> 2017-09-26T02:27:56Z DEBUG Process finished, return >> code=255 >> >> 2017-09-26T02:27:56Z DEBUG stdout= >> >> 2017-09-26T02:27:56Z DEBUG stderr=certutil: Could not >> find cert: >> Server-Cert >> >> : PR_FILE_NOT_FOUND_ERROR: File not found >> >> >> 2017-09-26T02:27:56Z ERROR IPA server upgrade failed: >> Inspect >> /var/log/ipaupgrade.log and run command >> ipa-server-upgrade manually. >> >> 2017-09-26T02:27:56Z DEBUG File >> >> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", >> line >> 172, in execute >> >> return_value = self.run() >> >> File >> "/usr/lib/python2.7/site-packa >> ges/ipaserver/install/ipa_server_upgrade.py", >> line 46, in run >> >> server.upgrade() >> >> File >> "/usr/lib/python2.7/site-packa >> ges/ipaserver/install/server/upgrade.py", >> line 1913, in upgrade >> >> upgrade_configuration() >> >> File >> "/usr/lib/python2.7/site-packa >> ges/ipaserver/install/server/upgrade.py", >> line 1788, in upgrade_configuration >> >> certificate_renewal_update(ca, ds, http), >> >> File >> "/usr/lib/python2.7/site-packa >> ges/ipaserver/install/server/upgrade.py", >> line 1018, in certificate_renewal_update >> >> ds.start_tracking_certificates(serverid) >> >> File >> "/usr/lib/python2.7/site-packa >> ges/ipaserver/install/dsinstance.py", >> line 1046, in start_tracking_certificates >> >> 'restart_dirsrv %s' % serverid) >> >> File >> "/usr/lib/python2.7/site-packa >> ges/ipaserver/install/certs.py", >> line 362, in track_server_cert >> >> cert_obj = x509.load_certificate(cert) >> >> File "/usr/lib/python2.7/site-packages/ipalib/x509.py", >> line >> 119, in load_certificate >> >> return cryptography.x509.load_der_x509_certificate(data, >> default_backend()) >> >> File >> "/usr/lib64/python2.7/site-pac >> kages/cryptography/x509/base.py", >> line 47, in load_der_x509_certificate >> >> return backend.load_der_x509_certificate(data) >> >> File >> "/usr/lib64/python2.7/site-pac >> kages/cryptography/hazmat/backends/multibackend.py", >> line 350, in load_der_x509_certificate >> >> return b.load_der_x509_certificate(data) >> >> File >> "/usr/lib64/python2.7/site-pac >> kages/cryptography/hazmat/backends/openssl/backend.py", >> line 1185, in load_der_x509_certificate >> >> raise ValueError("Unable to load certificate") >> >> >> 2017-09-26T02:27:56Z DEBUG The ipa-server-upgrade command >> failed, exception: ValueError: Unable to load certificate >> >> 2017-09-26T02:27:56Z ERROR Unexpected error - see >> /var/log/ipaupgrade.log for details: >> >> ValueError: Unable to load certificate >> >> 2017-09-26T02:27:56Z ERROR The ipa-server-upgrade command >> failed. See /var/log/ipaupgrade.log for more information >> >> ------- >> >> I am using a third party signed certificate along with my >> IPA-CA. Is it an issue with my current CA. I can see >> that while >> fetching for the certificate, the name given to be >> "Server-cert" >> instead of the exact CA name. >> >> >> -- Regards, >> Alka Murali >> >> >> _______________________________________________ >> FreeIPA-users mailing list -- >> [email protected] >> <mailto:[email protected]> >> <mailto:[email protected] >> <mailto:[email protected]>> >> To unsubscribe send an email to >> [email protected] >> <mailto:[email protected]> >> <mailto:[email protected] >> <mailto:[email protected]>> >> >> Hi, >> >> you are probably hitting issue 7141 [1]. The upgrade is >> trying to >> track the HTTPd/LDAP server certificates but shouldn't if >> they were >> issued by an external CA. >> >> The fix is available in FreeIPA 4.6.1 [2] >> >> HTH, >> Flo >> >> [1] https://pagure.io/freeipa/issue/7141 >> <https://pagure.io/freeipa/issue/7141> >> <https://pagure.io/freeipa/issue/7141 >> <https://pagure.io/freeipa/issue/7141>> >> [2] http://www.freeipa.org/page/Releases/4.6.1 >> <http://www.freeipa.org/page/Releases/4.6.1> >> <http://www.freeipa.org/page/Releases/4.6.1 >> <http://www.freeipa.org/page/Releases/4.6.1>> >> >> >> >> >> -- Regards, >> Alka Murali >> >> >> >> >> >> -- >> Regards, >> Alka Murali >> > > -- Regards, Alka Murali
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
