On tue may 4th 2021 at 15:25 Rob Crittenden <[email protected]> wrote:
>
> Does your CA otherwise start? You can pass --skip-version-check to
> ipactl to skip the version check and just start the services.
>
YES! It started just fine with --skip-version-check
YES! I have managed to get it upgraded. It seems to be some sort of
race condition and when adding two sleeps it upgraded without issues.
I've verified this using:
for i in {0..10}; do /sbin/ipa-server-upgrade --force --quiet; done
Without the sleeps I get all fails and with the sleeps all upgrades
were successful
I added the two time.sleep(10) in
/usr/lib/python3.6/site-packages/ipaserver/install/server/upgrade.py
around line 1560:
--------------------------------------------
# several upgrade steps require running CA. If CA is configured,
# always run ca.start() because we need to wait until CA is really ready
# by checking status using http
if ca.is_configured():
ca.start('pki-tomcat')
if kra.is_installed() and not kra.is_running():
# This is for future-proofing in case the KRA is ever standalone.
kra.start('pki-tomcat')
time.sleep(10)
certmonger_service = services.knownservices.certmonger
if ca.is_configured() and not certmonger_service.is_running():
certmonger_service.start()
time.sleep(10)
ca.unconfigure_certmonger_renewal_guard()
--------------------------------------------
Please let me know if you want me to try performing other tests?
-- john
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
