John Obaterspok via FreeIPA-users wrote: > On tue may 4th 2021 at 15:25 Rob Crittenden <[email protected]> wrote: >> >> Does your CA otherwise start? You can pass --skip-version-check to >> ipactl to skip the version check and just start the services. >> > > YES! It started just fine with --skip-version-check > YES! I have managed to get it upgraded. It seems to be some sort of > race condition and when adding two sleeps it upgraded without issues. > > I've verified this using: > for i in {0..10}; do /sbin/ipa-server-upgrade --force --quiet; done > > Without the sleeps I get all fails and with the sleeps all upgrades > were successful > > I added the two time.sleep(10) in > /usr/lib/python3.6/site-packages/ipaserver/install/server/upgrade.py > around line 1560: > -------------------------------------------- > # several upgrade steps require running CA. If CA is configured, > # always run ca.start() because we need to wait until CA is really ready > # by checking status using http > if ca.is_configured(): > ca.start('pki-tomcat') > if kra.is_installed() and not kra.is_running(): > # This is for future-proofing in case the KRA is ever standalone. > kra.start('pki-tomcat') > > time.sleep(10) > > certmonger_service = services.knownservices.certmonger > if ca.is_configured() and not certmonger_service.is_running(): > certmonger_service.start() > > time.sleep(10) > > ca.unconfigure_certmonger_renewal_guard() > -------------------------------------------- > > Please let me know if you want me to try performing other tests?
It seems similar to https://bugzilla.redhat.com/show_bug.cgi?id=1956991 but in that case the CA does not seem to recover. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
