[Freeipa-users] IPA Update Problem

Georg Seyerl via FreeIPA-users Thu, 09 Jun 2022 03:40:05 -0700

Hi IPA Team,

after an IPA upgrade from version 4.9.6 to 4.9.8 I get the following error when 
I run ipa-server-upgrad manually:


2022-06-09T09:24:25Z DEBUG stderr=
2022-06-09T09:24:25Z DEBUG wait_for_open_ports: localhost [389] timeout 120
2022-06-09T09:24:25Z DEBUG waiting for port: 389
2022-06-09T09:24:25Z DEBUG Failed to connect to port 389 tcp on 127.0.0.1
2022-06-09T09:26:25Z ERROR IPA server upgrade failed: Inspect 
/var/log/ipaupgrade.log and run command ipa-server-upgrade manua
lly.
2022-06-09T09:26:25Z DEBUG   File 
"/usr/lib/python3.6/site-packages/ipapython/admintool.py", line 180, in execute
    return_value = self.run()
  File 
"/usr/lib/python3.6/site-packages/ipaserver/install/ipa_server_upgrade.py", 
line 54, in run
    server.upgrade()
  File "/usr/lib/python3.6/site-packages/ipaserver/install/server/upgrade.py", 
line 2011, in upgrade
    upgrade_configuration()
  File "/usr/lib/python3.6/site-packages/ipaserver/install/server/upgrade.py", 
line 1632, in upgrade_configuration
    ds.start(ds.serverid)
  File "/usr/lib/python3.6/site-packages/ipaserver/install/dsinstance.py", line 
643, in start
    instance_name, capture_output=capture_output, wait=wait
  File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line 
524, in start
    self.service.start(instance_name, capture_output=capture_output, wait=wait)
  File "/usr/lib/python3.6/site-packages/ipaplatform/redhat/services.py", line 
138, in start
    instance_name, capture_output=capture_output, wait=wait)
  File "/usr/lib/python3.6/site-packages/ipaplatform/base/services.py", line 
317, in start
    self.wait_for_open_ports(self.service_instance(instance_name))
  File "/usr/lib/python3.6/site-packages/ipaplatform/base/services.py", line 
286, in wait_for_open_ports
    self.api.env.startup_timeout)
  File "/usr/lib/python3.6/site-packages/ipapython/ipautil.py", line 1341, in 
wait_for_open_ports
    raise socket.timeout("Timeout exceeded")

2022-06-09T09:26:25Z DEBUG The ipa-server-upgrade command failed, exception: 
timeout: Timeout exceeded
2022-06-09T09:26:25Z ERROR Timeout exceeded
2022-06-09T09:26:25Z ERROR The ipa-server-upgrade command failed. See 
/var/log/ipaupgrade.log for more information



A subset of the upgraded packages:
   Upgrade       ipa-client-4.9.8-7.0.1.module+el8.6.0+20654+19b76db2.x86_64    
       @ol8_x86_64_appstream
   Upgraded      ipa-client-4.9.6-12.0.1.module+el8.5.0+20642+b228f286.x86_64   
       @@System
   Upgrade       
ipa-client-common-4.9.8-7.0.1.module+el8.6.0+20654+19b76db2.noarch    
@ol8_x86_64_appstream
   Upgraded      
ipa-client-common-4.9.6-12.0.1.module+el8.5.0+20642+b228f286.noarch   @@System
   Upgrade       ipa-common-4.9.8-7.0.1.module+el8.6.0+20654+19b76db2.noarch    
       @ol8_x86_64_appstream
   Upgraded      ipa-common-4.9.6-12.0.1.module+el8.5.0+20642+b228f286.noarch   
       @@System
   Upgrade       
ipa-healthcheck-core-0.7-10.module+el8.6.0+20578+18b36d36.noarch      
@ol8_x86_64_appstream
   Upgraded      
ipa-healthcheck-core-0.7-6.module+el8.5.0+20379+1b4496cf.noarch       @@System
   Upgrade       ipa-selinux-4.9.8-7.0.1.module+el8.6.0+20654+19b76db2.noarch   
       @ol8_x86_64_appstream
   Upgraded      ipa-selinux-4.9.6-12.0.1.module+el8.5.0+20642+b228f286.noarch  
       @@System
   Upgrade       ipa-server-4.9.8-7.0.1.module+el8.6.0+20654+19b76db2.x86_64    
       @ol8_x86_64_appstream
   Upgraded      ipa-server-4.9.6-12.0.1.module+el8.5.0+20642+b228f286.x86_64   
       @@System
   Upgrade       
ipa-server-common-4.9.8-7.0.1.module+el8.6.0+20654+19b76db2.noarch    
@ol8_x86_64_appstream
   Upgraded      
ipa-server-common-4.9.6-12.0.1.module+el8.5.0+20642+b228f286.noarch   @@System
   Upgrade       
ipa-server-trust-ad-4.9.8-7.0.1.module+el8.6.0+20654+19b76db2.x86_64  
@ol8_x86_64_appstream
   Upgraded      
ipa-server-trust-ad-4.9.6-12.0.1.module+el8.5.0+20642+b228f286.x86_64 @@System


We found the following error in the file /var/log/dirsrv/DOMAIN/errors
[09/Jun/2022:11:30:45.658955068 +0200] - ERR - set_krb5_creds - Could not get 
initial credentials for principal [ldap/fqdn-host@MYDOMAIN] in keytab 
[FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for requested
 realm)

In comparison with other IPA Servers the entries in the ds.keytab file looks 
fine.

Thanks
G
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] IPA Update Problem

Reply via email to