Johannes Falke via FreeIPA-users wrote: > Ok, thanks for being my rubber duck. I solved it while preparing an > anonymized ipaupgrade.log for you. > > I noticed that the failure I was looking at was actually a secondary failure > after a first failed upgrade. The primary error was a result of a missing > caECAdminCert.cfg (https://bugzilla.redhat.com/show_bug.cgi?id=1836806) which > was apparently never patched for Fedora 29/30. Since I never saw the error > message from the first failed automatic ipa-server-upgrade during/after > Fedora release upgrade), I reran ipa-server-upgrade which then gave me a > different error (the one I was trying to debug above). > > At some point when previously trying to fix the installation after the failed > upgrade, I did see the caECAdminCert.cfg message, but I had tried adding the > file and re-running ipa-server-upgrade and it did not fix it. It turns out > that a failed ipa-server-upgrade is not rolled back and irreparably damages > the existing configuration - maybe this should be explicitly noted? > > After noticing what was happening today, I rolled back to my pre-upgrade > Fedora 29 snapshot, copied /usr/share/pki/ca/profiles/ca/caECAdminCert.cfg to > /var/lib/pki/pki-tomcat/ca/profiles/ca/ and then ran the Fedora 29 -> 30 > upgrade - something I now recall I had planned to do when I first saw that > error but forgot (since I was busy excluding a real PKI/certificate error).
That's great, I'm glad you got it fixed. Thanks for following up with the solution. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
