Hello, I'm running the following new versions:
|Installed packages freeipa-client.x86_64 4.12.2-13.fc42 updates freeipa-client-common.noarch 4.12.2-13.fc42 updates freeipa-common.noarch 4.12.2-13.fc42 updates freeipa-healthcheck.noarch 0.17-6.fc42 fedora freeipa-healthcheck-core.noarch 0.17-6.fc42 fedora freeipa-selinux.noarch 4.12.2-13.fc42 updates freeipa-server.x86_64 4.12.2-13.fc42 updates freeipa-server-common.noarch 4.12.2-13.fc42 updates freeipa-server-dns.noarch 4.12.2-13.fc42 updates libcamera-ipa.x86_64 0.4.0-4.fc42 fedora libipa_hbac.x86_64 2.10.2-3.fc42 fedora python3-ipaclient.noarch 4.12.2-13.fc42 updates|| ||python3-ipalib.noarch 4.12.2-13.fc42 updates| |ipactl status |reports the following: Directory Service: RUNNING krb5kdc Service: STOPPED kadmin Service: STOPPED named Service: STOPPED httpd Service: RUNNING ipa-custodia Service: STOPPED pki-tomcatd Service: RUNNING ipa-otpd Service: STOPPED ipa-ods-exporter Service: STOPPED ods-enforcerd Service: STOPPED ipa-dnskeysyncd Service: RUNNING 5 service(s) are not runningOn initial boot, the system started the FreeIPA upgrade, which got through all the certificate checks with no issues, then reports the following errors (with retry):
|2025-04-17T18:43:18Z INFO [Ensuring presence of included profiles]2025-04-17T18:43:18Z DEBUG Discovery: available servers for service 'CA' are phobos.ipa.ab-data.us 2025-04-17T18:43:18Z DEBUG Discovery: using phobos.ipa.ab-data.us for 'CA' service 2025-04-17T18:43:18Z DEBUG request GET https://phobos.ipa.ab-data.us:443/ca/rest/account/login
2025-04-17T18:43:18Z DEBUG request body '' 2025-04-17T18:43:18Z DEBUG response status 4042025-04-17T18:43:18Z DEBUG response headers Date: Thu, 17 Apr 2025 18:43:18 GMT Server: Apache/2.4.63 (Fedora Linux) OpenSSL/3.2.4 mod_wsgi/5.0.2 Python/3.13 mod_auth_gssapi/1.6.5
Content-Type: text/html;charset=utf-8 Content-Language: en Transfer-Encoding: chunked2025-04-17T18:43:18Z DEBUG response body (decoded): b'<!doctype html><html lang="en"><head><title>HTTP Status 404 \xe2\x80\x93 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 \xe2\x80\x93 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> The requested resource [/ca/rest/account/login] is not available</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.98</h3></body></html>' 2025-04-17T18:43:18Z DEBUG Overriding CA port: Failed to authenticate to CA REST API 2025-04-17T18:43:18Z DEBUG Profile 'KDCs_PKINIT_Certs' is already in LDAP; skipping 2025-04-17T18:43:18Z DEBUG Profile 'caIPAserviceCert' is already in LDAP; skipping 2025-04-17T18:43:18Z DEBUG Profile 'acmeIPAServerCert' is already in LDAP; skipping 2025-04-17T18:43:18Z DEBUG Profile 'IECUserRoles' is already in LDAP; skipping
2025-04-17T18:43:18Z INFO [Add default CA ACL]2025-04-17T18:43:18Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
2025-04-17T18:43:18Z INFO Default CA ACL already added2025-04-17T18:43:18Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2025-04-17T18:43:18Z DEBUG Discovery: available servers for service 'CA' are phobos.ipa.ab-data.us 2025-04-17T18:43:18Z DEBUG Discovery: using phobos.ipa.ab-data.us for 'CA' service 2025-04-17T18:43:18Z DEBUG request GET https://phobos.ipa.ab-data.us:8443/ca/rest/account/login
2025-04-17T18:43:18Z DEBUG request body '' 2025-04-17T18:43:18Z DEBUG response status 4042025-04-17T18:43:18Z DEBUG response headers Content-Type: text/html;charset=utf-8
Content-Language: en Content-Length: 784 Date: Thu, 17 Apr 2025 18:43:18 GMT2025-04-17T18:43:18Z DEBUG response body (decoded): b'<!doctype html><html lang="en"><head><title>HTTP Status 404 \xe2\x80\x93 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404 \xe2\x80\x93 Not Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> The requested resource [/ca/rest/account/login] is not available</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.98</h3></body></html>' 2025-04-17T18:43:18Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. 2025-04-17T18:43:18Z DEBUG File "/usr/lib/python3.13/site-packages/ipapython/admintool.py", line 219, in execute
return_value = self.run()File "/usr/lib/python3.13/site-packages/ipaserver/install/ipa_server_upgrade.py", line 54, in run
server.upgrade() ~~~~~~~~~~~~~~^^File "/usr/lib/python3.13/site-packages/ipaserver/install/server/upgrade.py", line 2097, in upgrade
upgrade_configuration() ~~~~~~~~~~~~~~~~~~~~~^^File "/usr/lib/python3.13/site-packages/ipaserver/install/server/upgrade.py", line 1958, in upgrade_configuration
cainstance.repair_profile_caIPAserviceCert() ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^File "/usr/lib/python3.13/site-packages/ipaserver/install/cainstance.py", line 2166, in repair_profile_caIPAserviceCert
with api.Backend.ra_certprofile as profile_api: ^^^^^^^^^^^^^^^^^^^^^^^^^^File "/usr/lib/python3.13/site-packages/ipaserver/plugins/dogtag.py", line 610, in __enter__ raise errors.RemoteRetrieveError(reason=_('Failed to authenticate to CA REST API'))
2025-04-17T18:43:18Z DEBUG The ipa-server-upgrade command failed, exception: RemoteRetrieveError: Failed to authenticate to CA REST API 2025-04-17T18:43:18Z ERROR Unexpected error - see /var/log/ipaupgrade.log for details:
RemoteRetrieveError: Failed to authenticate to CA REST API2025-04-17T18:43:18Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information|
Tomcat is active, all the certificates are current and in LDAP. I was unable to find anything similar in the archive. How to I go about getting this update to finish?
Best regards, Eric
binYaN_uQOU3t.bin
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
