Ian, 

Sorry for the late response.  Just saw this email.

I'm surprised that you were able to update your machine to F19.  We
explicitly put in spec file logic to do a pre-trans check to see if you
had dogtag 9 system instances before updating to f19.  This was to
prevent people from getting into a situation where there installation
was broken.

The issue is that dogtag 9 instances use tomcat 6, and tomcat 6 is no
longer in fedora 19.  Dogtag 10 instances, on the other hand, use tomcat
7.  The two instance types are therefore incompatible.

The suggestion therefore would have been to create a replica of the ipa
master prior to doing the upgrade to F19.  In fact, you could have just
installed a brand new f19 machine and then created a replica (and then
shut down the old machine).

Seeing as you have somehow upgraded your machine to F19, we need to try
and get your system back up.  For that, you need to follow the
instructions in "Workaround" ie. installing tomcat6 and downgrading
tomcatjss to the version in f18.  That will hopefully get your CA up and
running.  At that point, it is highly recommended that you use ipa
utilities to create a replica and use that instead.

Ade

On Mon, 2013-07-15 at 17:47 +0200, Martin Kosek wrote:
> On 07/13/2013 05:28 AM, Ian Chapman wrote:
> > Hi,
> > 
> > I've just recently upgrade my F18 server to F19 and IPA is failing to start:
> > 
> > Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Aborting ipactl
> > Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Starting Directory Service
> > Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Starting krb5kdc Service
> > Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Starting kadmin Service
> > Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Starting ipa_memcached 
> > Service
> > Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Starting httpd Service
> > Jul 13 10:52:30 rex.homenet.lan ipactl[98002]: Starting pki-cad Service
> > Jul 13 10:52:30 rex.homenet.lan systemd[1]: ipa.service: main process 
> > exited,
> > code=exited, status=1/FAILURE
> > Jul 13 10:52:30 rex.homenet.lan systemd[1]: Failed to start Identity, 
> > Policy,
> > Audit.
> > Jul 13 10:52:30 rex.homenet.lan systemd[1]: Unit ipa.service entered failed 
> > state.
> > 
> > 
> > 
> > It seems that the pki-cad service fails to start. Is that in relation to 
> > dogtag
> > upgrade of 9 to 10 or possibly another problem?
> > 
> > There is of course this page:
> > 
> > http://pki.fedoraproject.org/wiki/Migrating_Dogtag_9_Instances_to_Dogtag_10
> > 
> > but frankly I don't really understand it. Well I get that the idea is to 
> > create
> > a new pki cloned instance which would be dogtag 10 compatible and then 
> > delete
> > the old one - I'm really don't know what I'm supposed to put in the
> > configuration file. Has anybody else done this? Is there some more examples?
> > Thanks.
> > 
> > 
> > The status of pki-cad is:
> > 
> > systemctl status pki-cad@pki-ca.service
> > pki-cad@pki-ca.service - PKI Certificate Authority Server pki-ca
> >    Loaded: loaded (/usr/lib/systemd/system/pki-cad@.service; enabled)
> >    Active: failed (Result: exit-code) since Sat 2013-07-13 10:54:23 WST; 
> > 30min ago
> >   Process: 98170 ExecStart=/usr/bin/pkicontrol start ca %i (code=exited,
> > status=1/FAILURE)
> > 
> > Jul 13 10:54:23 rex.homenet.lan systemd[1]: Starting PKI Certificate 
> > Authority
> > Server pki-ca...
> > Jul 13 10:54:23 rex.homenet.lan pkicontrol[98170]: WARNING:  Symbolic link
> > '/var/lib/pki-ca/pki-ca' does NOT exist!
> > Jul 13 10:54:23 rex.homenet.lan pkicontrol[98170]: INFO:  Attempting to 
> > create
> > '/var/lib/pki-ca/pki-ca' -> '/usr/sbin/tomcat6-sysd' . . .
> > Jul 13 10:54:23 rex.homenet.lan pkicontrol[98170]: ERROR:  Failed making
> > '/var/lib/pki-ca/pki-ca' -> '/usr/sbin/tomcat6-sysd' since target 
> > '/usr/sb...T
> > exist!
> > Jul 13 10:54:23 rex.homenet.lan systemd[1]: pki-cad@pki-ca.service: control
> > process exited, code=exited status=1
> > Jul 13 10:54:23 rex.homenet.lan systemd[1]: Failed to start PKI Certificate
> > Authority Server pki-ca.
> > Jul 13 10:54:23 rex.homenet.lan systemd[1]: Unit pki-cad@pki-ca.service 
> > entered
> > failed state.
> >
> 
> Adding PKI/Dogtag developers to CC to advise.
> 
> Martin


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to