I tried this, but no joy:

# /usr/sbin/ipa-upgradeconfig --debug
validity range is 720
INFO: [Certificate renewal should stop the CA]
ERROR: Unable to find certmonger request ID for auditSigning Cert
INFO: The ipa-upgradeconfig command was successful

But I still can't connect to http://ipamaster/ipa/ui/; I get a 903 error
every time, and /var/log/httpd/error_log shows, in part:

[Tue Aug 13 13:07:20.786566 2013] [:error] [pid 5890] KeyError: 'ipadnszone'
[Tue Aug 13 13:07:20.786717 2013] [:error] [pid 5890] ipa: INFO:
br...@foo.net: json_metadata(None, None, object=u'all'): KeyError
[Tue Aug 13 13:07:21.001525 2013] [:error] [pid 5890] ipa: INFO:
br...@foo.net: json_metadata(None, None, command=u'all'): SUCCESS

DNS resolution, authentication and authorization all *appear* to be working

*Bret Wortman*


On Tue, Aug 13, 2013 at 10:29 AM, Bret Wortman <bret.wort...@damascusgrp.com
> wrote:

> I just upgraded my IPA master from F17 to F18 and, in the process, updated
> IPA to 3.1.5-1. Apparently, though, all is not well, because there are a
> number of errors in 
> /var/log/ipaupgrade.log<http://bl-1.com/click/load/BzZcbVU2VmpTOwFsCD4-b0231>,
> mostly related to things like (samples here; the server is on a private
> network so I'm having to transcribe, if it looks like a typo, it probably
> is):
> ERROR Cannot connect to LDAP to add DNS records: cannot connect to
> u'ldapi://%2fvar%2run%2fslapd-FOO-NET.socket': LDAP Server Down
> ERROR certmonger failed to start tracking certificate: Command
> '/usr/bin/getcert start-tracking -d /var/lib/pki-ca/alias -n
> auditSigningCert cert-pki-ca -c dogtag-ipa-retrieve-agent-submit -B
> /usr/lib64/ipa/certmonger/stop_pkicad -C
> /usr/lib64/ipa/certmonger/restart_pkicad "auditSigningCert cert-pki-ca" -P
> XXXXXXXX -T  auditSigningCert cert-pki-ca' returned non-zero exit status 1
> and numerous certmonger errors similar to this one. Finally, there's a
> stacktrace from 
> ipapython/admintool.py<http://bl-1.com/click/load/BzYIOV0-b0221AT1QOFc6BjE-b0231>,
> line 171 which ends the whole thing.
> What's my best plan for re-attempting this upgrade?
> *
> *
> *Bret Wortman*
> http://damascusgrp.com/<http://bl-1.com/click/load/VWQAMVQ3UGxVPQBtADQ-b0231>
> http://about.me/wortmanbret<http://bl-1.com/click/load/XWwMPV0-b0221UW0CagZrBjM-b0231>
Freeipa-users mailing list

Reply via email to