You're right duh I should read more carefully and not try to do to many things at once.
when using the dns principal and keytab the entries are not found. How do i fix the access controll instructions ? I can revert back easely and try a different aproach for the upgrade if you know one (I really started to appreciate snapshots with this upgrade :-) Rob 2014-10-29 14:50 GMT+01:00 Petr Spacek <pspa...@redhat.com>: > On 29.10.2014 14:32, Rob Verduijn wrote: > >> I've checked and I see a lot of objects representing my dns entries. >> Still I get no answers if i try to resolve any of them :( >> > > Are you running ldapsearch with *exactly* same credentials as you have in > /etc/named.conf? > > Could you post dynamic-db section from your named.conf? > > Petr^2 Spacek > > > Rob >> >> 2014-10-29 13:28 GMT+01:00 Petr Spacek <pspa...@redhat.com>: >> >> On 28.10.2014 18:42, Rob Verduijn wrote: >>> >>> before the update its 4.5-1.fc20.x86_64.rpm from fedora 20 updates repo >>>> after the update its 6.0-5.fc20.x86_64.rpm from copr repo >>>> >>>> Regards >>>> Rob >>>> >>>> >>>> 2014-10-28 17:58 GMT+01:00 Martin Basti <mba...@redhat.com>: >>>> >>>> On 28/10/14 16:10, Rob Verduijn wrote: >>>> >>>>> >>>>> Hello all, >>>>> >>>>> I've been digging into my problem of being unable to update from >>>>> 3.3.5 >>>>> to 4.1 >>>>> >>>>> First I add the repo from copr >>>>> >>>>> Then I used to update it by issueing 'yum update' which resulted >>>>> in an >>>>> update in which my local dns zone entries no longer resolved. >>>>> >>>>> So i tried the instructions mentioned on the site : >>>>> yum update freeipa-server >>>>> And this failed with a conflict in >>>>> >>>>> bind-32:9.9.4-18.fc20.1.pkcs11.x86_64 and >>>>> bind-utils-32:9.9.4-15.P2.fc20.x86_64 >>>>> >>>>> I noticed the new bind comes from the copr repo and the old bind >>>>> utils >>>>> from fedora. >>>>> >>>>> So I first run 'yum update bind-utils -y' >>>>> Then I ran yum update freeipa-server >>>>> and see it fail with errors about softhsm >>>>> >>>>> I remembered reading about package errors with softhsm and installed >>>>> the >>>>> softhsm-devel package first. >>>>> >>>>> so revert back the freeipa kvm snapshot to 3.3.5 and try again >>>>> yum update bind-utils -y ; yum install softhsm-devel -y ; yum update >>>>> freeipa-server -y >>>>> >>>>> However when restarting named-pkcs11 I can see in the system log >>>>> that >>>>> it >>>>> has 0 zones loaded >>>>> >>>>> Oct 28 15:28:30 freeipa.x.x named-pkcs11[3029]: managed-keys-zone: >>>>> loaded serial 0 >>>>> Oct 28 15:28:30 freeipa.x.x named-pkcs11[3029]: zone 0.in-addr.arpa/IN: >>>>> loaded serial 0 >>>>> Oct 28 15:28:30 freeipa.x.x named-pkcs11[3029]: zone localhost/IN: >>>>> loaded >>>>> serial 0 >>>>> Oct 28 15:28:30 freeipa.x.x named-pkcs11[3029]: zone >>>>> 1.0.0.127.in-addr.arpa/IN: loaded serial 0 >>>>> Oct 28 15:28:30 freeipa.x.x named-pkcs11[3029]: zone >>>>> localhost.localdomain/IN: loaded serial 0 >>>>> Oct 28 15:28:30 freeipa.x.x named-pkcs11[3029]: zone >>>>> 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. >>>>> 0.0.ip6.arpa/IN: >>>>> loaded serial 0 >>>>> Oct 28 15:28:30 freeipa.x.x named-pkcs11[3029]: all zones loaded >>>>> Oct 28 15:28:30 freeipa.x.x named-pkcs11[3029]: running >>>>> Oct 28 15:28:30 freeipa.x.x named-pkcs11[3029]: 0 zones from LDAP >>>>> instance >>>>> 'ipa' loaded (0 zones defined, 0 inactive, 0 failed to load) >>>>> >>>>> It claims 0 zones loaded but I can see my forward and reverse zones >>>>> in >>>>> ipa >>>>> >>>>> what could cause it not to load the zones that I defined in ipa ? >>>>> >>>>> >>>> This problem is usually caused by broken IPA upgrade which destroys >>> ACIs >>> in LDAP which allow access to DNS sub-tree. >>> >>> Please follow instructions on: >>> >>> https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart#a5. >>> NozonesfromLDAPareloaded >>> >>> ... and let us know if you are able to see idnsZone objects in LDAP or >>> not. >>> >> > > -- > Petr^2 Spacek >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
