Martin, Rob, thanks for your answers!

On 06/01/2015 09:52 AM, Martin Basti wrote:
Could DS in chroot, cause the ipa-ldap-updater --upgrade cannot locate the DS socket?
2015-05-28T13:04:55Z DEBUG stderr=Running in chroot, ignoring request.

I used fedup for the distro upgrade, so yes initially it ran in a chroot. However, the log excerpts were from a second run I manually initiated, after the machine rebooted after the update. I am pretty sure I ensured that enough of freeipa ran to successfully run ipa user-status and kinit.


2)
Allow weak ciphers.
can you check objectclass definitions in /etc/dirsrv/slapd-XXXXX-COM/schema
# grep 'allowWeakCipher' *

If you find more than on objectclass definition, please remove the old from the ldif files and restart DS. (Probably there will be old in 99user.ldif)

I indeed had a file named 99user.ldif with a date from yesterday (even newer than 01core389.ldif). I removed this.

Now ipa-ldap-updater --upgrade completes successfully, on one machine.

On the other replica, /usr/sbin/ipa-upgradeconfig fails. There's something wrong with pki-tomcatd:

access_log:
a.b.c.d - - [01/Jun/2015:18:22:35 +0200] "GET /ca/admin/ca/getStatus HTTP/1.1" 500 2108

Jun 01 18:47:03 server2.xxxxx.com server[9651]: Jun 01, 2015 6:47:03 PM org.apache.catalina.core.ContainerBase backgroundProcess Jun 01 18:47:03 server2.xxxxx.com server[9651]: WARNING: Exception processing realm com.netscape.cms.tomcat.ProxyRealm@548d946f background process Jun 01 18:47:03 server2.xxxxx.com server[9651]: java.lang.NullPointerException Jun 01 18:47:03 server2.xxxxx.com server[9651]: at com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(ProxyRealm.java:108) Jun 01 18:47:03 server2.xxxxx.com server[9651]: at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1360) Jun 01 18:47:03 server2.xxxxx.com server[9651]: at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1546) Jun 01 18:47:03 server2.xxxxx.com server[9651]: at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1556) Jun 01 18:47:03 server2.xxxxx.com server[9651]: at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1556) Jun 01 18:47:03 server2.xxxxx.com server[9651]: at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1524) Jun 01 18:47:03 server2.xxxxx.com server[9651]: at java.lang.Thread.run(Thread.java:745)

Apparently, I'm not the only one :)
http://pastebin.com/CtsW0GAt

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to