Looks like there are issues with dogtag and tomcat8. http://pki.fedoraproject.org/wiki/Tomcat_8
On 5 November 2015 at 11:32, Prashant Bapat <prash...@apigee.com> wrote: > New issue with upgrade. > > I setup a test IPA server. Its on AWS EC2 instance in a VPC. Fedora 21. > freeipa 4.1.4. > > Upgraded OS from F21 --> F22 --> F23. All OK. > > Once in F23 *ipactl start* command tells me an upgrade is needed. > > Ran* ipa-server-upgrade* command. This command seems to do everything but > somehow fails during upgrading the PKI (Tomcat). Now the tomcat service > wont start. Other components are upgraded to 4.2.2 but Tomcat is down. > > Attached is the *ipaupgrade.log* and *catalina.2015-11-05.log*. > > Any help appreciated. > > Thanks. > --Prashant > > On 5 November 2015 at 06:31, Prashant Bapat <prash...@apigee.com> wrote: > >> Great idea! Is that possible ? Any documentation on how to do this would >> be very helpful. >> >> Thanks. >> >> On 4 November 2015 at 19:17, Rob Crittenden <rcrit...@redhat.com> wrote: >> >>> Martin Kosek wrote: >>> > On 11/04/2015 10:27 AM, Prashant Bapat wrote: >>> >> Ack. But in a live replicated setup wont upgrading from F21->F22 and >>> >> F22->F23 take a long time. I mean couple of hours ? >>> > >>> > It will take some outage time, yes. But if you have appropriate number >>> of >>> > replicas and are upgrading one by one, you should be fine - the >>> clients should >>> > fail over to other replicas. >>> > >>> >> Are there any other ways to do this. Perhaps do a fresh install of >>> F23 and >>> >> then restore data from FreeIPA 4.1.4 (F21) ? >>> > >>> > FreeIPA upgrade also updates the data themselves. Restoring old data >>> and >>> > configuration files on fresh F23 using full backup + running the >>> upgrade may >>> > work, but there may be also a lot of hurdles. It is not really a >>> tested approach. >>> >>> Or he could one by one install a new F23 system and configure it as a >>> new master to replace one of the old ones until they are all running F23. >>> >>> I'm pretty sure backup/restore only works within the same version. >>> >>> rob >>> >>> > >>> >> >>> >> On 4 November 2015 at 14:52, Martin Kosek <mko...@redhat.com> wrote: >>> >> >>> >>> On 11/04/2015 10:15 AM, Lukas Slebodnik wrote: >>> >>>> On (04/11/15 14:37), Prashant Bapat wrote: >>> >>>>> Hi All, >>> >>>>> >>> >>>>> We rolled out freeipa in our setup somewhere in beginning of 2015. >>> Since >>> >>>>> then there have been couple of new releases. Latest being 4.2.3. >>> >>>>> >>> >>>>> The FreeIPA servers are installed on Fedora 21 hosts and at this >>> point >>> >>>>> there is no direct way of upgrading to 4.2.3 unless we also >>> upgrade the >>> >>> OS. >>> >>>>> The COPR repos do not support Fedora 21. >>> >>>>> >>> >>>> Fedora 23 was released yesterday. >>> >>>> It means then Fedora 21 will be out of support in a month. >>> >>>> I would definitelly recomment to upgrade it to newer Fedora. >>> >>> >>> >>> +1. I did the same actually for FreeIPA demo which was also running >>> on F21 >>> >>> before: >>> >>> http://www.freeipa.org/page/Demo >>> >>> I had to do it in two steps: F21->F22, F22->F23. >>> >>> >>> >>> If you make sure that F22->F23 upgrade updates to >>> freeipa-4.2.3-1.fc23 or >>> >>> later >>> >>> (https://bodhi.fedoraproject.org/updates/FEDORA-2015-4d94884a7e), it >>> >>> should >>> >>> work just fine. >>> >>> >>> >>>> If you do not want t upgrade so often you might use FreeIPA >>> >>>> on CentOS 7 >>> >>>> >>> >>>> LS >>> >>>> >>> >>> >>> >>> >>> >> >>> > >>> >>> >> >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project