[Freeipa-users] Re: FreeIPA 4.8.1 on Fedora 31 (upgraded from F30) fails to start
On 2019-11-02 13:47, Wulf C. Krueger wrote: my FreeIPA installation was working well on Fedora 30. After upgrading to F31, though, it fails to start: For posterity's sake as well as that of anyone facing the same issue: For some reason, the IP of the host FreeIPA runs on, changed which, admittedly, can upset the most mild-mannered server. Especially if the local DNS doesn't get updated either. I didn't notice it because the FreeIPA host is behind a reverse proxy. Best regards, Wulf ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: FreeIPA 4.8.1 on Fedora 31 (upgraded from F30) fails to start
On 2019-11-05 13:47, Wulf C. Krueger via FreeIPA-users wrote: I've tried starting FreeIPA again and have uploaded the resulting new logs: https://mailstation.de/ipa-logs/new/ Well, since there don't seem to be any ideas how to salvage that installation (logs still available in the location mentioned above), is there a way to at least recover its data and move that to a new installation? Best regards, Wulf ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: FreeIPA 4.8.1 on Fedora 31 (upgraded from F30) fails to start
Hello Alex, On 2019-11-04 18:20, Alex Scheel via FreeIPA-users wrote: 2019-11-02T10:57:00Z DEBUG stderr=Job for pki-tomcatd@pki-tomcat.service failed because a timeout was exceeded. See "systemctl status pki-tomcatd@pki-tomcat.service" and "journalctl -xe" for details. However, the pki-tomcat-ca-debug.2019-11-02.log you posted doesn't have any entries from around this time. That's weird - it should have been in there. Maybe I've missed a log; in order to fix that, I've tried starting FreeIPA again and have uploaded the resulting new logs: https://mailstation.de/ipa-logs/new/ Unfortunately, I basically only understand that the connection to LDAP fails but I don't understand why. Best regards, Wulf ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: FreeIPA 4.8.1 on Fedora 31 (upgraded from F30) fails to start
Hello Alex, On 2019-11-04 16:49, Alex Scheel via FreeIPA-users wrote: These backtraces from Wulf don't end in JSS at all. In fact, JSS seems to initalize just fine around 2019-11-02 11:55:34 in the Tomcat debug log. This seems like a bug in the LDAPProfileSubsystem of Dogtag. Thanks for chiming in - any suggestions on how to proceed? I'm wondering why the LDAP server *only* seems to be listening on that socket (cf. log) instead of (or in addition to) ports 389/636. Best regards, Wulf ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: FreeIPA 4.8.1 on Fedora 31 (upgraded from F30) fails to start
Hello Patrick, On 2019-11-02 20:54, Patrick Dung via FreeIPA-users wrote: I am having the same problem about three days ago. Related thread in: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/WLBFHI266KKHLF6G2UC4MHR4OLCLR45S/ Thanks, I saw that thread while searching but (possibly wrongly) thought it was a similar but ultimately different problem because as you write there "I am able to connect to my ldap server port 636 with TLS without problem." - which I most certainly am not. There's not even anything listening on 636. And the stack traces seem different as well. A rather huge difference as well: In the pagure issue, the PKI server is running whereas mine at least consistently refuses to start. Best regards, Wulf ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: FreeIPA 4.8.1 on Fedora 31 (upgraded from F30) fails to start
Hello Alexander, On 2019-11-03 10:08, Alexander Bokovoy via FreeIPA-users wrote: This looks like https://bugzilla.redhat.com/show_bug.cgi?id=1766451 Do you have updates-testing repository enabled? It should provide an update for jss package. Thanks for the suggestion! Unfortunately, updating to the newer jss (jss-4.6.2-2.fc31.x86_64) didn't fix my issue. Reading 1766451 it seems to be different from what I'm seeing. Best regards, Wulf ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] FreeIPA 4.8.1 on Fedora 31 (upgraded from F30) fails to start
Hello, my FreeIPA installation was working well on Fedora 30. After upgrading to F31, though, it fails to start: # ipactl start IPA version error: data needs to be upgraded (expected version '4.8.1-4.fc31', current version '4.8.1-1.fc30') Automatically running upgrade, for details see /var/log/ipaupgrade.log Be patient, this may take a few minutes. Automatic upgrade failed: Update complete Upgrading the configuration of the IPA services [Verifying that root certificate is published] [Migrate CRL publish directory] CRL tree already moved IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. Unexpected error - see /var/log/ipaupgrade.log for details: CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'pki-tomcatd@pki-tomcat.service'] returned non-zero exit status 1: 'Job for pki-tomcatd@pki-tomcat.service failed because a timeout was exceeded.\nSee "systemctl status pki-tomcatd@pki-tomcat.service" and "journalctl -xe" for details.\n') The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information See the upgrade log for more details and/or run /usr/sbin/ipa-server-upgrade again Aborting ipactl Logs: ipaupgrade.log: https://mailstation.de/ipa-logs/ipaupgrade.log pki-tomcatd@pki-tomcat log: https://mailstation.de/ipa-logs/pki-tomc...@pki-tomcat.log pki-tomcat-ca-debug log: https://mailstation.de/ipa-logs/pki-tomcat-ca-debug.2019-11-02.log So it looks like the LDAP server isn't reachable but its log says it's running: https://mailstation.de/ipa-logs/dir...@mailstation-de.log There's nothing listening on ports 389 and 636, though. Help would be highly appreciated. Best regards, Wulf ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
