[Freeipa-users] Re: upgrade to ubuntu 17.10 fails

2017-12-14 Thread David Harvey via FreeIPA-users
On 13 December 2017 at 23:29, Timo Aaltonen via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > On 28.11.2017 22:58, Peter Fern via FreeIPA-users wrote: > > On 23/11/17 05:34, David Harvey via FreeIPA-users wrote: > >> Not sure why tomcat is more resilient when launched as root,

[Freeipa-users] Re: upgrade to ubuntu 17.10 fails

2017-12-01 Thread David Harvey via FreeIPA-users
Ok, thanks for the clarification. Hopefully can still mitigate by changing platform or waiting for a better supported Ubuntu release! On 1 Dec 2017 18:40, "Rob Crittenden" wrote: > David Harvey via FreeIPA-users wrote: > > Well that sounds fun :) > > I'm hesistent to

[Freeipa-users] Re: upgrade to ubuntu 17.10 fails

2017-12-01 Thread Rob Crittenden via FreeIPA-users
David Harvey via FreeIPA-users wrote: > Well that sounds fun :) > I'm hesistent to crosspost to pkg-freeipa-de...@lists.alioth.debian.org > to ask after > likelihood of seeing 4.5 in 18.04/Bionic but hope someone here might be > able to comment? >

[Freeipa-users] Re: upgrade to ubuntu 17.10 fails

2017-12-01 Thread David Harvey via FreeIPA-users
Well that sounds fun :) I'm hesistent to crosspost to pkg-freeipa-de...@lists.alioth.debian.org to ask after likelihood of seeing 4.5 in 18.04/Bionic but hope someone here might be able to comment? WRT the exploding CA situation. I guess I'll need to get to a more sane build, or switch over to a

[Freeipa-users] Re: upgrade to ubuntu 17.10 fails

2017-12-01 Thread Peter Fern via FreeIPA-users
Without installing a system to check, it appears to me that nss-pem is still not packaged for Debian/Ubuntu, which means that certmonger will break on you when it comes time to auto-renew your CAs. I found this out the hard way early this year while running FreeIPA with CA on Ubuntu, and recovery

[Freeipa-users] Re: upgrade to ubuntu 17.10 fails

2017-12-01 Thread David Harvey via FreeIPA-users
hi Peter, Not a full answer to your questions but from my experience: Xenial: Worked, except OTP functionality Zesty: Worked except for DNS Artful: Seems fully functional and stable on the fresh installed replica, my upgraded from Zesty rig (with the workarounds noted earlier in thread) Still

[Freeipa-users] Re: upgrade to ubuntu 17.10 fails

2017-11-28 Thread Peter Fern via FreeIPA-users
On 23/11/17 05:34, David Harvey via FreeIPA-users wrote: > Not sure why tomcat is more resilient when launched as root, but the > pki seems to work ok at issuing certs after the above and a reboot for > good measure. This sounds like there are broken permissions in the current Ubuntu packages. 

[Freeipa-users] Re: upgrade to ubuntu 17.10 fails

2017-11-28 Thread Charles Hedrick via FreeIPA-users
We successfully ran on Centos 7.3 with 4.4.4 and 4.5, the 4.5 having been installed later. The first step in installing the replica was that it automatically upgraded itself to the newest release, so it happened without giving us any choice. We later upgraded everything to 4.5. 4.5 have

[Freeipa-users] Re: upgrade to ubuntu 17.10 fails

2017-11-22 Thread David Harvey via FreeIPA-users
For anyone interested, I think I have it working properly after the following: Edit /etc/pki/pki.version to remove +12 (confused the postinstall script). Ensure you have kinit admin from the root session you're using to upgrade. If like me you find the rest API on 8443 dies when being hit and

[Freeipa-users] Re: upgrade to ubuntu 17.10 fails

2017-11-21 Thread David Harvey via FreeIPA-users
Hoi, Anyone out there with experience of whether or not adding a replica of more recent version (4.4.4 and 389 dir 1.3.7.5-1 up from 4.4.3 with 389 dir 1.3.5.15-2) would impact the existing servers in terms of schema or similar? I'm still trying to find a safe way to upgrade safely without going

[Freeipa-users] Re: upgrade to ubuntu 17.10 fails

2017-11-17 Thread David Harvey via FreeIPA-users
Hi again, No joy yet with spotting CA anomalies. Any additional tips there Rob? Gentle bump Simon, are you confident that building a new replica won't fall foul of the below from the upgrade page (the schema part): Words of caution - Note that the server is in a *maintenance mode* during

[Freeipa-users] Re: upgrade to ubuntu 17.10 fails

2017-11-15 Thread Rob Crittenden via FreeIPA-users
David Harvey via FreeIPA-users wrote: > Sorry for the dump size, but not sure if the below from > /var/log/pki/pki-tomcat/localhost.date.log helps: Looks like the selftests are failing. I'd check that your CA subsystem certificates are not expired, etc. rob > > 15-Nov-2017 12:14:50.557 SEVERE

[Freeipa-users] Re: upgrade to ubuntu 17.10 fails

2017-11-15 Thread Simon Williams via FreeIPA-users
There may be a million and one reasons not to do it this way, but have you considered building a new VM on 17.10 and replicating from the existing server? I have just tried to upgrade a development environment (IPA client) to 17.10 and had endless issues. I ended up creating a new machine and

[Freeipa-users] Re: upgrade to ubuntu 17.10 fails

2017-11-15 Thread David Harvey via FreeIPA-users
Sorry for the dump size, but not sure if the below from /var/log/pki/pki-tomcat/localhost.date.log helps: 15-Nov-2017 12:14:50.557 SEVERE [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log StandardWrapper.Throwable java.lang.NullPointerException at