Hello I found a track, its appear that the JAVA dont want to leave the TCPV6 port connexion: #netstat -plten | grep 8433 tcp6 0 0 :::8443 :::* LISTEN 17 178055 25551/java
And also http with tcp6 443 This connexion launched if the command : yum update (come in libcc ) or when i launch ipa-server-update How i can correct this behavior ? Bien à vous Mr Karim Bourenane +33686464439 +32 493 86 63 54 Le lun. 8 juin 2020 à 13:10, Karim Bourenane <karim.bouren...@gmail.com> a écrit : > Hello François, Florence, All > > After checking and disabling my local firewall. > I have the same problem: > .... > [Ensurung CA is using LDAPProfileSubsustem) > [Migration certificat profiles to LDAP] > IPA server upgrade failed : Inspect /var/log/ipaupgrade.log and run > command ipa-upgrade manually. > Unexpected error - see /var/log/ipaupgrade.log for details: > AttributeError: locked cannot see ra_certprofile.override_port to 8443 > > > Regard > > > Bien à vous > Mr Karim Bourenane > +33686464439 > +32 493 86 63 54 > > > > Le lun. 8 juin 2020 à 11:54, Karim Bourenane <karim.bouren...@gmail.com> > a écrit : > >> Hello François, All >> >> Thanks you for your answer / update >> >> Here's what I did: >> All process RUNNING with : ipactl status >> yum update >> >> *I have several error into the yum update command *: >> 2020-06-08T09:39:42Z ERROR IPA server upgrade failed: Inspect >> /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. >> 2020-06-08T09:39:42Z DEBUG File >> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in >> execute >> return_value = self.run() >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", >> line 54, in run >> server.upgrade() >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", >> line 2146, in upgrade >> upgrade_configuration() >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", >> line 2018, in upgrade_configuration >> ca_enable_ldap_profile_subsystem(ca) >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", >> line 406, in ca_enable_ldap_profile_subsystem >> cainstance.migrate_profiles_to_ldap() >> File >> "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line >> 1990, in migrate_profiles_to_ldap >> api.Backend.ra_certprofile.override_port = 8443 >> File "/usr/lib/python2.7/site-packages/ipalib/base.py", line 134, in >> __setattr__ >> SET_ERROR % (self.__class__.__name__, name, value) >> >> 2020-06-08T09:39:42Z DEBUG The ipa-server-upgrade command failed, >> exception: AttributeError: locked: cannot set ra_certprofile.override_port >> to 8443 >> 2020-06-08T09:39:42Z ERROR Unexpected error - see /var/log/ipaupgrade.log >> for details: >> AttributeError: locked: cannot set ra_certprofile.override_port to 8443 >> 2020-06-08T09:39:42Z ERROR The ipa-server-upgrade command failed. See >> /var/log/ipaupgrade.log for more information >> >> >> Regards >> >> >> Bien à vous >> Mr Karim Bourenane >> +33686464439 >> +32 493 86 63 54 >> >> >> >> Le lun. 8 juin 2020 à 08:56, François Cami <fc...@redhat.com> a écrit : >> >>> Hi, >>> >>> On Sun, Jun 7, 2020 at 11:13 PM Karim Bourenane via FreeIPA-users >>> <freeipa-users@lists.fedorahosted.org> wrote: >>> > >>> > Hello Team >>> > >>> > I have some questions : >>> > 1°) I need your help, to find the better way to upgrade my 3 servers >>> linked (replicat). >>> > I want to upgrade servers from CentOS 7.6 to CentOS7.7 with update in >>> same time the IPAServer (or separately ?) >>> >>> Not at the same time. The upgrade logic is bound to update some data >>> in LDAP. It is best to wait until the first update is done, and the >>> resulting replication traffic has subsided. Then do the other replica >>> one at a time. >>> >>> > After searching on Freeipa.org and other site, i find : >>> > #ipactl stop >>> > #ipa-server-upgrade >>> > #ipactl start >>> >>> You do not need to do that. "yum update" is enough. >>> >>> > I not need to delete first the replication link before ? >>> >>> Certainly not. >>> >>> > What is the better solution ways ? >>> >>> See above. >>> >>> > 2°) Is not better to migrate my IPAServers's to 4.7 or 4.8 version ? >>> > Or i need steps too ? >>> >>> You would need to migrate to RHEL8 / CentOS8 to have ipa-4-8. >>> >>> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/migrate-7-to-8_migrating >>> >>> Best regards, >>> François >>> >>> > Thanks you for your help >>> > >>> > Best Regard >>> > Bien à vous >>> > Mr Karim Bourenane >>> > +33686464439 >>> > +32 493 86 63 54 >>> > >>> > _______________________________________________ >>> > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >>> > To unsubscribe send an email to >>> freeipa-users-le...@lists.fedorahosted.org >>> > Fedora Code of Conduct: >>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>> > List Guidelines: >>> https://fedoraproject.org/wiki/Mailing_list_guidelines >>> > List Archives: >>> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org >>> >>>
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
