Karim Bourenane via FreeIPA-users wrote: > Hello François, All > > Thanks you for your answer / update > > Here's what I did: > All process RUNNING with : ipactl status > yum update > > *I have several error into the yum update command *: > 2020-06-08T09:39:42Z ERROR IPA server upgrade failed: Inspect > /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. > 2020-06-08T09:39:42Z DEBUG File > "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in > execute > return_value = self.run() > File > "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", > line 54, in run > server.upgrade() > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", > line 2146, in upgrade > upgrade_configuration() > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", > line 2018, in upgrade_configuration > ca_enable_ldap_profile_subsystem(ca) > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", > line 406, in ca_enable_ldap_profile_subsystem > cainstance.migrate_profiles_to_ldap() > File > "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line > 1990, in migrate_profiles_to_ldap > api.Backend.ra_certprofile.override_port = 8443 > File "/usr/lib/python2.7/site-packages/ipalib/base.py", line 134, in > __setattr__ > SET_ERROR % (self.__class__.__name__, name, value) > > 2020-06-08T09:39:42Z DEBUG The ipa-server-upgrade command failed, > exception: AttributeError: locked: cannot set > ra_certprofile.override_port to 8443 > 2020-06-08T09:39:42Z ERROR Unexpected error - see > /var/log/ipaupgrade.log for details: > AttributeError: locked: cannot set ra_certprofile.override_port to 8443 > 2020-06-08T09:39:42Z ERROR The ipa-server-upgrade command failed. See > /var/log/ipaupgrade.log for more information
Note that this has nothing to do with anything listening on port 8443. This is trying to change the IPA runtime environment for some reason and it's in a locked state. I don't know this code very well so I'm not sure what the remediation is. It seems like something that should have either always or never worked but it could be it was affected by some later change, I don't know. It thinks it needs to migrate your disk-based profiles into LDAP and that's not something that should be skipped. rob > > > Regards > > > Bien à vous > Mr Karim Bourenane > +33686464439 > +32 493 86 63 54 > > > > Le lun. 8 juin 2020 à 08:56, François Cami <fc...@redhat.com > <mailto:fc...@redhat.com>> a écrit : > > Hi, > > On Sun, Jun 7, 2020 at 11:13 PM Karim Bourenane via FreeIPA-users > <freeipa-users@lists.fedorahosted.org > <mailto:freeipa-users@lists.fedorahosted.org>> wrote: > > > > Hello Team > > > > I have some questions : > > 1°) I need your help, to find the better way to upgrade my 3 > servers linked (replicat). > > I want to upgrade servers from CentOS 7.6 to CentOS7.7 with update > in same time the IPAServer (or separately ?) > > Not at the same time. The upgrade logic is bound to update some data > in LDAP. It is best to wait until the first update is done, and the > resulting replication traffic has subsided. Then do the other replica > one at a time. > > > After searching on Freeipa.org and other site, i find : > > #ipactl stop > > #ipa-server-upgrade > > #ipactl start > > You do not need to do that. "yum update" is enough. > > > I not need to delete first the replication link before ? > > Certainly not. > > > What is the better solution ways ? > > See above. > > > 2°) Is not better to migrate my IPAServers's to 4.7 or 4.8 version ? > > Or i need steps too ? > > You would need to migrate to RHEL8 / CentOS8 to have ipa-4-8. > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_identity_management/migrate-7-to-8_migrating > > Best regards, > François > > > Thanks you for your help > > > > Best Regard > > Bien à vous > > Mr Karim Bourenane > > +33686464439 > > +32 493 86 63 54 > > > > _______________________________________________ > > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > <mailto:freeipa-users@lists.fedorahosted.org> > > To unsubscribe send an email to > freeipa-users-le...@lists.fedorahosted.org > <mailto:freeipa-users-le...@lists.fedorahosted.org> > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
