#2103 Broken systemd configuration after upgrade from F15 to F16
Closed: Fixed None Opened 12 years ago by danieljamesscott.

After upgrading from F15 to F16, the systemd configuration for starting IPA/dirsrv is broken. The script below by Alexander Bokovoy (abokovoy@redhat.com) seems to fix everything:

"You need to do some steps like ipa-server-install does. I'm trying to
get them separated in a small upgrade script but something like
following needs to be done, completely untested, may eat your kitten,
and realm/dirsrv instance names need to be replaced before running:


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
#! /usr/bin/python -E
from ipaserver.install.krbinstance import update_val_in_file
from ipapython import ipautil
from ipapython import services as ipaservices

# 1. Upgrade /etc/sysconfig/dirsrv for systemd
update_key_val_in_file("/etc/sysconfig/dirsrv", "KRB5_KTNAME", "/etc/dirsrv/ds.keytab")
update_key_val_in_file("/etc/sysconfig/dirsrv", "export KRB5_KTNAME", "/etc/dirsrv/ds.keytab")
# 2. Upgrade /etc/sysconfig/krb5kdc for systemd
replacevars = {'KRB5REALM':"EXAMPLE.COM"}
appendvars = {}
ipautil.config_replace_variables("/etc/sysconfig/krb5kdc",
   replacevars=replacevars, appendvars=appendvars)
ipaservices.restore_context("/etc/sysconfig/krb5kdc")
# 3. Enable DS instances:
ipaservices.knownservices.dirsrv.enable("EXAMPLE-COM")
ipaservices.knownservices.dirsrv.enable("PKI-IPA")
# 4. Enable FreeIPA
ipaservices.knownservices.ipa.enable()

Note that these .enable() calls on Fedora 16 do much more than just
'systemctl enable foo.service', they copy and modify service files,
create symlinks and so on, all the dirty work required by systemd.
You may look at ipapython/platform/fedora16.py and systemd.py for
details."


FreeIPA upgrade script from F15 to F16
ipa-f15-to-f16-upgrade

I now have upgrade script for F15 to F16. It is able to detect existing FreeIPA install, extract domain/realm information and also reconfigure broken symlinks for PKI setup.

I'm going to make test builds in Koji for testing purposes.

Changes required are integrated into freeipa-2.1.3-6.fc16. The package is currently cannot be built due to Fedora build system errors. I filed https://bugzilla.redhat.com/show_bug.cgi?id=758671 against gcc to track the issue.

I have submitted 2.1.3-7.fc17 to Rawhide. Fedora 16 build is not possible because there is issue with F16 buildroot in Koji -- broken version of glibc is still available there that causes crashes in compiler.

The glibc package that fixes it is in F16 stable repo but buildroot for f16-candidate is still using the old one and it is affecting unknown number of packages.

Stephen is looking into the issue with Fedora Infra team.

2.1.4-2.fc16 is available in updates-testing.

Metadata Update from @danieljamesscott:
- Issue assigned to abbra
- Issue set to the milestone: FreeIPA 3.0 Core Effort - 2011/12

7 years ago

Login to comment on this ticket.

Metadata