With IPA built from the master (commit e2d1b21), running ipa-server-upgrade fails with a set of different errors:
... [Migrating certificate profiles to LDAP] IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. Unexpected error - see /var/log/ipaupgrade.log for details: NetworkError: cannot connect to 'https://vm-161.abc.idm.lab.eng.brq.redhat.com:8443/ca/rest/account/login': '' The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
or
... The ipa-server-upgrade command failed, exception: NetworkError: cannot connect to 'ldapi://%2fvar%2frun%2fslapd-DOM-161-ABC-IDM-LAB-ENG-BRQ-REDHAT-COM.socket':
Adding the stack trace
2017-02-24T15:31:16Z INFO [Authorizing RA Agent to modify profiles] 2017-02-24T15:31:16Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. 2017-02-24T15:31:16Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 46, in run server.upgrade() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1880, in upgrade upgrade_configuration() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1749, in upgrade_configuration ca_configure_profiles_acl(ca), File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 333, in ca_configure_profiles_acl return cainstance.configure_profiles_acl() File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 1500, in configure_profiles_acl return __add_acls(new_rules) File "/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line 1539, in __add_acls entry = conn.get_entry(dn) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1483, in get_entry size_limit=size_limit File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1311, in get_entries **kwargs) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1439, in find_entries break File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__ self.gen.throw(type, value, traceback) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1002, in error_handler error=info) 2017-02-24T15:31:16Z DEBUG The ipa-server-upgrade command failed, exception: NetworkError: cannot connect to 'ldapi://%2fvar%2frun%2fslapd-DOM-161-ABC-IDM-LAB-ENG-BRQ-REDHAT-COM.socket':
The journal shows that ipa.service unit is shut down when gssproxy.service is stopped, hence stopping the LDAP server and breaking the api.Backend.ldap2 connection.
gssproxy restart should not stop the whole stack.
Metadata Update from @frenaud: - Issue assigned to frenaud - Issue set to the milestone: 0.0 NEEDS_TRIAGE
master:
I cannot change milestone so I'm leaving it opened
Metadata Update from @mbasti: - Custom field affects_doc reset - Custom field component reset - Custom field on_review reset - Custom field type reset - Issue close_status updated to: None - Issue set to the milestone: None (was: 0.0 NEEDS_TRIAGE)
Metadata Update from @pvoborni: - Custom field affects_doc reset - Custom field tester adjusted to wanted - Issue priority set to: 1 (was: 3) - Issue set to the milestone: FreeIPA 4.5
Closing based on previous comment which mentions that it was not closed only because milestone could not be changed which is fixed now.
Metadata Update from @pvoborni: - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.