On ma, 04 marras 2019, Alex Scheel wrote:
----- Original Message -----
From: "Alexander Bokovoy via FreeIPA-users"
<[email protected]>
To: "FreeIPA users list" <[email protected]>
Cc: "Wulf C. Krueger" <[email protected]>, "Alexander Bokovoy"
<[email protected]>
Sent: Sunday, November 3, 2019 4:08:09 AM
Subject: [Freeipa-users] Re: FreeIPA 4.8.1 on Fedora 31 (upgraded from F30)
fails to start
On la, 02 marras 2019, Wulf C. Krueger via FreeIPA-users wrote:
>Hello,
>
>my FreeIPA installation was working well on Fedora 30. After upgrading
>to F31, though, it fails to start:
>
>----
># ipactl start
>IPA version error: data needs to be upgraded (expected version
>'4.8.1-4.fc31', current version '4.8.1-1.fc30')
>Automatically running upgrade, for details see /var/log/ipaupgrade.log
>Be patient, this may take a few minutes.
>Automatic upgrade failed: Update complete
>Upgrading the configuration of the IPA services
>[Verifying that root certificate is published]
>[Migrate CRL publish directory]
>CRL tree already moved
>IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run
>command ipa-server-upgrade manually.
>Unexpected error - see /var/log/ipaupgrade.log for details:
>CalledProcessError: CalledProcessError(Command ['/bin/systemctl',
>'start', '[email protected]'] returned non-zero exit
>status 1: 'Job for [email protected] failed because a
>timeout was exceeded.\nSee "systemctl status
>[email protected]" and "journalctl -xe" for details.\n')
>The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for
>more information
>
>See the upgrade log for more details and/or run
>/usr/sbin/ipa-server-upgrade again
>Aborting ipactl
>----
>
>Logs:
>
>ipaupgrade.log: https://mailstation.de/ipa-logs/ipaupgrade.log
>pki-tomcatd@pki-tomcat log:
>https://mailstation.de/ipa-logs/[email protected]
>pki-tomcat-ca-debug log:
>https://mailstation.de/ipa-logs/pki-tomcat-ca-debug.2019-11-02.log
>
>So it looks like the LDAP server isn't reachable but its log says it's
>running: https://mailstation.de/ipa-logs/[email protected]
>
>There's nothing listening on ports 389 and 636, though.
>
>Help would be highly appreciated.
This looks like https://bugzilla.redhat.com/show_bug.cgi?id=1766451
Do you have updates-testing repository enabled? It should provide an
update for jss package.
Alexander,
I don't think this is that bug at all. That bug (#1766451) was an issue in
JSS with a stacktrace ending in the NativeProxy class, caused by an improvement
in NativeProxy. That lead to a member used in the equals(...) comparator to be
NULL, which is less than ideal.
These backtraces from Wulf don't end in JSS at all. In fact, JSS seems to
initalize
just fine around 2019-11-02 11:55:34 in the Tomcat debug log. This seems like a
bug
in the LDAPProfileSubsystem of Dogtag.
Thanks, Alex. I hope you can help then with debugging it?
As to #1766451, we seem to hit it in FreeIPA CI regularly. I hope
https://bodhi.fedoraproject.org/updates/FEDORA-2019-4129cdf50b will get
pushed soon...
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
