Günther J. Niederwimmer via FreeIPA-users wrote: > Hello, > Unfortunately, I haven't made any progress so far. It probably depends on > which version was used during installation. My replica server was installed > with 9.5, and the upgrade to 9.6 worked without any errors. > > Unfortunately, I don't really understand what the "patch" does, but I would > always make a backup. > > Since everything runs on a Proxmox server, it's pretty easy, but it's not a > permanent solution if you can't install any more updates. > > I hope to get an answer from the FreeIPA experts that I can understand.
I'm not sure what about this you don't understand. dogtag introduced a new configuration file, rewrite.config, at some point early in the RHEL 9 cycle. It only created this file during initial installation. No provision was made to create it on upgrade. This didn't matter for a long time because it only impacted EST (which IPA does not use). Later, in RHEL 9.5 it added REST rewrites to the file. If this file didn't exist and the other configuration for it was missing then the redirects were not done and a 404 was raised. The "patch" was a clever workaround that has since been replaced with a permanent fix by creating the missing symlink and updating server.xml. The steps are documented in the BZ. rob > > Am Montag, 9. Juni 2025, 11:49:22 Mitteleuropäische Sommerzeit schrieb alexey > safonov via FreeIPA-users: >> what is the current status of that issue? since Rocky 9.6 was released >> is it safe to update from 9.5? >> >> вт, 27 мая 2025 г. в 21:45, Rob Crittenden via FreeIPA-users >> <[email protected]>: >> >>> >>> >>> Günther J. Niederwimmer via FreeIPA-users wrote: >>> >>>> Hello, >>>> >>>> >>>> >>>> Am Montag, 26. Mai 2025, 10:14:09 Mitteleuropäische Sommerzeit schrieb >>>> Florence Blanc-Renaud via FreeIPA-users: >>>> >>>>> Hi, >>>>> >>>>> >>>>> >>>>> On Fri, May 23, 2025 at 6:29 PM Günther J. Niederwimmer via >>>>> FreeIPA-users < >>>> >>>>> >>>>> >>>>> [email protected]> wrote: >>>>> >>>>>> Hallo Liste, >>>>>> >>>>>> >>>>>> >>>>>> I'm running Oracle 9.5, but since updating to 9.6, FreeIPA hasn't >>>>>> worked >>>>>> anymore. The replica server survived the upgrade. I've tried it three >>>>>> times >>>>>> now, restoring a backup and updating to 9.6, with the same result. The >>>>>> IPA >>>>>> server is the older installation, around 9.2. >>>>>> >>>>>> >>>>>> >>>>>> How can I fix this? Any help is appreciated. >>>>> >>>>> >>>>> >>>>> Which component is failing? If it's the PKI Certificate server you may >>>>> be >>>>> hitting this issue: >>>>> https://bugzilla.redhat.com/show_bug.cgi?id=2350322 >>>>> https://issues.redhat.com/browse/RHEL-88370 >>>> >>>> >>>> >>>> ipactl status >>>> Directory Service: RUNNING >>>> krb5kdc Service: STOPPED >>>> kadmin Service: STOPPED >>>> httpd Service: RUNNING >>>> ipa-custodia Service: STOPPED >>>> pki-tomcatd Service: RUNNING >>>> ipa-otpd Service: STOPPED >>> >>> >>> >>> I'd recommend running: ipactl restart --skip-version-check >>> >>> >>> >>> Then look to see what services are running. If only pki-tomcatd isn't >>> running then it's like you've run into the bug Flo mentioned. >>> >>> >>> >>>> When I change this to the Bugreports I have a Broken LDAP Database ? >>> >>> >>> >>> I don't understand. Any changes in the BZ would only affect pki-tomcat. >>> >>> >>> >>>> >>>> >>>> In the Moment I stopped the Update/Upgrade on this Server is not the >>>> best :-( >> >>> >>> >>> The upgrade is likely failing because of the bug. The missing >>> configuration file is causing the CA to properly redirect requests hence >>> the 404. >>> >>> >>> >>>> >>>> >>>> Can I change the Replica to a Master and then install the old Master >>>> NEW? >>> >>> >>> >>> Sure. Look in the documentation for promoting a server. There are a >>> number of steps you'll need to take. >>> >>> >>> >>> rob >>> >>> >>> >>>> >>>> >>>>> Other users implemented the workaround described in this comment >>>>> <https://bugzilla.redhat.com/show_bug.cgi?id=2350322#c3> and managed >>>>> to >>>>> have IPA start. >>>>> HTH, >>>>> flo >>>>> >>>>> >>>>> >>>>>> mit freundlichen Grüßen / best regards >>>>>> >>>>>> >>>>>> >>>>>> Günther J. Niederwimmer >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> _______________________________________________ >>>>>> FreeIPA-users mailing list -- [email protected] >>>>>> To unsubscribe send an email to >>>>>> [email protected] >>>>>> Fedora Code of Conduct: >>>>>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>>>> List Guidelines: >>>>>> https://fedoraproject.org/wiki/Mailing_list_guidelines >>>>>> List Archives: >>>>>> https://lists.fedorahosted.org/archives/list/[email protected] >>>>>> ahos >>>>>> ted.org Do not reply to spam, report it: >>>>>> https://pagure.io/fedora-infrastructure/new_issue >>>> >>>> >>>> >>> >>> >>> >>> -- >>> _______________________________________________ >>> FreeIPA-users mailing list -- [email protected] >>> To unsubscribe send an email to >>> [email protected] >>> Fedora Code of Conduct: >>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List >>> Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List >>> Archives: >>> https://lists.fedorahosted.org/archives/list/[email protected] >>> sted.org Do not reply to spam, report it: >>> https://pagure.io/fedora-infrastructure/new_issue > > -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
