Rob Verduijn wrote: > hmmmm.... > > after some more digging (monitoring the upgrade more closely.) > I saw that the upgrade kept waiting for the ca to start, which it did > not do. > and after 5 minutes the upgrade gave up with the following errors in the > ipaupgrade log : > > at 85% it says : > 2014-10-26T15:04:35Z DEBUG retrieving schema for SchemaCache > url=ldapi://%2fvar%2frun%2fslapd-XXXX-XXXX.socket > conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x2b18cb0> > 2014-10-26T15:04:35Z DEBUG Starting external process > 2014-10-26T15:04:35Z DEBUG args='/usr/bin/certutil' '-d' > '/etc/httpd/alias' '-L' > 2014-10-26T15:04:35Z DEBUG Process finished, return code=0 > 2014-10-26T15:04:35Z DEBUG stdout= > Certificate Nickname Trust > Attributes > > SSL,S/MIME,JAR/XPI > > Signing-Cert u,u,u > XXXX.XXXX IPA CA CT,C,C > ipaCert u,u,u > Server-Cert u,u,u > > 2014-10-26T15:04:35Z DEBUG stderr= > 2014-10-26T15:04:35Z DEBUG Starting external process > 2014-10-26T15:04:35Z DEBUG args='/usr/bin/certutil' '-d' > '/etc/httpd/alias' '-L' '-n' 'TJAKO.THUIS IPA CA' '-a' > 2014-10-26T15:04:35Z DEBUG Process finished, return code=0 > 2014-10-26T15:04:35Z DEBUG stdout=-----BEGIN CERTIFICATE----- > < certificate-removed > > -----END CERTIFICATE----- > 2014-10-26T15:04:35Z DEBUG stderr= > 2014-10-26T15:04:36Z ERROR Upgrade failed with cannot connect to > 'ldapi://%2fvar%2frun%2fslapd-XXXX-XXXX.socket':\
This has nothing to do with the CA, the LDAP server didn't come up. I'd start with those logs or look earlier in ipaupgrade.log The CA requires 389-ds to be running so if it isn't up, then it will fail to start too. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
