[Freeipa-users] Migration fails from 3.0.0 to 3.3.3 on Centos 6/7
Jani West
jwest at iki.fi
Tue Feb 24 22:08:30 UTC 2015
On old master apache logs looks like this:
---------------
[Tue Feb 24 23:37:40 2015] [error] [client 192.168.177.8] File does not
exist: /var/www/html/ca
[Tue Feb 24 23:37:41 2015] [error] [client 192.168.177.8] File does not
exist: /var/www/html/ca
[Tue Feb 24 23:38:22 2015] [error] [client 192.168.177.8] File does not
exist: /var/www/html/ca
192.168.177.8 - - [24/Feb/2015:10:35:47 +0200] "POST
/ca/agent/ca/updateDomainXML HTTP/1.0" 403 323
192.168.177.8 - - [24/Feb/2015:23:37:40 +0200] "GET
/ca/rest/securityDomain/domainInfo HTTP/1.1" 404 325
192.168.177.8 - - [24/Feb/2015:23:37:41 +0200] "GET
/ca/admin/ca/getDomainXML HTTP/1.1" 200 1158
192.168.177.8 - - [24/Feb/2015:23:37:41 +0200] "GET
/ca/rest/account/login HTTP/1.1" 404 313
192.168.177.8 - - [24/Feb/2015:23:38:19 +0200] "POST
/ca/admin/ca/getCertChain HTTP/1.0" 200 1410
192.168.177.8 - - [24/Feb/2015:23:38:22 +0200] "GET
/ca/rest/account/login HTTP/1.1" 404 313
192.168.177.8 - - [24/Feb/2015:23:38:22 +0200] "POST
/ca/admin/ca/getCookie HTTP/1.1" 200 4088
192.168.177.8 - - [24/Feb/2015:23:38:22 +0200] "POST
/ca/admin/ca/getDomainXML HTTP/1.0" 200 1158
192.168.177.8 - - [24/Feb/2015:23:38:23 +0200] "POST
/ca/admin/ca/getCertChain HTTP/1.0" 200 1410
192.168.177.8 - - [24/Feb/2015:23:38:23 +0200] "POST
/ca/admin/ca/updateNumberRange HTTP/1.0" 404 -
192.168.177.8 - - [24/Feb/2015:23:38:24 +0200] "POST
/ca/admin/ca/updateNumberRange HTTP/1.0" 404 -
192.168.177.8 - - [24/Feb/2015:23:38:23 +0200] "POST
/ca/ee/ca/updateNumberRange HTTP/1.0" 200 163
192.168.177.8 - - [24/Feb/2015:23:38:24 +0200] "POST
/ca/ee/ca/updateNumberRange HTTP/1.0" 200 163
192.168.177.8 - - [24/Feb/2015:23:38:27 +0200] "POST
/ca/admin/ca/updateNumberRange HTTP/1.0" 404 -
192.168.177.8 - - [24/Feb/2015:23:38:27 +0200] "POST
/ca/ee/ca/updateNumberRange HTTP/1.0" 200 153
192.168.177.8 - - [24/Feb/2015:23:38:30 +0200] "POST
/ca/admin/ca/getConfigEntries HTTP/1.0" 200 13714
192.168.177.8 - - [24/Feb/2015:23:41:06 +0200] "POST
/ca/admin/ca/getDomainXML HTTP/1.0" 200 1158
192.168.177.8 - - [24/Feb/2015:23:41:06 +0200] "POST
/ca/admin/ca/updateDomainXML HTTP/1.0" 404 -
192.168.177.8 - - [24/Feb/2015:23:41:06 +0200] "POST
/ca/agent/ca/updateDomainXML HTTP/1.0" 200 115
---------------------
and /var/log/ipareplica-install.log on new replica looks like this:
--------------------
pkispawn : ERROR ....... Exception from Java Configuration
Servlet: Error while updating security domain: java.io.IOException: 2
2015-02-24T21:40:54Z CRITICAL failed to configure ca instance Command
'/usr/sbin/pkispawn -s CA -f /tmp/tmpR56_Ck' returned non-zero exit status 1
2015-02-24T21:40:54Z DEBUG File
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py",
line 638, in run_script
return_value = main_function()
File "/usr/sbin/ipa-replica-install", line 667, in main
CA = cainstance.install_replica_ca(config)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
1689, in install_replica_ca
subject_base=config.subject_base)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
478, in configure_instance
self.start_creation(runtime=210)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py",
line 364, in start_creation
method()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py", line
615, in __spawn_instance
raise RuntimeError('Configuration of CA failed')
2015-02-24T21:40:54Z DEBUG The ipa-replica-install command failed,
exception: RuntimeError: Configuration of CA failed
--------------------
Just give me a shout if you want me to run replication again and if you
need any extra logs.
On 02/25/2015 12:00 AM, Rob Crittenden wrote:
> Jani West wrote:
>> Re-created replication file and run ipa-replica-install o fresh CentOS 7
>> server.
>>
>> It is still giving the same error:
>>
>> ---------------------
>> 2015-02-24T21:40:54Z DEBUG Process finished, return code=1
>> 2015-02-24T21:40:54Z DEBUG stdout=Loading deployment configuration from
>> /tmp/tmpR56_Ck.
>> Installing CA into /var/lib/pki/pki-tomcat.
>> Storing deployment configuration into
>> /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
>> Installation failed.
>>
>>
>> 2015-02-24T21:40:54Z DEBUG stderr=pkispawn : WARNING ....... unable
>> to validate security domain user/password through REST interface.
>> Interface not available
>
> That is expected.
>
>> pkispawn : ERROR ....... Exception from Java Configuration
>> Servlet: Error while updating security domain: java.io.IOException: 2
>
> I think a fresh set of logs is in needed.
>
> rob
>
>> --------------------.
>>
>> On 02/24/2015 06:06 PM, Rob Crittenden wrote:
>>> West, Jani wrote:
>>>> Thank you for the tip,
>>>>
>>>> Just created new /root/cacerts.p12. Should I import it to the CA somehow
>>>> or just restart the ipa server?
>>>>
>>>> Will reset the new replicate vm to clean CentOS 7 installation without
>>>> any leftovers from ipa-replica-install.
>>>>
>>>
>>> Re-run ipa-replica-prepare and it will pick up the new file. Use that
>>> newly prepared file on your replica and hopefully that will do the trick.
>>>
>>> rob
>>>
>>
>>
--
-- Jani West -- jwest at iki.fi -- +358 40 5010914 --
-- Liinalahdentie 4 -- 01800 KLAUKKALA -- FINLAND --
"Haluaisin, että Suomi olisi paljon monikulttuurisempi.
Tänne tulee muualta paljon ihmisiä, mutta heitä ei tuoda
tarpeeksi esille. Jotenkin me pidämme heidät verhojen takana.
On tärkeää, että Suomesta saataisiin avoin ja suvaitsevainen.
Sulkeutunut ajattelutapa on Suomen ongelma. Ehkä me
pelkäämme mielenosoituksia, joita esimerkiksi Ruotsin
lähiöissä on ollut ja sitä, että jotain kauheaa tapahtuu.
Ei ymmärretä, että maahanmuuttajat voivat tuoda
Suomeen myös paljon hyvää. Toivoisin hallitukselta sitä,
että koko kansaa kuullaan, myös eri kulttuureista
tulevia. Hallituksen pitäisi rahoittaa ja tukea enemmän
Suomen kansainvälistämistä. Myös eduskunta voisi kuunnella
maahanmuuttajia enemmän."
HS 8.6.2013: Essi, 16 v. Etu-Töölön lukio.
More information about the Freeipa-users
mailing list