Hello good people,
Due to being unfamiliar with Fedora, my home FreeIPA server has been languishing on Fedora version 25 for ages. I recently twigged that it hadn't been updated in ages to upgraded to Fedora version 30. That seemed to go OK, but now, when I try to run ipactl start, I get the following:
# ipactl start IPA version error: data needs to be upgraded (expected version '4.7.90.pre1-4.fc30', current version '4.4.4-1.fc25') Automatically running upgrade, for details see /var/log/ipaupgrade.log Be patient, this may take a few minutes. Automatic upgrade failed: IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. Unexpected error - see /var/log/ipaupgrade.log for details: CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'dirsrv@GHIBLI-DARAC-ORG-UK.service'] returned non-zero exit status 1: 'Job for dirsrv@GHIBLI-DARAC-ORG-UK.service failed because the control process exited with error code.\nSee "systemctl status dirsrv@GHIBLI-DARAC-ORG-UK.service" and "journalctl -xe" for details.\n') The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
See the upgrade log for more details and/or run /usr/sbin/ipa-server-upgrade again Aborting ipactl
Looking into the logs for dirsrv@<REALM>, I see the following:
May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: [29/May/2019:20:30:52.917492045 +0100] - ERR - dse_read_one_file - The entry cn=schema in file /usr/share/dirsrv/schema/00core.ldif (lineno: 1) is invalid, error code > May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: [29/May/2019:20:30:52.989705116 +0100] - ERR - setup_internal_backends - Please edit the file to correct the reported problems and then restart the server. May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: dirsrv@GHIBLI-DARAC-ORG-UK.service: Main process exited, code=exited, status=1/FAILURE May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: dirsrv@GHIBLI-DARAC-ORG-UK.service: Failed with result 'exit-code'. May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: Failed to start 389 Directory Server GHIBLI-DARAC-ORG-UK..
Now, in an attempt to fix this, I spun up a new VM, installed freeipa-server and then copied /usr/share/dirsrv/schema/*.ldif over, but that doesn't seem do have had any effect.
Can anyone assist in pointing me in a direction to fixing this?
Many thanks!
I’d suggest creating a new server, enrolling it as a replica (well, it’s multi-master so technically it’s just another FreeIPA server) instead of upgrading. If you have other servers that still work, do that and nuke this one. If this is the last/only server you have, I’d restore it from backups (you have those, right?).
If you neither have additional servers that work, nor backups, prepare for a nightmare. If you know ahead of time that rebuilding your IPA infrastructure might be a slight hassle yet only take an hour or so to re-enroll all hosts and reset your users, do that as it’ll be faster in many cases.
John
On 29 May 2019, at 21:35, Darac Marjal via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hello good people,
Due to being unfamiliar with Fedora, my home FreeIPA server has been languishing on Fedora version 25 for ages. I recently twigged that it hadn't been updated in ages to upgraded to Fedora version 30. That seemed to go OK, but now, when I try to run ipactl start, I get the following:
# ipactl start IPA version error: data needs to be upgraded (expected version '4.7.90.pre1-4.fc30', current version '4.4.4-1.fc25') Automatically running upgrade, for details see /var/log/ipaupgrade.log Be patient, this may take a few minutes. Automatic upgrade failed: IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. Unexpected error - see /var/log/ipaupgrade.log for details: CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'dirsrv@GHIBLI-DARAC-ORG-UK.service'] returned non-zero exit status 1: 'Job for dirsrv@GHIBLI-DARAC-ORG-UK.service failed because the control process exited with error code.\nSee "systemctl status dirsrv@GHIBLI-DARAC-ORG-UK.service" and "journalctl -xe" for details.\n') The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
See the upgrade log for more details and/or run /usr/sbin/ipa-server-upgrade again Aborting ipactl
Looking into the logs for dirsrv@<REALM>, I see the following:
May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: [29/May/2019:20:30:52.917492045 +0100] - ERR - dse_read_one_file - The entry cn=schema in file /usr/share/dirsrv/schema/00core.ldif (lineno: 1) is invalid, error code > May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: [29/May/2019:20:30:52.989705116 +0100] - ERR - setup_internal_backends - Please edit the file to correct the reported problems and then restart the server. May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: dirsrv@GHIBLI-DARAC-ORG-UK.service: Main process exited, code=exited, status=1/FAILURE May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: dirsrv@GHIBLI-DARAC-ORG-UK.service: Failed with result 'exit-code'. May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: Failed to start 389 Directory Server GHIBLI-DARAC-ORG-UK..
Now, in an attempt to fix this, I spun up a new VM, installed freeipa-server and then copied /usr/share/dirsrv/schema/*.ldif over, but that doesn't seem do have had any effect.
Can anyone assist in pointing me in a direction to fixing this?
Many thanks!
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Ah, is FreeIPA generally okay with servers being at different versions, then? Could I upgrade by creating a new server, enrolling it as a replica of then old server and then shut down the old server. Can I do that as a general behaviour?
On 29/05/2019 21:21, John Keates via FreeIPA-users wrote:
I’d suggest creating a new server, enrolling it as a replica (well, it’s multi-master so technically it’s just another FreeIPA server) instead of upgrading. If you have other servers that still work, do that and nuke this one. If this is the last/only server you have, I’d restore it from backups (you have those, right?).
If you neither have additional servers that work, nor backups, prepare for a nightmare. If you know ahead of time that rebuilding your IPA infrastructure might be a slight hassle yet only take an hour or so to re-enroll all hosts and reset your users, do that as it’ll be faster in many cases.
John
On 29 May 2019, at 21:35, Darac Marjal via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hello good people,
Due to being unfamiliar with Fedora, my home FreeIPA server has been languishing on Fedora version 25 for ages. I recently twigged that it hadn't been updated in ages to upgraded to Fedora version 30. That seemed to go OK, but now, when I try to run ipactl start, I get the following:
# ipactl start IPA version error: data needs to be upgraded (expected version '4.7.90.pre1-4.fc30', current version '4.4.4-1.fc25') Automatically running upgrade, for details see /var/log/ipaupgrade.log Be patient, this may take a few minutes. Automatic upgrade failed: IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. Unexpected error - see /var/log/ipaupgrade.log for details: CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'dirsrv@GHIBLI-DARAC-ORG-UK.service'] returned non-zero exit status 1: 'Job for dirsrv@GHIBLI-DARAC-ORG-UK.service failed because the control process exited with error code.\nSee "systemctl status dirsrv@GHIBLI-DARAC-ORG-UK.service" and "journalctl -xe" for details.\n') The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
See the upgrade log for more details and/or run /usr/sbin/ipa-server-upgrade again Aborting ipactl
Looking into the logs for dirsrv@<REALM>, I see the following:
May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: [29/May/2019:20:30:52.917492045 +0100] - ERR - dse_read_one_file - The entry cn=schema in file /usr/share/dirsrv/schema/00core.ldif (lineno: 1) is invalid, error code > May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: [29/May/2019:20:30:52.989705116 +0100] - ERR - setup_internal_backends - Please edit the file to correct the reported problems and then restart the server. May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: dirsrv@GHIBLI-DARAC-ORG-UK.service: Main process exited, code=exited, status=1/FAILURE May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: dirsrv@GHIBLI-DARAC-ORG-UK.service: Failed with result 'exit-code'. May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: Failed to start 389 Directory Server GHIBLI-DARAC-ORG-UK..
Now, in an attempt to fix this, I spun up a new VM, installed freeipa-server and then copied /usr/share/dirsrv/schema/*.ldif over, but that doesn't seem do have had any effect.
Can anyone assist in pointing me in a direction to fixing this?
Many thanks!
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Yes, while in general upgrades should be possible, the big jump you made combined with a distro that isn’t as robust as say, CentOS or RHEL I’d suggest always simply rolling a replacement server to replace the old ones one by one. Also always run at least 2 servers with all the roles so you don’t end up in a situation where you cannot recover from a broken system. Keep in mind that enrolments and server replication only works as long as you have at least 1 functional server.
John
On 29 May 2019, at 22:25, Darac Marjal via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Ah, is FreeIPA generally okay with servers being at different versions, then? Could I upgrade by creating a new server, enrolling it as a replica of then old server and then shut down the old server. Can I do that as a general behaviour?
On 29/05/2019 21:21, John Keates via FreeIPA-users wrote:
I’d suggest creating a new server, enrolling it as a replica (well, it’s multi-master so technically it’s just another FreeIPA server) instead of upgrading. If you have other servers that still work, do that and nuke this one. If this is the last/only server you have, I’d restore it from backups (you have those, right?).
If you neither have additional servers that work, nor backups, prepare for a nightmare. If you know ahead of time that rebuilding your IPA infrastructure might be a slight hassle yet only take an hour or so to re-enroll all hosts and reset your users, do that as it’ll be faster in many cases.
John
On 29 May 2019, at 21:35, Darac Marjal via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hello good people,
Due to being unfamiliar with Fedora, my home FreeIPA server has been languishing on Fedora version 25 for ages. I recently twigged that it hadn't been updated in ages to upgraded to Fedora version 30. That seemed to go OK, but now, when I try to run ipactl start, I get the following:
# ipactl start IPA version error: data needs to be upgraded (expected version '4.7.90.pre1-4.fc30', current version '4.4.4-1.fc25') Automatically running upgrade, for details see /var/log/ipaupgrade.log Be patient, this may take a few minutes. Automatic upgrade failed: IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. Unexpected error - see /var/log/ipaupgrade.log for details: CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'dirsrv@GHIBLI-DARAC-ORG-UK.service'] returned non-zero exit status 1: 'Job for dirsrv@GHIBLI-DARAC-ORG-UK.service failed because the control process exited with error code.\nSee "systemctl status dirsrv@GHIBLI-DARAC-ORG-UK.service" and "journalctl -xe" for details.\n') The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
See the upgrade log for more details and/or run /usr/sbin/ipa-server-upgrade again Aborting ipactl
Looking into the logs for dirsrv@<REALM>, I see the following:
May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: [29/May/2019:20:30:52.917492045 +0100] - ERR - dse_read_one_file - The entry cn=schema in file /usr/share/dirsrv/schema/00core.ldif (lineno: 1) is invalid, error code > May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: [29/May/2019:20:30:52.989705116 +0100] - ERR - setup_internal_backends - Please edit the file to correct the reported problems and then restart the server. May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: dirsrv@GHIBLI-DARAC-ORG-UK.service: Main process exited, code=exited, status=1/FAILURE May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: dirsrv@GHIBLI-DARAC-ORG-UK.service: Failed with result 'exit-code'. May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: Failed to start 389 Directory Server GHIBLI-DARAC-ORG-UK..
Now, in an attempt to fix this, I spun up a new VM, installed freeipa-server and then copied /usr/share/dirsrv/schema/*.ldif over, but that doesn't seem do have had any effect.
Can anyone assist in pointing me in a direction to fixing this?
Many thanks!
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Hello Darac,
i have the same problem like you at two IPA Servers.
After an update my 389 Directory Server doesn't start with the same Problem you have:
"dse_read_one_file - The entry cn=schema in file /etc/dirsrv/slapd-FRITZ-BOX/schema/99user.ldif (lineno: 1) is invalid, error code 20 (Type or value exists)"
For me, it looks like something wrong with the new 389-ds-base package that came out.
I'm not an 389 Directory Server Professional and can't I help you. I do the same like you to fix the problem a few days before. Copy from one working IPA Server to broken IPA Server with the same result.
My Hope is that Fedora bring out a new 389-ds-base* package that will fix this Problem.
Regards
Dirk
Am 29.05.19 um 22:25 schrieb Darac Marjal via FreeIPA-users:
Ah, is FreeIPA generally okay with servers being at different versions, then? Could I upgrade by creating a new server, enrolling it as a replica of then old server and then shut down the old server. Can I do that as a general behaviour?
On 29/05/2019 21:21, John Keates via FreeIPA-users wrote:
I’d suggest creating a new server, enrolling it as a replica (well, it’s multi-master so technically it’s just another FreeIPA server) instead of upgrading. If you have other servers that still work, do that and nuke this one. If this is the last/only server you have, I’d restore it from backups (you have those, right?).
If you neither have additional servers that work, nor backups, prepare for a nightmare. If you know ahead of time that rebuilding your IPA infrastructure might be a slight hassle yet only take an hour or so to re-enroll all hosts and reset your users, do that as it’ll be faster in many cases.
John
On 29 May 2019, at 21:35, Darac Marjal via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hello good people,
Due to being unfamiliar with Fedora, my home FreeIPA server has been languishing on Fedora version 25 for ages. I recently twigged that it hadn't been updated in ages to upgraded to Fedora version 30. That seemed to go OK, but now, when I try to run ipactl start, I get the following:
# ipactl start IPA version error: data needs to be upgraded (expected version '4.7.90.pre1-4.fc30', current version '4.4.4-1.fc25') Automatically running upgrade, for details see /var/log/ipaupgrade.log Be patient, this may take a few minutes. Automatic upgrade failed: IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. Unexpected error - see /var/log/ipaupgrade.log for details: CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'dirsrv@GHIBLI-DARAC-ORG-UK.service'] returned non-zero exit status 1: 'Job for dirsrv@GHIBLI-DARAC-ORG-UK.service failed because the control process exited with error code.\nSee "systemctl status dirsrv@GHIBLI-DARAC-ORG-UK.service" and "journalctl -xe" for details.\n') The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
See the upgrade log for more details and/or run /usr/sbin/ipa-server-upgrade again Aborting ipactl
Looking into the logs for dirsrv@<REALM>, I see the following:
May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: [29/May/2019:20:30:52.917492045 +0100] - ERR - dse_read_one_file - The entry cn=schema in file /usr/share/dirsrv/schema/00core.ldif (lineno: 1) is invalid, error code > May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: [29/May/2019:20:30:52.989705116 +0100] - ERR - setup_internal_backends - Please edit the file to correct the reported problems and then restart the server. May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: dirsrv@GHIBLI-DARAC-ORG-UK.service: Main process exited, code=exited, status=1/FAILURE May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: dirsrv@GHIBLI-DARAC-ORG-UK.service: Failed with result 'exit-code'. May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: Failed to start 389 Directory Server GHIBLI-DARAC-ORG-UK..
Now, in an attempt to fix this, I spun up a new VM, installed freeipa-server and then copied /usr/share/dirsrv/schema/*.ldif over, but that doesn't seem do have had any effect.
Can anyone assist in pointing me in a direction to fixing this?
Many thanks!
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Hello, all.
Most likely, you faced with 389-ds upgrade issue:
https://pagure.io/389-ds-base/issue/50410
30.05.2019 12:40, Dirk Streubel via FreeIPA-users пишет:
Hello Darac,
i have the same problem like you at two IPA Servers.
After an update my 389 Directory Server doesn't start with the same Problem you have:
"dse_read_one_file - The entry cn=schema in file /etc/dirsrv/slapd-FRITZ-BOX/schema/99user.ldif (lineno: 1) is invalid, error code 20 (Type or value exists)"
For me, it looks like something wrong with the new 389-ds-base package that came out.
I'm not an 389 Directory Server Professional and can't I help you. I do the same like you to fix the problem a few days before. Copy from one working IPA Server to broken IPA Server with the same result.
My Hope is that Fedora bring out a new 389-ds-base* package that will fix this Problem.
Regards
Dirk
Am 29.05.19 um 22:25 schrieb Darac Marjal via FreeIPA-users:
Ah, is FreeIPA generally okay with servers being at different versions, then? Could I upgrade by creating a new server, enrolling it as a replica of then old server and then shut down the old server. Can I do that as a general behaviour?
On 29/05/2019 21:21, John Keates via FreeIPA-users wrote:
I’d suggest creating a new server, enrolling it as a replica (well, it’s multi-master so technically it’s just another FreeIPA server) instead of upgrading. If you have other servers that still work, do that and nuke this one. If this is the last/only server you have, I’d restore it from backups (you have those, right?).
If you neither have additional servers that work, nor backups, prepare for a nightmare. If you know ahead of time that rebuilding your IPA infrastructure might be a slight hassle yet only take an hour or so to re-enroll all hosts and reset your users, do that as it’ll be faster in many cases.
John
On 29 May 2019, at 21:35, Darac Marjal via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hello good people,
Due to being unfamiliar with Fedora, my home FreeIPA server has been languishing on Fedora version 25 for ages. I recently twigged that it hadn't been updated in ages to upgraded to Fedora version 30. That seemed to go OK, but now, when I try to run ipactl start, I get the following:
# ipactl start IPA version error: data needs to be upgraded (expected version '4.7.90.pre1-4.fc30', current version '4.4.4-1.fc25') Automatically running upgrade, for details see /var/log/ipaupgrade.log Be patient, this may take a few minutes. Automatic upgrade failed: IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. Unexpected error - see /var/log/ipaupgrade.log for details: CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'dirsrv@GHIBLI-DARAC-ORG-UK.service'] returned non-zero exit status 1: 'Job for dirsrv@GHIBLI-DARAC-ORG-UK.service failed because the control process exited with error code.\nSee "systemctl status dirsrv@GHIBLI-DARAC-ORG-UK.service" and "journalctl -xe" for details.\n') The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
See the upgrade log for more details and/or run /usr/sbin/ipa-server-upgrade again Aborting ipactl
Looking into the logs for dirsrv@<REALM>, I see the following:
May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: [29/May/2019:20:30:52.917492045 +0100] - ERR - dse_read_one_file - The entry cn=schema in file /usr/share/dirsrv/schema/00core.ldif (lineno: 1) is invalid, error code > May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: [29/May/2019:20:30:52.989705116 +0100] - ERR - setup_internal_backends - Please edit the file to correct the reported problems and then restart the server. May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: dirsrv@GHIBLI-DARAC-ORG-UK.service: Main process exited, code=exited, status=1/FAILURE May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: dirsrv@GHIBLI-DARAC-ORG-UK.service: Failed with result 'exit-code'. May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: Failed to start 389 Directory Server GHIBLI-DARAC-ORG-UK..
Now, in an attempt to fix this, I spun up a new VM, installed freeipa-server and then copied /usr/share/dirsrv/schema/*.ldif over, but that doesn't seem do have had any effect.
Can anyone assist in pointing me in a direction to fixing this?
Many thanks!
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Hello Levin,
thanks a lot for this information and the link.
Regards
Dirk
Am 30.05.19 um 12:21 schrieb Levin Stanislav:
Hello, all.
Most likely, you faced with 389-ds upgrade issue:
https://pagure.io/389-ds-base/issue/50410
30.05.2019 12:40, Dirk Streubel via FreeIPA-users пишет:
Hello Darac,
i have the same problem like you at two IPA Servers.
After an update my 389 Directory Server doesn't start with the same Problem you have:
"dse_read_one_file - The entry cn=schema in file /etc/dirsrv/slapd-FRITZ-BOX/schema/99user.ldif (lineno: 1) is invalid, error code 20 (Type or value exists)"
For me, it looks like something wrong with the new 389-ds-base package that came out.
I'm not an 389 Directory Server Professional and can't I help you. I do the same like you to fix the problem a few days before. Copy from one working IPA Server to broken IPA Server with the same result.
My Hope is that Fedora bring out a new 389-ds-base* package that will fix this Problem.
Regards
Dirk
Am 29.05.19 um 22:25 schrieb Darac Marjal via FreeIPA-users:
Ah, is FreeIPA generally okay with servers being at different versions, then? Could I upgrade by creating a new server, enrolling it as a replica of then old server and then shut down the old server. Can I do that as a general behaviour?
On 29/05/2019 21:21, John Keates via FreeIPA-users wrote:
I’d suggest creating a new server, enrolling it as a replica (well, it’s multi-master so technically it’s just another FreeIPA server) instead of upgrading. If you have other servers that still work, do that and nuke this one. If this is the last/only server you have, I’d restore it from backups (you have those, right?).
If you neither have additional servers that work, nor backups, prepare for a nightmare. If you know ahead of time that rebuilding your IPA infrastructure might be a slight hassle yet only take an hour or so to re-enroll all hosts and reset your users, do that as it’ll be faster in many cases.
John
On 29 May 2019, at 21:35, Darac Marjal via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hello good people,
Due to being unfamiliar with Fedora, my home FreeIPA server has been languishing on Fedora version 25 for ages. I recently twigged that it hadn't been updated in ages to upgraded to Fedora version 30. That seemed to go OK, but now, when I try to run ipactl start, I get the following:
# ipactl start IPA version error: data needs to be upgraded (expected version '4.7.90.pre1-4.fc30', current version '4.4.4-1.fc25') Automatically running upgrade, for details see /var/log/ipaupgrade.log Be patient, this may take a few minutes. Automatic upgrade failed: IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. Unexpected error - see /var/log/ipaupgrade.log for details: CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'dirsrv@GHIBLI-DARAC-ORG-UK.service'] returned non-zero exit status 1: 'Job for dirsrv@GHIBLI-DARAC-ORG-UK.service failed because the control process exited with error code.\nSee "systemctl status dirsrv@GHIBLI-DARAC-ORG-UK.service" and "journalctl -xe" for details.\n') The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
See the upgrade log for more details and/or run /usr/sbin/ipa-server-upgrade again Aborting ipactl
Looking into the logs for dirsrv@<REALM>, I see the following:
May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: [29/May/2019:20:30:52.917492045 +0100] - ERR - dse_read_one_file - The entry cn=schema in file /usr/share/dirsrv/schema/00core.ldif (lineno: 1) is invalid, error code > May 29 20:30:52 yubaba.ghibli.darac.org.uk ns-slapd[9839]: [29/May/2019:20:30:52.989705116 +0100] - ERR - setup_internal_backends - Please edit the file to correct the reported problems and then restart the server. May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: dirsrv@GHIBLI-DARAC-ORG-UK.service: Main process exited, code=exited, status=1/FAILURE May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: dirsrv@GHIBLI-DARAC-ORG-UK.service: Failed with result 'exit-code'. May 29 20:30:53 yubaba.ghibli.darac.org.uk systemd[1]: Failed to start 389 Directory Server GHIBLI-DARAC-ORG-UK..
Now, in an attempt to fix this, I spun up a new VM, installed freeipa-server and then copied /usr/share/dirsrv/schema/*.ldif over, but that doesn't seem do have had any effect.
Can anyone assist in pointing me in a direction to fixing this?
Many thanks!
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
freeipa-users@lists.fedorahosted.org
-
Darac Marjal -
Dirk Streubel -
John Keates -
Levin Stanislav