Hello,
Please HELP
After upgrading my server, IPA is not running any more. Here is the error I am getting and I can't seem to find any solution on the web.
All services are stopped except the directory service
# ipactl status Directory Service: RUNNING krb5kdc Service: STOPPED kadmin Service: STOPPED named Service: STOPPED httpd Service: STOPPED ipa-custodia Service: STOPPED ntpd Service: STOPPED pki-tomcatd Service: STOPPED ipa-otpd Service: STOPPED ipa-dnskeysyncd Service: STOPPED ipa: INFO: The ipactl command was successful
And here is the error from /var/log/ipaupgrade.log
2017-09-15T15:30:22Z DEBUG stderr= 2017-09-15T15:30:22Z DEBUG wait_for_open_ports: localhost [389] timeout 300 2017-09-15T15:35:23Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. 2017-09-15T15:35:23Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 46, in run server.upgrade() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1913, in upgrade upgrade_configuration() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1585, in upgrade_configuration ds.start(ds_serverid) File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 627, in start super(DsInstance, self).start(*args, **kwargs) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 401, in start self.service.start(instance_name, capture_output=capture_output, wait=wait) File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line 157, in start instance_name, capture_output=capture_output, wait=wait) File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 300, in start self.wait_for_open_ports(self.service_instance(instance_name)) File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 270, in wait_for_open_ports self.api.env.startup_timeout) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1227, in wait_for_open_ports raise socket.timeout("Timeout exceeded")
2017-09-15T15:35:23Z DEBUG The ipa-server-upgrade command failed, exception: timeout: Timeout exceeded 2017-09-15T15:35:23Z ERROR Timeout exceeded 2017-09-15T15:35:23Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
Thank you, Gady
Gady Notrica via FreeIPA-users wrote:
Hello,
Please HELP
After upgrading my server, IPA is not running any more. Here is the error I am getting and I can't seem to find any solution on the web.
All services are stopped except the directory service
# ipactl status Directory Service: RUNNING krb5kdc Service: STOPPED kadmin Service: STOPPED named Service: STOPPED httpd Service: STOPPED ipa-custodia Service: STOPPED ntpd Service: STOPPED pki-tomcatd Service: STOPPED ipa-otpd Service: STOPPED ipa-dnskeysyncd Service: STOPPED ipa: INFO: The ipactl command was successful
And here is the error from /var/log/ipaupgrade.log
2017-09-15T15:30:22Z DEBUG stderr= 2017-09-15T15:30:22Z DEBUG wait_for_open_ports: localhost [389] timeout 300 2017-09-15T15:35:23Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. 2017-09-15T15:35:23Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 46, in run server.upgrade() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1913, in upgrade upgrade_configuration() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1585, in upgrade_configuration ds.start(ds_serverid) File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 627, in start super(DsInstance, self).start(*args, **kwargs) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 401, in start self.service.start(instance_name, capture_output=capture_output, wait=wait) File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line 157, in start instance_name, capture_output=capture_output, wait=wait) File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 300, in start self.wait_for_open_ports(self.service_instance(instance_name)) File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 270, in wait_for_open_ports self.api.env.startup_timeout) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1227, in wait_for_open_ports raise socket.timeout("Timeout exceeded")
2017-09-15T15:35:23Z DEBUG The ipa-server-upgrade command failed, exception: timeout: Timeout exceeded 2017-09-15T15:35:23Z ERROR Timeout exceeded 2017-09-15T15:35:23Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
Enable IPv6 and re-run ipa-server-upgrade.
rob
I am going to try now. Any workaround for people that don't want to have IPv6? On IPA servers?
Thanks,
-----Original Message----- From: Rob Crittenden [mailto:rcritten@redhat.com] Sent: September 15, 2017 11:44 AM To: FreeIPA users list freeipa-users@lists.fedorahosted.org Cc: Gady Notrica gnotrica@candeal.com Subject: Re: [Freeipa-users] IPA Server down after system update
Gady Notrica via FreeIPA-users wrote:
Hello,
Please HELP
After upgrading my server, IPA is not running any more. Here is the error I am getting and I can't seem to find any solution on the web.
All services are stopped except the directory service
# ipactl status Directory Service: RUNNING krb5kdc Service: STOPPED kadmin Service: STOPPED named Service: STOPPED httpd Service: STOPPED ipa-custodia Service: STOPPED ntpd Service: STOPPED pki-tomcatd Service: STOPPED ipa-otpd Service: STOPPED ipa-dnskeysyncd Service: STOPPED ipa: INFO: The ipactl command was successful
And here is the error from /var/log/ipaupgrade.log
2017-09-15T15:30:22Z DEBUG stderr= 2017-09-15T15:30:22Z DEBUG wait_for_open_ports: localhost [389] timeout 300 2017-09-15T15:35:23Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. 2017-09-15T15:35:23Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 46, in run server.upgrade() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1913, in upgrade upgrade_configuration() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1585, in upgrade_configuration ds.start(ds_serverid) File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 627, in start super(DsInstance, self).start(*args, **kwargs) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 401, in start self.service.start(instance_name, capture_output=capture_output, wait=wait) File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line 157, in start instance_name, capture_output=capture_output, wait=wait) File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 300, in start self.wait_for_open_ports(self.service_instance(instance_name)) File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 270, in wait_for_open_ports self.api.env.startup_timeout) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1227, in wait_for_open_ports raise socket.timeout("Timeout exceeded")
2017-09-15T15:35:23Z DEBUG The ipa-server-upgrade command failed, exception: timeout: Timeout exceeded 2017-09-15T15:35:23Z ERROR Timeout exceeded 2017-09-15T15:35:23Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
Enable IPv6 and re-run ipa-server-upgrade.
rob
I enabled IPv6 as you can see below:
Int1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.120.200 netmask 255.255.255.0 broadcast 10.20.10.255 inet6 fe80::250:56ff:fe81:c4ba prefixlen 64 scopeid 0x20<link> ether 00:50:56:81:c4:ba txqueuelen 1000 (Ethernet) RX packets 148560 bytes 12827163 (12.2 MiB) RX errors 0 dropped 50 overruns 0 frame 0 TX packets 46268 bytes 16994535 (16.2 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Int2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.200 netmask 255.255.255.0 broadcast 192.168.110.255 inet6 fe80::250:56ff:fe81:4615 prefixlen 64 scopeid 0x20<link> ether 00:50:56:81:46:15 txqueuelen 1000 (Ethernet) RX packets 3831 bytes 278364 (271.8 KiB) RX errors 0 dropped 50 overruns 0 frame 0 TX packets 12 bytes 760 (760.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Still having the same issue
2017-09-15T15:58:46Z DEBUG stderr= 2017-09-15T15:58:46Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300 2017-09-15T16:03:46Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. 2017-09-15T16:03:46Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 46, in run server.upgrade() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1913, in upgrade upgrade_configuration() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1652, in upgrade_configuration ca.start('pki-tomcat') File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 401, in start self.service.start(instance_name, capture_output=capture_output, wait=wait) File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line 211, in start instance_name, capture_output=capture_output, wait=wait) File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 300, in start self.wait_for_open_ports(self.service_instance(instance_name)) File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 270, in wait_for_open_ports self.api.env.startup_timeout) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1227, in wait_for_open_ports raise socket.timeout("Timeout exceeded")
2017-09-15T16:03:46Z DEBUG The ipa-server-upgrade command failed, exception: timeout: Timeout exceeded 2017-09-15T16:03:46Z ERROR Timeout exceeded 2017-09-15T16:03:46Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
-----Original Message----- From: Gady Notrica via FreeIPA-users [mailto:freeipa-users@lists.fedorahosted.org] Sent: September 15, 2017 11:57 AM To: Rob Crittenden rcritten@redhat.com; FreeIPA users list freeipa-users@lists.fedorahosted.org Cc: Gady Notrica gnotrica@candeal.com Subject: [Freeipa-users] Re: IPA Server down after system update
I am going to try now. Any workaround for people that don't want to have IPv6? On IPA servers?
Thanks,
-----Original Message----- From: Rob Crittenden [mailto:rcritten@redhat.com] Sent: September 15, 2017 11:44 AM To: FreeIPA users list freeipa-users@lists.fedorahosted.org Cc: Gady Notrica gnotrica@candeal.com Subject: Re: [Freeipa-users] IPA Server down after system update
Gady Notrica via FreeIPA-users wrote:
Hello,
Please HELP
After upgrading my server, IPA is not running any more. Here is the error I am getting and I can't seem to find any solution on the web.
All services are stopped except the directory service
# ipactl status Directory Service: RUNNING krb5kdc Service: STOPPED kadmin Service: STOPPED named Service: STOPPED httpd Service: STOPPED ipa-custodia Service: STOPPED ntpd Service: STOPPED pki-tomcatd Service: STOPPED ipa-otpd Service: STOPPED ipa-dnskeysyncd Service: STOPPED ipa: INFO: The ipactl command was successful
And here is the error from /var/log/ipaupgrade.log
2017-09-15T15:30:22Z DEBUG stderr= 2017-09-15T15:30:22Z DEBUG wait_for_open_ports: localhost [389] timeout 300 2017-09-15T15:35:23Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. 2017-09-15T15:35:23Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 46, in run server.upgrade() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1913, in upgrade upgrade_configuration() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1585, in upgrade_configuration ds.start(ds_serverid) File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 627, in start super(DsInstance, self).start(*args, **kwargs) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 401, in start self.service.start(instance_name, capture_output=capture_output, wait=wait) File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line 157, in start instance_name, capture_output=capture_output, wait=wait) File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 300, in start self.wait_for_open_ports(self.service_instance(instance_name)) File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 270, in wait_for_open_ports self.api.env.startup_timeout) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1227, in wait_for_open_ports raise socket.timeout("Timeout exceeded")
2017-09-15T15:35:23Z DEBUG The ipa-server-upgrade command failed, exception: timeout: Timeout exceeded 2017-09-15T15:35:23Z ERROR Timeout exceeded 2017-09-15T15:35:23Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
Enable IPv6 and re-run ipa-server-upgrade.
rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
On pe, 15 syys 2017, Gady Notrica via FreeIPA-users wrote:
I am going to try now. Any workaround for people that don't want to have IPv6? On IPA servers?
IPA masters must have IPv6 stack enabled in the kernel. You may opt to not assigning IP addresses to the interfaces but we do rely on availability of IPv6 stack in IPA and it is an absolute requirement to be enabled.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm... (in 2.1.2).
Thanks,
-----Original Message----- From: Rob Crittenden [mailto:rcritten@redhat.com] Sent: September 15, 2017 11:44 AM To: FreeIPA users list freeipa-users@lists.fedorahosted.org Cc: Gady Notrica gnotrica@candeal.com Subject: Re: [Freeipa-users] IPA Server down after system update
Gady Notrica via FreeIPA-users wrote:
Hello,
Please HELP
After upgrading my server, IPA is not running any more. Here is the error I am getting and I can't seem to find any solution on the web.
All services are stopped except the directory service
# ipactl status Directory Service: RUNNING krb5kdc Service: STOPPED kadmin Service: STOPPED named Service: STOPPED httpd Service: STOPPED ipa-custodia Service: STOPPED ntpd Service: STOPPED pki-tomcatd Service: STOPPED ipa-otpd Service: STOPPED ipa-dnskeysyncd Service: STOPPED ipa: INFO: The ipactl command was successful
And here is the error from /var/log/ipaupgrade.log
2017-09-15T15:30:22Z DEBUG stderr= 2017-09-15T15:30:22Z DEBUG wait_for_open_ports: localhost [389] timeout 300 2017-09-15T15:35:23Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. 2017-09-15T15:35:23Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 46, in run server.upgrade() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1913, in upgrade upgrade_configuration() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1585, in upgrade_configuration ds.start(ds_serverid) File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 627, in start super(DsInstance, self).start(*args, **kwargs) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 401, in start self.service.start(instance_name, capture_output=capture_output, wait=wait) File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line 157, in start instance_name, capture_output=capture_output, wait=wait) File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 300, in start self.wait_for_open_ports(self.service_instance(instance_name)) File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 270, in wait_for_open_ports self.api.env.startup_timeout) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1227, in wait_for_open_ports raise socket.timeout("Timeout exceeded")
2017-09-15T15:35:23Z DEBUG The ipa-server-upgrade command failed, exception: timeout: Timeout exceeded 2017-09-15T15:35:23Z ERROR Timeout exceeded 2017-09-15T15:35:23Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
Enable IPv6 and re-run ipa-server-upgrade.
rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
I enabled IPv6 as you can see below:
Int1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.120.200 netmask 255.255.255.0 broadcast 10.0.120.255 inet6 fe80::250:56ff:fe81:c4ba prefixlen 64 scopeid 0x20<link> ether 00:50:56:81:c4:ba txqueuelen 1000 (Ethernet) RX packets 148560 bytes 12827163 (12.2 MiB) RX errors 0 dropped 50 overruns 0 frame 0 TX packets 46268 bytes 16994535 (16.2 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Int2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.200 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::250:56ff:fe81:4615 prefixlen 64 scopeid 0x20<link> ether 00:50:56:81:46:15 txqueuelen 1000 (Ethernet) RX packets 3831 bytes 278364 (271.8 KiB) RX errors 0 dropped 50 overruns 0 frame 0 TX packets 12 bytes 760 (760.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
But still having the same issue:
2017-09-15T15:58:46Z DEBUG stderr= 2017-09-15T15:58:46Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300 2017-09-15T16:03:46Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. 2017-09-15T16:03:46Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 46, in run server.upgrade() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1913, in upgrade upgrade_configuration() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1652, in upgrade_configuration ca.start('pki-tomcat') File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 401, in start self.service.start(instance_name, capture_output=capture_output, wait=wait) File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line 211, in start instance_name, capture_output=capture_output, wait=wait) File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 300, in start self.wait_for_open_ports(self.service_instance(instance_name)) File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 270, in wait_for_open_ports self.api.env.startup_timeout) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1227, in wait_for_open_ports raise socket.timeout("Timeout exceeded")
2017-09-15T16:03:46Z DEBUG The ipa-server-upgrade command failed, exception: timeout: Timeout exceeded 2017-09-15T16:03:46Z ERROR Timeout exceeded 2017-09-15T16:03:46Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
-----Original Message----- From: Alexander Bokovoy [mailto:abokovoy@redhat.com] Sent: September 15, 2017 12:26 PM To: FreeIPA users list freeipa-users@lists.fedorahosted.org Cc: Rob Crittenden rcritten@redhat.com; Gady Notrica gnotrica@candeal.com Subject: Re: [Freeipa-users] Re: IPA Server down after system update
On pe, 15 syys 2017, Gady Notrica via FreeIPA-users wrote:
I am going to try now. Any workaround for people that don't want to have IPv6? On IPA servers?
IPA masters must have IPv6 stack enabled in the kernel. You may opt to not assigning IP addresses to the interfaces but we do rely on availability of IPv6 stack in IPA and it is an absolute requirement to be enabled.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm... (in 2.1.2).
Thanks,
-----Original Message----- From: Rob Crittenden [mailto:rcritten@redhat.com] Sent: September 15, 2017 11:44 AM To: FreeIPA users list freeipa-users@lists.fedorahosted.org Cc: Gady Notrica gnotrica@candeal.com Subject: Re: [Freeipa-users] IPA Server down after system update
Gady Notrica via FreeIPA-users wrote:
Hello,
Please HELP
After upgrading my server, IPA is not running any more. Here is the error I am getting and I can't seem to find any solution on the web.
All services are stopped except the directory service
# ipactl status Directory Service: RUNNING krb5kdc Service: STOPPED kadmin Service: STOPPED named Service: STOPPED httpd Service: STOPPED ipa-custodia Service: STOPPED ntpd Service: STOPPED pki-tomcatd Service: STOPPED ipa-otpd Service: STOPPED ipa-dnskeysyncd Service: STOPPED ipa: INFO: The ipactl command was successful
And here is the error from /var/log/ipaupgrade.log
2017-09-15T15:30:22Z DEBUG stderr= 2017-09-15T15:30:22Z DEBUG wait_for_open_ports: localhost [389] timeout 300 2017-09-15T15:35:23Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. 2017-09-15T15:35:23Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 46, in run server.upgrade() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1913, in upgrade upgrade_configuration() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1585, in upgrade_configuration ds.start(ds_serverid) File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 627, in start super(DsInstance, self).start(*args, **kwargs) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 401, in start self.service.start(instance_name, capture_output=capture_output, wait=wait) File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line 157, in start instance_name, capture_output=capture_output, wait=wait) File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 300, in start self.wait_for_open_ports(self.service_instance(instance_name)) File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 270, in wait_for_open_ports self.api.env.startup_timeout) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1227, in wait_for_open_ports raise socket.timeout("Timeout exceeded")
2017-09-15T15:35:23Z DEBUG The ipa-server-upgrade command failed, exception: timeout: Timeout exceeded 2017-09-15T15:35:23Z ERROR Timeout exceeded 2017-09-15T15:35:23Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
Enable IPv6 and re-run ipa-server-upgrade.
rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
-- / Alexander Bokovoy
Gady Notrica via FreeIPA-users freeipa-users@lists.fedorahosted.org writes:
But still having the same issue:
No, you don't. Earlier it timed out waiting for dirsrv, but now it's dogtag (Port 8080, 8443):
2017-09-15T15:58:46Z DEBUG stderr= 2017-09-15T15:58:46Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300 2017-09-15T16:03:46Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
Have a look at the dogtag logs and possibly https://floblanc.wordpress.com/2017/09/11/troubleshooting-freeipa-pki-tomcat...
For me another replica refreshed the certificate while ipaupgrade was running. Another possibility was failure to refresh the cert due to selinux. (Can't find the ticket now).
Jochen
I was able to resolve but some services are down. ntpd Service: STOPPED and smb Service: STOPPED
Please help
# ipactl status Directory Service: RUNNING krb5kdc Service: RUNNING kadmin Service: RUNNING named Service: RUNNING httpd Service: RUNNING ipa-custodia Service: RUNNING ntpd Service: STOPPED pki-tomcatd Service: RUNNING smb Service: STOPPED winbind Service: RUNNING ipa-otpd Service: RUNNING ipa-dnskeysyncd Service: RUNNING ipa: INFO: The ipactl command was successful
But NTP is installed
# systemctl restart ntpd Failed to restart ntpd.service: Unit is masked.
# yum install ntp Loaded plugins: versionlock Package ntp-4.2.6p5-25.el7.centos.2.x86_64 already installed and latest version Nothing to do
Thanks, Gady
-----Original Message----- From: Jochen Hein [mailto:jochen@jochen.org] Sent: September 15, 2017 1:26 PM To: Gady Notrica via FreeIPA-users freeipa-users@lists.fedorahosted.org Cc: Alexander Bokovoy abokovoy@redhat.com; Rob Crittenden rcritten@redhat.com; Gady Notrica gnotrica@candeal.com Subject: Re: [Freeipa-users] Re: IPA Server down after system update
Gady Notrica via FreeIPA-users freeipa-users@lists.fedorahosted.org writes:
But still having the same issue:
No, you don't. Earlier it timed out waiting for dirsrv, but now it's dogtag (Port 8080, 8443):
2017-09-15T15:58:46Z DEBUG stderr= 2017-09-15T15:58:46Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300 2017-09-15T16:03:46Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
Have a look at the dogtag logs and possibly https://floblanc.wordpress.com/2017/09/11/troubleshooting-freeipa-pki-tomcat...
For me another replica refreshed the certificate while ipaupgrade was running. Another possibility was failure to refresh the cert due to selinux. (Can't find the ticket now).
Jochen
-- This space is intentionally left blank.
freeipa-users@lists.fedorahosted.org
-
Alexander Bokovoy -
Gady Notrica -
Jochen Hein -
Rob Crittenden