Thanks Angus for the reply.
In my case, original IPA server is completely damaged / deleted, and now I am attempting to create an exactly similar server using "full-server" backup. Do you have any suggestions for such a scenario?
Thanks sgarg
On Fri, Oct 25, 2019 at 6:05 PM Angus Clarke post@angusclarke.com wrote:
Hi
An alternative approach would be to setup your new server as an IPA client and then to promote it.
On new server: # ipa-client-install
Followed by # ipa-replica-install
Check the man pages for options suitable to your environment, otherwise I specify --setup-ca for all our new IPA instances.
I use this process for rolling out new IPA servers when we add new environments.
Regards Angus
*From:* Saurabh Garg via FreeIPA-users < freeipa-users@lists.fedorahosted.org> *Sent:* Friday, October 25, 2019 11:55:40 AM *To:* freeipa-users@lists.fedorahosted.org < freeipa-users@lists.fedorahosted.org> *Cc:* Saurabh Garg saurabh.grg@gmail.com *Subject:* [Freeipa-users] Full Server backup fails with IPA version error
Background - We are trying to restore "full server" from an existing IPA server (with replication ON to another server) to a newly created IPA Server from the same golden image as all other servers.
Source IPA Server: Red Hat Enterprise Linux Server release 7.7 (Maipo) # ipa-server-install --version 4.6.4
Destination IPA Server: Red Hat Enterprise Linux Server release 7.7 (Maipo) # ipa-server-install --version 4.6.4
Problem Statement - While running "ipa-restore" (exact command: # ipa-restore /root/backup/) on the new IPA server for full server backup, system throws the following error lines in iparestore.log:
2019-10-25T08:19:26Z DEBUG stderr=IPA version error: data needs to be upgraded (expected version '4.6.4-10.el7_6.6', current version '4.6.4-10.el7_6.3') Automatically running upgrade, for details see /var/log/ipaupgrade.log Be patient, this may take a few minutes. Automatic upgrade failed: Update complete Upgrading the configuration of the IPA services [Verifying that root certificate is published] [Migrate CRL publish directory] Publish directory already set to new location [Verifying that CA proxy configuration is correct] IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. CA did not start in 300.0s The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
See the upgrade log for more details and/or run /usr/sbin/ipa-server-upgrade again Aborting ipactl
2019-10-25T08:19:26Z INFO Restoring umask to 23 2019-10-25T08:19:26Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_restore.py", line 428, in run run(['ipactl', 'start']) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 562, in run raise CalledProcessError(p.returncode, arg_string, str(output))
2019-10-25T08:19:26Z DEBUG The ipa-restore command failed, exception: CalledProcessError: Command 'ipactl start' returned non-zero exit status 1 2019-10-25T08:19:26Z ERROR Command 'ipactl start' returned non-zero exit status 1 2019-10-25T08:19:26Z ERROR The ipa-restore command failed. See /var/log/iparestore.log for more information
In case you are aware of its fix/workaround, kindly share the steps.
Thanks, sgarg _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedor... List Guidelines: https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproj... List Archives: https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedo...
Sorry that's out of my depth
I took it that you still had a remaining replica, in which case you should be able to follow the path I mentioned earlier. If so, you just need to understand the CA situation. I build all my IPA servers in the way I mentioned and specify --setup-ca on all of them.
Regards Angus
________________________________ From: Saurabh Garg saurabh.grg@gmail.com Sent: Tuesday, October 29, 2019 9:08:06 AM To: Angus Clarke post@angusclarke.com Cc: FreeIPA users list freeipa-users@lists.fedorahosted.org Subject: Re: [Freeipa-users] Re: Full Server backup fails with IPA version error
Thanks Angus for the reply.
In my case, original IPA server is completely damaged / deleted, and now I am attempting to create an exactly similar server using "full-server" backup. Do you have any suggestions for such a scenario?
Thanks sgarg
On Fri, Oct 25, 2019 at 6:05 PM Angus Clarke <post@angusclarke.commailto:post@angusclarke.com> wrote: Hi
An alternative approach would be to setup your new server as an IPA client and then to promote it.
On new server: # ipa-client-install
Followed by # ipa-replica-install
Check the man pages for options suitable to your environment, otherwise I specify --setup-ca for all our new IPA instances.
I use this process for rolling out new IPA servers when we add new environments.
Regards Angus
________________________________ From: Saurabh Garg via FreeIPA-users <freeipa-users@lists.fedorahosted.orgmailto:freeipa-users@lists.fedorahosted.org> Sent: Friday, October 25, 2019 11:55:40 AM To: freeipa-users@lists.fedorahosted.orgmailto:freeipa-users@lists.fedorahosted.org <freeipa-users@lists.fedorahosted.orgmailto:freeipa-users@lists.fedorahosted.org> Cc: Saurabh Garg <saurabh.grg@gmail.commailto:saurabh.grg@gmail.com> Subject: [Freeipa-users] Full Server backup fails with IPA version error
Background - We are trying to restore "full server" from an existing IPA server (with replication ON to another server) to a newly created IPA Server from the same golden image as all other servers.
Source IPA Server: Red Hat Enterprise Linux Server release 7.7 (Maipo) # ipa-server-install --version 4.6.4
Destination IPA Server: Red Hat Enterprise Linux Server release 7.7 (Maipo) # ipa-server-install --version 4.6.4
Problem Statement - While running "ipa-restore" (exact command: # ipa-restore /root/backup/) on the new IPA server for full server backup, system throws the following error lines in iparestore.log:
2019-10-25T08:19:26Z DEBUG stderr=IPA version error: data needs to be upgraded (expected version '4.6.4-10.el7_6.6', current version '4.6.4-10.el7_6.3') Automatically running upgrade, for details see /var/log/ipaupgrade.log Be patient, this may take a few minutes. Automatic upgrade failed: Update complete Upgrading the configuration of the IPA services [Verifying that root certificate is published] [Migrate CRL publish directory] Publish directory already set to new location [Verifying that CA proxy configuration is correct] IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. CA did not start in 300.0s The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
See the upgrade log for more details and/or run /usr/sbin/ipa-server-upgrade again Aborting ipactl
2019-10-25T08:19:26Z INFO Restoring umask to 23 2019-10-25T08:19:26Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_restore.py", line 428, in run run(['ipactl', 'start']) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 562, in run raise CalledProcessError(p.returncode, arg_string, str(output))
2019-10-25T08:19:26Z DEBUG The ipa-restore command failed, exception: CalledProcessError: Command 'ipactl start' returned non-zero exit status 1 2019-10-25T08:19:26Z ERROR Command 'ipactl start' returned non-zero exit status 1 2019-10-25T08:19:26Z ERROR The ipa-restore command failed. See /var/log/iparestore.log for more information
In case you are aware of its fix/workaround, kindly share the steps.
Thanks, sgarg _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.orgmailto:freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.orgmailto:freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedor...https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=02%7C01%7C%7Cc5db68d28e0b4409e95108d75c472850%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637079332993706281&sdata=skNy7P%2BD35KaY7JlorGEtmSUQ1VDpR3vxNNJWVsSukw%3D&reserved=0 List Guidelines: https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproj...https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7C%7Cc5db68d28e0b4409e95108d75c472850%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637079332993716292&sdata=nBLF%2F3k%2FRkERf4N20yT9dvBeqVk42SSFHeCRrZs1TUs%3D&reserved=0 List Archives: https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedo...https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedorahosted.org%2Farchives%2Flist%2Ffreeipa-users%40lists.fedorahosted.org&data=02%7C01%7C%7Cc5db68d28e0b4409e95108d75c472850%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637079332993726297&sdata=ZaR3iOsh7JubFmt0ngrL%2FNRHohmxGNhNI12Z7nchuCo%3D&reserved=0 ________________________________ From: Saurabh Garg saurabh.grg@gmail.com Sent: Tuesday, October 29, 2019 9:08:06 AM To: Angus Clarke post@angusclarke.com Cc: FreeIPA users list freeipa-users@lists.fedorahosted.org Subject: Re: [Freeipa-users] Re: Full Server backup fails with IPA version error
Thanks Angus for the reply.
In my case, original IPA server is completely damaged / deleted, and now I am attempting to create an exactly similar server using "full-server" backup. Do you have any suggestions for such a scenario?
Thanks sgarg
On Fri, Oct 25, 2019 at 6:05 PM Angus Clarke <post@angusclarke.commailto:post@angusclarke.com> wrote: Hi
An alternative approach would be to setup your new server as an IPA client and then to promote it.
On new server: # ipa-client-install
Followed by # ipa-replica-install
Check the man pages for options suitable to your environment, otherwise I specify --setup-ca for all our new IPA instances.
I use this process for rolling out new IPA servers when we add new environments.
Regards Angus
________________________________ From: Saurabh Garg via FreeIPA-users <freeipa-users@lists.fedorahosted.orgmailto:freeipa-users@lists.fedorahosted.org> Sent: Friday, October 25, 2019 11:55:40 AM To: freeipa-users@lists.fedorahosted.orgmailto:freeipa-users@lists.fedorahosted.org <freeipa-users@lists.fedorahosted.orgmailto:freeipa-users@lists.fedorahosted.org> Cc: Saurabh Garg <saurabh.grg@gmail.commailto:saurabh.grg@gmail.com> Subject: [Freeipa-users] Full Server backup fails with IPA version error
Background - We are trying to restore "full server" from an existing IPA server (with replication ON to another server) to a newly created IPA Server from the same golden image as all other servers.
Source IPA Server: Red Hat Enterprise Linux Server release 7.7 (Maipo) # ipa-server-install --version 4.6.4
Destination IPA Server: Red Hat Enterprise Linux Server release 7.7 (Maipo) # ipa-server-install --version 4.6.4
Problem Statement - While running "ipa-restore" (exact command: # ipa-restore /root/backup/) on the new IPA server for full server backup, system throws the following error lines in iparestore.log:
2019-10-25T08:19:26Z DEBUG stderr=IPA version error: data needs to be upgraded (expected version '4.6.4-10.el7_6.6', current version '4.6.4-10.el7_6.3') Automatically running upgrade, for details see /var/log/ipaupgrade.log Be patient, this may take a few minutes. Automatic upgrade failed: Update complete Upgrading the configuration of the IPA services [Verifying that root certificate is published] [Migrate CRL publish directory] Publish directory already set to new location [Verifying that CA proxy configuration is correct] IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. CA did not start in 300.0s The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
See the upgrade log for more details and/or run /usr/sbin/ipa-server-upgrade again Aborting ipactl
2019-10-25T08:19:26Z INFO Restoring umask to 23 2019-10-25T08:19:26Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_restore.py", line 428, in run run(['ipactl', 'start']) File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 562, in run raise CalledProcessError(p.returncode, arg_string, str(output))
2019-10-25T08:19:26Z DEBUG The ipa-restore command failed, exception: CalledProcessError: Command 'ipactl start' returned non-zero exit status 1 2019-10-25T08:19:26Z ERROR Command 'ipactl start' returned non-zero exit status 1 2019-10-25T08:19:26Z ERROR The ipa-restore command failed. See /var/log/iparestore.log for more information
In case you are aware of its fix/workaround, kindly share the steps.
Thanks, sgarg _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.orgmailto:freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.orgmailto:freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedor...https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=02%7C01%7C%7Cc5db68d28e0b4409e95108d75c472850%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637079332993706281&sdata=skNy7P%2BD35KaY7JlorGEtmSUQ1VDpR3vxNNJWVsSukw%3D&reserved=0 List Guidelines: https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproj...https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7C%7Cc5db68d28e0b4409e95108d75c472850%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637079332993716292&sdata=nBLF%2F3k%2FRkERf4N20yT9dvBeqVk42SSFHeCRrZs1TUs%3D&reserved=0 List Archives: https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedo...https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedorahosted.org%2Farchives%2Flist%2Ffreeipa-users%40lists.fedorahosted.org&data=02%7C01%7C%7Cc5db68d28e0b4409e95108d75c472850%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637079332993726297&sdata=ZaR3iOsh7JubFmt0ngrL%2FNRHohmxGNhNI12Z7nchuCo%3D&reserved=0
freeipa-users@lists.fedorahosted.org