I just upgraded copies of our 3 servers from Centos 8.2 to 8.3. I always try it on copies before doing it on the real thing.
The upgrades all went fine, but on one of the servers, the services weren’t running, and ipactl status complained
Failed to get list of services to probe status! Configured hostname z does not match any master server in LDAP: x y z
Adding prints to the python code, I found the issue was that the services, e.g.
dn: cn=KPASSWD,cn=z,cn=masters,cn=ipa,cn=etc,dc=cs,dc=rutgers,dc=edu
had
ipaConfigString: configuredService
when they should have had
ipaConfigString: enabledService
It was easy to fix. Things now look OK.
Since I’ve fixed it, I don’t need any help, but I thought it was worth reporting. There were some oddities in getting the copies working. Initially I had bad IP addresses various places. That broke synchronization, and I had to reinitialize server z by copying from x. But that was before the upgrade. Before doing any upgrades I made sure everything worked, and the replicas were all syncing.
The fix did sync to the other servers.
The error message wasn’t entirely helpful.
Intersting. It looks like two servers used enabledService and one configuredService before the upgrade. I conjecture that the code in IPA changed, but not the data. Thus configuredService worked fine before but not after the upgrade. That suggests that the migration script should probably be modified to replace configuredService with enabledService.
On Dec 10, 2020, at 10:54 AM, Charles Hedrick hedrick@cs.rutgers.edu wrote:
I just upgraded copies of our 3 servers from Centos 8.2 to 8.3. I always try it on copies before doing it on the real thing.
The upgrades all went fine, but on one of the servers, the services weren’t running, and ipactl status complained
Failed to get list of services to probe status! Configured hostname z does not match any master server in LDAP: x y z
Adding prints to the python code, I found the issue was that the services, e.g.
dn: cn=KPASSWD,cn=z,cn=masters,cn=ipa,cn=etc,dc=cs,dc=rutgers,dc=edu
had
ipaConfigString: configuredService
when they should have had
ipaConfigString: enabledService
It was easy to fix. Things now look OK.
Since I’ve fixed it, I don’t need any help, but I thought it was worth reporting. There were some oddities in getting the copies working. Initially I had bad IP addresses various places. That broke synchronization, and I had to reinitialize server z by copying from x. But that was before the upgrade. Before doing any upgrades I made sure everything worked, and the replicas were all syncing.
The fix did sync to the other servers.
The error message wasn’t entirely helpful.
Answering from the phone, sorry for top posting.
Could you please open a bug or upstream ticket with logs so that we can look at it later?
----- Charles Hedrick via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
I just upgraded copies of our 3 servers from Centos 8.2 to 8.3. I always try it on copies before doing it on the real thing.
The upgrades all went fine, but on one of the servers, the services weren’t running, and ipactl status complained
Failed to get list of services to probe status! Configured hostname z does not match any master server in LDAP: x y z
Adding prints to the python code, I found the issue was that the services, e.g.
dn: cn=KPASSWD,cn=z,cn=masters,cn=ipa,cn=etc,dc=cs,dc=rutgers,dc=edu
had
ipaConfigString: configuredService
when they should have had
ipaConfigString: enabledService
It was easy to fix. Things now look OK.
Since I’ve fixed it, I don’t need any help, but I thought it was worth reporting. There were some oddities in getting the copies working. Initially I had bad IP addresses various places. That broke synchronization, and I had to reinitialize server z by copying from x. But that was before the upgrade. Before doing any upgrades I made sure everything worked, and the replicas were all syncing.
The fix did sync to the other servers.
The error message wasn’t entirely helpful.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
freeipa-users@lists.fedorahosted.org