Sorry that's out of my depth

I took it that you still had a remaining replica, in which case you should be able to follow the path I mentioned earlier. If so, you just need to understand the CA situation. I build all my IPA servers in the way I mentioned and specify --setup-ca on all of them.

Regards
Angus

From: Saurabh Garg <saurabh.grg@gmail.com>
Sent: Tuesday, October 29, 2019 9:08:06 AM
To: Angus Clarke <post@angusclarke.com>
Cc: FreeIPA users list <freeipa-users@lists.fedorahosted.org>
Subject: Re: [Freeipa-users] Re: Full Server backup fails with IPA version error
 
Thanks Angus for the reply.

In my case, original IPA server is completely damaged / deleted, and now I am attempting to create an exactly similar server using "full-server" backup.
Do you have any suggestions for such a scenario?

Thanks
sgarg

On Fri, Oct 25, 2019 at 6:05 PM Angus Clarke <post@angusclarke.com> wrote:
Hi

An alternative approach would be to setup your new server as an IPA client and then to promote it.

On new server:
# ipa-client-install

Followed by
# ipa-replica-install

Check the man pages for options suitable to your environment, otherwise I specify --setup-ca for all our new IPA instances.

I use this process for rolling out new IPA servers when we add new environments.

Regards
Angus

From: Saurabh Garg via FreeIPA-users <freeipa-users@lists.fedorahosted.org>
Sent: Friday, October 25, 2019 11:55:40 AM
To: freeipa-users@lists.fedorahosted.org <freeipa-users@lists.fedorahosted.org>
Cc: Saurabh Garg <saurabh.grg@gmail.com>
Subject: [Freeipa-users] Full Server backup fails with IPA version error
 
Background -
We are trying to restore "full server" from an existing IPA server (with replication ON to another server) to a newly created IPA Server from the same golden image as all other servers.

Source IPA Server: Red Hat Enterprise Linux Server release 7.7 (Maipo)
# ipa-server-install --version
4.6.4

Destination IPA Server: Red Hat Enterprise Linux Server release 7.7 (Maipo)
# ipa-server-install --version
4.6.4

Problem Statement -
While running  "ipa-restore" (exact command: # ipa-restore /root/backup/) on the new IPA server for full server backup, system throws the following error lines in iparestore.log:


2019-10-25T08:19:26Z DEBUG stderr=IPA version error: data needs to be upgraded (expected version '4.6.4-10.el7_6.6', current version '4.6.4-10.el7_6.3')
Automatically running upgrade, for details see /var/log/ipaupgrade.log
Be patient, this may take a few minutes.
Automatic upgrade failed: Update complete
Upgrading the configuration of the IPA services
[Verifying that root certificate is published]
[Migrate CRL publish directory]
Publish directory already set to new location
[Verifying that CA proxy configuration is correct]
IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
CA did not start in 300.0s
The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information

See the upgrade log for more details and/or run /usr/sbin/ipa-server-upgrade again
Aborting ipactl

2019-10-25T08:19:26Z INFO Restoring umask to 23
2019-10-25T08:19:26Z DEBUG   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_restore.py", line 428, in run
    run(['ipactl', 'start'])
  File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 562, in run
    raise CalledProcessError(p.returncode, arg_string, str(output))

2019-10-25T08:19:26Z DEBUG The ipa-restore command failed, exception: CalledProcessError: Command 'ipactl start' returned non-zero exit status 1
2019-10-25T08:19:26Z ERROR Command 'ipactl start' returned non-zero exit status 1
2019-10-25T08:19:26Z ERROR The ipa-restore command failed. See /var/log/iparestore.log for more information

In case you are aware of its fix/workaround, kindly share the steps.

Thanks,
sgarg
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&amp;data=02%7C01%7C%7Cf387ce2c794d4e68d3e108d759318ccc%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637075941655510312&amp;sdata=P9YiAhfLP52C%2FuH0C%2BqyJYWovpEM90fMVy8VBgGsZh0%3D&amp;reserved=0
List Guidelines: https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines&amp;data=02%7C01%7C%7Cf387ce2c794d4e68d3e108d759318ccc%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637075941655510312&amp;sdata=211CDIyJCx7zCeyfeAfx34CRw08LGZbzneFgGZX%2Bggg%3D&amp;reserved=0
List Archives: https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedorahosted.org%2Farchives%2Flist%2Ffreeipa-users%40lists.fedorahosted.org&amp;data=02%7C01%7C%7Cf387ce2c794d4e68d3e108d759318ccc%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637075941655510312&amp;sdata=nSLzErDuiZ6F0w5PD5WQLwobi3xqjvl6o9iu06daywo%3D&amp;reserved=0
From: Saurabh Garg <saurabh.grg@gmail.com>
Sent: Tuesday, October 29, 2019 9:08:06 AM
To: Angus Clarke <post@angusclarke.com>
Cc: FreeIPA users list <freeipa-users@lists.fedorahosted.org>
Subject: Re: [Freeipa-users] Re: Full Server backup fails with IPA version error
 
Thanks Angus for the reply.

In my case, original IPA server is completely damaged / deleted, and now I am attempting to create an exactly similar server using "full-server" backup.
Do you have any suggestions for such a scenario?

Thanks
sgarg

On Fri, Oct 25, 2019 at 6:05 PM Angus Clarke <post@angusclarke.com> wrote:
Hi

An alternative approach would be to setup your new server as an IPA client and then to promote it.

On new server:
# ipa-client-install

Followed by
# ipa-replica-install

Check the man pages for options suitable to your environment, otherwise I specify --setup-ca for all our new IPA instances.

I use this process for rolling out new IPA servers when we add new environments.

Regards
Angus

From: Saurabh Garg via FreeIPA-users <freeipa-users@lists.fedorahosted.org>
Sent: Friday, October 25, 2019 11:55:40 AM
To: freeipa-users@lists.fedorahosted.org <freeipa-users@lists.fedorahosted.org>
Cc: Saurabh Garg <saurabh.grg@gmail.com>
Subject: [Freeipa-users] Full Server backup fails with IPA version error
 
Background -
We are trying to restore "full server" from an existing IPA server (with replication ON to another server) to a newly created IPA Server from the same golden image as all other servers.

Source IPA Server: Red Hat Enterprise Linux Server release 7.7 (Maipo)
# ipa-server-install --version
4.6.4

Destination IPA Server: Red Hat Enterprise Linux Server release 7.7 (Maipo)
# ipa-server-install --version
4.6.4

Problem Statement -
While running  "ipa-restore" (exact command: # ipa-restore /root/backup/) on the new IPA server for full server backup, system throws the following error lines in iparestore.log:


2019-10-25T08:19:26Z DEBUG stderr=IPA version error: data needs to be upgraded (expected version '4.6.4-10.el7_6.6', current version '4.6.4-10.el7_6.3')
Automatically running upgrade, for details see /var/log/ipaupgrade.log
Be patient, this may take a few minutes.
Automatic upgrade failed: Update complete
Upgrading the configuration of the IPA services
[Verifying that root certificate is published]
[Migrate CRL publish directory]
Publish directory already set to new location
[Verifying that CA proxy configuration is correct]
IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
CA did not start in 300.0s
The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information

See the upgrade log for more details and/or run /usr/sbin/ipa-server-upgrade again
Aborting ipactl

2019-10-25T08:19:26Z INFO Restoring umask to 23
2019-10-25T08:19:26Z DEBUG   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_restore.py", line 428, in run
    run(['ipactl', 'start'])
  File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 562, in run
    raise CalledProcessError(p.returncode, arg_string, str(output))

2019-10-25T08:19:26Z DEBUG The ipa-restore command failed, exception: CalledProcessError: Command 'ipactl start' returned non-zero exit status 1
2019-10-25T08:19:26Z ERROR Command 'ipactl start' returned non-zero exit status 1
2019-10-25T08:19:26Z ERROR The ipa-restore command failed. See /var/log/iparestore.log for more information

In case you are aware of its fix/workaround, kindly share the steps.

Thanks,
sgarg
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&amp;data=02%7C01%7C%7Cf387ce2c794d4e68d3e108d759318ccc%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637075941655510312&amp;sdata=P9YiAhfLP52C%2FuH0C%2BqyJYWovpEM90fMVy8VBgGsZh0%3D&amp;reserved=0
List Guidelines: https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines&amp;data=02%7C01%7C%7Cf387ce2c794d4e68d3e108d759318ccc%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637075941655510312&amp;sdata=211CDIyJCx7zCeyfeAfx34CRw08LGZbzneFgGZX%2Bggg%3D&amp;reserved=0
List Archives: https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedorahosted.org%2Farchives%2Flist%2Ffreeipa-users%40lists.fedorahosted.org&amp;data=02%7C01%7C%7Cf387ce2c794d4e68d3e108d759318ccc%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637075941655510312&amp;sdata=nSLzErDuiZ6F0w5PD5WQLwobi3xqjvl6o9iu06daywo%3D&amp;reserved=0