ipa.ipaserver.install.ipa_server_upgrade.ServerUpgrade: DEBUG: File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 46, in run
server.upgrade()
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1913, in upgrade
upgrade_configuration()
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1788, in upgrade_configuration
certificate_renewal_update(ca, ds, http),
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 966, in certificate_renewal_update
'cert-nickname': ds.get_server_cert_nickname(serverid),
ipa.ipaserver.install.ipa_server_upgrade.ServerUpgrade: DEBUG: The ipa-server-upgrade command failed, exception: AttributeError: 'DsInstance' object has no attribute 'get_server_cert_nickname'
ipa.ipaserver.install.ipa_server_upgrade.ServerUpgrade: ERROR: Unexpected error - see /var/log/ipaupgrade.log for details:
AttributeError: 'DsInstance' object has no attribute 'get_server_cert_nickname'
ipa.ipaserver.install.ipa_server_upgrade.ServerUpgrade: ERROR: The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
------
So do I need to define "get_server_cert_nickname" in certs.py script too.
Awaiting your reply.
Thanks and Regards,
Alka Murali
On 09/26/2017 05:18 AM, Alka Murali via FreeIPA-users wrote:
Hi,______________________________Hello,
Currently my server is running on IPA Server Version 4.4. I have tried to upgrade the Version to 4.5 using the ipa-server-upgrade command and got ended with the following error:
--------
2017-09-26T02:27:32Z DEBUG stderr=
2017-09-26T02:27:50Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2017-09-26T02:27:53Z DEBUG Starting external process
2017-09-26T02:27:53Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-LGA-NET-SG -L -n Server-Cert -a -f /etc/dirsrv/slapd-LGA-NET-SG/pwdfile.txt
2017-09-26T02:27:56Z DEBUG Process finished, return code=255
2017-09-26T02:27:56Z DEBUG stdout=
2017-09-26T02:27:56Z DEBUG stderr=certutil: Could not find cert: Server-Cert
: PR_FILE_NOT_FOUND_ERROR: File not found
2017-09-26T02:27:56Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
2017-09-26T02:27:56Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_ server_upgrade.py", line 46, in run
server.upgrade()
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/ upgrade.py", line 1913, in upgrade
upgrade_configuration()
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/ upgrade.py", line 1788, in upgrade_configuration
certificate_renewal_update(ca, ds, http),
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/ upgrade.py", line 1018, in certificate_renewal_update
ds.start_tracking_certificates(serverid)
File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstan ce.py", line 1046, in start_tracking_certificates
'restart_dirsrv %s' % serverid)
File "/usr/lib/python2.7/site-packages/ipaserver/install/certs. py", line 362, in track_server_cert
cert_obj = x509.load_certificate(cert)
File "/usr/lib/python2.7/site-packages/ipalib/x509.py", line 119, in load_certificate
return cryptography.x509.load_der_x509_certificate(data, default_backend())
File "/usr/lib64/python2.7/site-packages/cryptography/x509/base. py", line 47, in load_der_x509_certificate
return backend.load_der_x509_certificate(data)
File "/usr/lib64/python2.7/site-packages/cryptography/hazmat/back ends/multibackend.py", line 350, in load_der_x509_certificate
return b.load_der_x509_certificate(data)
File "/usr/lib64/python2.7/site-packages/cryptography/hazmat/back ends/openssl/backend.py", line 1185, in load_der_x509_certificate
raise ValueError("Unable to load certificate")
2017-09-26T02:27:56Z DEBUG The ipa-server-upgrade command failed, exception: ValueError: Unable to load certificate
2017-09-26T02:27:56Z ERROR Unexpected error - see /var/log/ipaupgrade.log for details:
ValueError: Unable to load certificate
2017-09-26T02:27:56Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
-------
I am using a third party signed certificate along with my IPA-CA. Is it an issue with my current CA. I can see that while fetching for the certificate, the name given to be "Server-cert" instead of the exact CA name.
--
Regards,
Alka Murali
_________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
you are probably hitting issue 7141 [1]. The upgrade is trying to track the HTTPd/LDAP server certificates but shouldn't if they were issued by an external CA.
The fix is available in FreeIPA 4.6.1 [2]
HTH,
Flo
[1] https://pagure.io/freeipa/issue/7141
[2] http://www.freeipa.org/page/Releases/4.6.1