Hello World!
I got an installation with FreeIPA server 4.2.4 in Fedora 23 and all worked fine
I decided to upgrade to Fedora 25 via dnf-upgrade-plugin
All the upgrade proc goes smooth and as a result my freeipa rpm packages also upgraded
(from 4.2.4 to 4.4.4)
Now, the problem is that nothing works now.
The command "ipa-server-upgrade" shows:
IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command
ipa-server-upgrade manually.
Timeout exceeded
The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
I attach the appropriate logs:
/var/log/ipaupgrade.log
2017-06-29T14:55:06Z DEBUG duration: 0 seconds
2017-06-29T14:55:06Z DEBUG [10/10]: starting directory server
2017-06-29T14:55:06Z DEBUG Starting external process
2017-06-29T14:55:06Z DEBUG args=/bin/systemctl start dirsrv(a)xxx.service
2017-06-29T14:55:09Z DEBUG Process finished, return code=0
2017-06-29T14:55:09Z DEBUG stdout=
2017-06-29T14:55:09Z DEBUG stderr=
2017-06-29T14:55:09Z DEBUG Starting external process
2017-06-29T14:55:09Z DEBUG args=/bin/systemctl is-active dirsrv(a)xxx.service
2017-06-29T14:55:09Z DEBUG Process finished, return code=0
2017-06-29T14:55:09Z DEBUG stdout=active
2017-06-29T14:55:09Z DEBUG stderr=
2017-06-29T14:55:09Z DEBUG wait_for_open_ports: localhost [389] timeout 300
/var/log/dirsrv/.../errors.log
[29/Jun/2017:17:57:21.091850887 +0300] slapi_ldap_bind - Error: could not send startTLS
request: error -1 (Can't contact LDAP server) errno 110 (Connection timed out)
[29/Jun/2017:17:58:18.114145058 +0300] slapi_ldap_bind - Error: could not send startTLS
request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not
connected)
[29/Jun/2017:17:58:42.135719951 +0300] slapi_ldap_bind - Error: could not send startTLS
request: error -1 (Can't contact LDAP server) errno 110 (Connection timed out)
[29/Jun/2017:18:01:30.160763487 +0300] slapi_ldap_bind - Error: could not send startTLS
request: error -1 (Can't contact LDAP server) errno 107 (Transport endpoint is not
connected)
[29/Jun/2017:18:01:54.183552684 +0300] slapi_ldap_bind - Error: could not send startTLS
request: error -1 (Can't contact LDAP server) errno 110 (Connection timed out)
/var/log/krb5kdc.log
Jun 29 17:54:08
ipa1.srv.xxx.com krb5kdc[1335](info): AS_REQ (6 etypes {18 17 16 23 25
26}) x.x.x.x: ISSUE: authtime 1498748048, etypes {rep=18 tkt=18 ses=18},
ldap/ipa1.srv.xxx.com(a)SRV.xxx.COM for krbtgt/SRV.xxx.COM(a)SRV.xxx.COM
Jun 29 17:54:08
ipa1.srv.xxx.com krb5kdc[1335](info): closing down fd 4
Jun 29 17:55:08
ipa1.srv.xxx.com krb5kdc[1335](info): AS_REQ (6 etypes {18 17 16 23 25
26}) x.x.x.x: LOOKING_UP_CLIENT: ldap/ipa1.srv.xxx.com(a)SRV.xxx.COM for
krbtgt/SRV.xxx.COM(a)SRV.xxx.COM, Server error
Jun 29 17:55:08
ipa1.srv.xxx.com krb5kdc[1335](info): closing down fd 4
Jun 29 17:55:08
ipa1.srv.xxx.com krb5kdc[1335](info): AS_REQ (6 etypes {18 17 16 23 25
26}) x.x.x.x: LOOKING_UP_CLIENT: ldap/ipa1.srv.xxx.com(a)SRV.xxx.COM for
krbtgt/SRV.xxx.COM(a)SRV.xxx.COM, Server error
Jun 29 17:55:08
ipa1.srv.xxx.com krb5kdc[1335](info): closing down fd 4
Jun 29 17:55:24
ipa1.srv.xxx.com krb5kdc[1335](info): AS_REQ (6 etypes {18 17 16 23 25
26}) x.x.x.x: NEEDED_PREAUTH: ldap/ipa1.srv.xxx.com(a)SRV.xxx.COM for
krbtgt/SRV.xxx.COM(a)SRV.xxx.COM, Additional pre-authentication required
Jun 29 17:55:24
ipa1.srv.xxx.com krb5kdc[1335](info): closing down fd 4
Jun 29 17:55:24
ipa1.srv.xxx.com krb5kdc[1335](info): AS_REQ (6 etypes {18 17 16 23 25
26}) x.x.x.x: ISSUE: authtime 1498748124, etypes {rep=18 tkt=18 ses=18},
ldap/ipa1.srv.xxx.com(a)SRV.xxx.COM for krbtgt/SRV.xxx.COM(a)SRV.xxx.COM
Jun 29 17:55:24
ipa1.srv.xxx.com krb5kdc[1335](info): closing down fd 4
I have tried different ways of making command "ipa-server-upgrade" complete its
job but nothing worked.
Any Ideas ? :(