Can you check the ipaupgrade.log.
I found out when I upgraded ipa-server on Centos 8 last-week that
ipaupgrade script has has wrong path information for the file
"/usr/share/pki/acme/database/ldap/database.conf".
The upgrade script has path as
"/usr/share/pki/acme/database/ds/database.conf" while what actually exists
is "/usr/share/pki/acme/database/ldap/database.conf"
I just created a symbolic link pointing to the correct path and the update
completed.
_Uz
On Thu, Jan 7, 2021 at 7:01 AM Rob Crittenden via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
Vinícius Ferrão via FreeIPA-users wrote:
> Hello, I’ve a single IPA machine that provides authentication for
> itself. It does not even have any client or host.
>
> After def -y update and reboot, IPA fails to load an it’s in broken
state.
>
> [root@headnode ~]# systemctl status ipa
> ● ipa.service - Identity, Policy, Audit
> Loaded: loaded (/usr/lib/systemd/system/ipa.service; enabled; vendor
> preset: disabled)
> Active: failed (Result: exit-code) since Wed 2021-01-06 16:14:48 -03;
> 45min ago
> Process: 1278 ExecStart=/usr/sbin/ipactl start (code=exited,
> status=1/FAILURE)
> Main PID: 1278 (code=exited, status=1/FAILURE)
>
> Jan 06 16:14:48 headnode.cluster.tmc.if.ufrj.br ipactl[1278]: CRL tree
> already moved
> Jan 06 16:14:48 headnode.cluster.tmc.if.ufrj.br ipactl[1278]: IPA server
> upgrade failed: Inspect /var/log/ipaupgrade.log and run command i>
> Jan 06 16:14:48 headnode.cluster.tmc.if.ufrj.br ipactl[1278]: Unexpected
> error - see /var/log/ipaupgrade.log for details:
> Jan 06 16:14:48 headnode.cluster.tmc.if.ufrj.br ipactl[1278]:
> CalledProcessError: CalledProcessError(Command ['/bin/systemctl',
> 'start', '>
> Jan 06 16:14:48 headnode.cluster.tmc.if.ufrj.br ipactl[1278]: The
> ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more >
> Jan 06 16:14:48 headnode.cluster.tmc.if.ufrj.br ipactl[1278]: See the
> upgrade log for more details and/or run /usr/sbin/ipa-server-upgrade>
> Jan 06 16:14:48 headnode.cluster.tmc.if.ufrj.br ipactl[1278]: Aborting
> ipactl
> Jan 06 16:14:48 headnode.cluster.tmc.if.ufrj.br systemd[1]: ipa.service:
> Main process exited, code=exited, status=1/FAILURE
> Jan 06 16:14:48 headnode.cluster.tmc.if.ufrj.br systemd[1]: ipa.service:
> Failed with result 'exit-code'.
> Jan 06 16:14:48 headnode.cluster.tmc.if.ufrj.br systemd[1]: Failed to
> start Identity, Policy, Audit.
>
> If asks for look on /var/log/ipaupgrade.log; but this log is just
> overwhelming. You must know what you should be looking for for actually
> find something.
>
> The relevant thing that I’ve found by myself is:
> 2021-01-06T19:09:51Z DEBUG The ipa-server-upgrade command failed,
> exception: CalledProcessError: CalledProcessError(Command
> ['/bin/systemctl', 'start', 'pki-tomcatd(a)pki-tomcat.service
> <mailto:pki-tomcatd@pki-tomcat.service>'] returned non-zero exit status
> 1: 'Job for pki-tomcatd(a)pki-tomcat.service
> <mailto:pki-tomcatd@pki-tomcat.service> failed because a timeout was
> exceeded.\nSee "systemctl status pki-tomcatd(a)pki-tomcat.service
> <mailto:pki-tomcatd@pki-tomcat.service>" and "journalctl -xe"
for
> details.\n’)
>
> Is that Java regression again that happened a month or two ago?
>
Hard to say. You upgraded from what to what? Was java included in the
updated packages?
Does /bin/systemctl start pki-tomcatd(a)pki-tomcat.service work outside
the upgrader?
rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...