Sorry that's out of my depth
I took it that you still had a remaining replica, in which case you should be able to
follow the path I mentioned earlier. If so, you just need to understand the CA situation.
I build all my IPA servers in the way I mentioned and specify --setup-ca on all of them.
Regards
Angus
________________________________
From: Saurabh Garg <saurabh.grg(a)gmail.com>
Sent: Tuesday, October 29, 2019 9:08:06 AM
To: Angus Clarke <post(a)angusclarke.com>
Cc: FreeIPA users list <freeipa-users(a)lists.fedorahosted.org>
Subject: Re: [Freeipa-users] Re: Full Server backup fails with IPA version error
Thanks Angus for the reply.
In my case, original IPA server is completely damaged / deleted, and now I am attempting
to create an exactly similar server using "full-server" backup.
Do you have any suggestions for such a scenario?
Thanks
sgarg
On Fri, Oct 25, 2019 at 6:05 PM Angus Clarke
<post@angusclarke.com<mailto:post@angusclarke.com>> wrote:
Hi
An alternative approach would be to setup your new server as an IPA client and then to
promote it.
On new server:
# ipa-client-install
Followed by
# ipa-replica-install
Check the man pages for options suitable to your environment, otherwise I specify
--setup-ca for all our new IPA instances.
I use this process for rolling out new IPA servers when we add new environments.
Regards
Angus
________________________________
From: Saurabh Garg via FreeIPA-users
<freeipa-users@lists.fedorahosted.org<mailto:freeipa-users@lists.fedorahosted.org>>
Sent: Friday, October 25, 2019 11:55:40 AM
To:
freeipa-users@lists.fedorahosted.org<mailto:freeipa-users@lists.fedorahosted.org>
<freeipa-users@lists.fedorahosted.org<mailto:freeipa-users@lists.fedorahosted.org>>
Cc: Saurabh Garg <saurabh.grg@gmail.com<mailto:saurabh.grg@gmail.com>>
Subject: [Freeipa-users] Full Server backup fails with IPA version error
Background -
We are trying to restore "full server" from an existing IPA server (with
replication ON to another server) to a newly created IPA Server from the same golden image
as all other servers.
Source IPA Server: Red Hat Enterprise Linux Server release 7.7 (Maipo)
# ipa-server-install --version
4.6.4
Destination IPA Server: Red Hat Enterprise Linux Server release 7.7 (Maipo)
# ipa-server-install --version
4.6.4
Problem Statement -
While running "ipa-restore" (exact command: # ipa-restore /root/backup/) on the
new IPA server for full server backup, system throws the following error lines in
iparestore.log:
2019-10-25T08:19:26Z DEBUG stderr=IPA version error: data needs to be upgraded (expected
version '4.6.4-10.el7_6.6', current version '4.6.4-10.el7_6.3')
Automatically running upgrade, for details see /var/log/ipaupgrade.log
Be patient, this may take a few minutes.
Automatic upgrade failed: Update complete
Upgrading the configuration of the IPA services
[Verifying that root certificate is published]
[Migrate CRL publish directory]
Publish directory already set to new location
[Verifying that CA proxy configuration is correct]
IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command
ipa-server-upgrade manually.
CA did not start in 300.0s
The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
See the upgrade log for more details and/or run /usr/sbin/ipa-server-upgrade again
Aborting ipactl
2019-10-25T08:19:26Z INFO Restoring umask to 23
2019-10-25T08:19:26Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_restore.py", line
428, in run
run(['ipactl', 'start'])
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 562, in
run
raise CalledProcessError(p.returncode, arg_string, str(output))
2019-10-25T08:19:26Z DEBUG The ipa-restore command failed, exception: CalledProcessError:
Command 'ipactl start' returned non-zero exit status 1
2019-10-25T08:19:26Z ERROR Command 'ipactl start' returned non-zero exit status 1
2019-10-25T08:19:26Z ERROR The ipa-restore command failed. See /var/log/iparestore.log for
more information
In case you are aware of its fix/workaround, kindly share the steps.
Thanks,
sgarg
_______________________________________________
FreeIPA-users mailing list --
freeipa-users@lists.fedorahosted.org<mailto:freeipa-users@lists.fedorahosted.org>
To unsubscribe send an email to
freeipa-users-leave@lists.fedorahosted.org<mailto:freeipa-users-leave@lists.fedorahosted.org>
Fedora Code of Conduct:
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fe...
List Guidelines:
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedorap...
List Archives:
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.f...
________________________________
From: Saurabh Garg <saurabh.grg(a)gmail.com>
Sent: Tuesday, October 29, 2019 9:08:06 AM
To: Angus Clarke <post(a)angusclarke.com>
Cc: FreeIPA users list <freeipa-users(a)lists.fedorahosted.org>
Subject: Re: [Freeipa-users] Re: Full Server backup fails with IPA version error
Thanks Angus for the reply.
In my case, original IPA server is completely damaged / deleted, and now I am attempting
to create an exactly similar server using "full-server" backup.
Do you have any suggestions for such a scenario?
Thanks
sgarg
On Fri, Oct 25, 2019 at 6:05 PM Angus Clarke
<post@angusclarke.com<mailto:post@angusclarke.com>> wrote:
Hi
An alternative approach would be to setup your new server as an IPA client and then to
promote it.
On new server:
# ipa-client-install
Followed by
# ipa-replica-install
Check the man pages for options suitable to your environment, otherwise I specify
--setup-ca for all our new IPA instances.
I use this process for rolling out new IPA servers when we add new environments.
Regards
Angus
________________________________
From: Saurabh Garg via FreeIPA-users
<freeipa-users@lists.fedorahosted.org<mailto:freeipa-users@lists.fedorahosted.org>>
Sent: Friday, October 25, 2019 11:55:40 AM
To:
freeipa-users@lists.fedorahosted.org<mailto:freeipa-users@lists.fedorahosted.org>
<freeipa-users@lists.fedorahosted.org<mailto:freeipa-users@lists.fedorahosted.org>>
Cc: Saurabh Garg <saurabh.grg@gmail.com<mailto:saurabh.grg@gmail.com>>
Subject: [Freeipa-users] Full Server backup fails with IPA version error
Background -
We are trying to restore "full server" from an existing IPA server (with
replication ON to another server) to a newly created IPA Server from the same golden image
as all other servers.
Source IPA Server: Red Hat Enterprise Linux Server release 7.7 (Maipo)
# ipa-server-install --version
4.6.4
Destination IPA Server: Red Hat Enterprise Linux Server release 7.7 (Maipo)
# ipa-server-install --version
4.6.4
Problem Statement -
While running "ipa-restore" (exact command: # ipa-restore /root/backup/) on the
new IPA server for full server backup, system throws the following error lines in
iparestore.log:
2019-10-25T08:19:26Z DEBUG stderr=IPA version error: data needs to be upgraded (expected
version '4.6.4-10.el7_6.6', current version '4.6.4-10.el7_6.3')
Automatically running upgrade, for details see /var/log/ipaupgrade.log
Be patient, this may take a few minutes.
Automatic upgrade failed: Update complete
Upgrading the configuration of the IPA services
[Verifying that root certificate is published]
[Migrate CRL publish directory]
Publish directory already set to new location
[Verifying that CA proxy configuration is correct]
IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command
ipa-server-upgrade manually.
CA did not start in 300.0s
The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
See the upgrade log for more details and/or run /usr/sbin/ipa-server-upgrade again
Aborting ipactl
2019-10-25T08:19:26Z INFO Restoring umask to 23
2019-10-25T08:19:26Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_restore.py", line
428, in run
run(['ipactl', 'start'])
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 562, in
run
raise CalledProcessError(p.returncode, arg_string, str(output))
2019-10-25T08:19:26Z DEBUG The ipa-restore command failed, exception: CalledProcessError:
Command 'ipactl start' returned non-zero exit status 1
2019-10-25T08:19:26Z ERROR Command 'ipactl start' returned non-zero exit status 1
2019-10-25T08:19:26Z ERROR The ipa-restore command failed. See /var/log/iparestore.log for
more information
In case you are aware of its fix/workaround, kindly share the steps.
Thanks,
sgarg
_______________________________________________
FreeIPA-users mailing list --
freeipa-users@lists.fedorahosted.org<mailto:freeipa-users@lists.fedorahosted.org>
To unsubscribe send an email to
freeipa-users-leave@lists.fedorahosted.org<mailto:freeipa-users-leave@lists.fedorahosted.org>
Fedora Code of Conduct:
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fe...
List Guidelines:
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedorap...
List Archives:
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.f...