cannot upgrade freeipa-server

Bug #1773843 reported by gianluca on 2018-05-28
This bug affects 2 people
Affects Status Importance Assigned to Milestone
freeipa (Ubuntu)

Bug Description

I am trying to upgrade from freeipa 4.7.0~pre1 to 4.7.0~pre2-0~ppa3 of the staging repository. The install fails with the following error: RemoteRetrieveError: Failed to authenticate to CA REST API

In the past, I also tried upgrading freeipa 4.7.0~pre1 to 4.7.0~pre2-0~ppa2 or from 4.7.0~pre2-0~ppa2 to 4.7.0~pre2-0~ppa3. All these attempts failed with the same error.

gianluca (amato) wrote :
Timo Aaltonen (tjaalton) wrote :

probably a bug in dogtag, dunno..

gianluca (amato) wrote :

I think I do not have this problem anymore. There are still problems in upgrading from pre-releases to 4.7.1 (see #1800631), but probably for different reasons.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in freeipa (Ubuntu):
status: New → Confirmed
Marco van Zwetselaar (zwets) wrote :

Just tried upgrade from current Bionic (4.7.0~pre1+git20180411-2ubuntu2) to a local build from Disco sources (4.7.2-1ubuntu1). Commented out ONLY_CLIENT=1 in debian/rules to build the server packages.

After fixing some minor issues*, the upgrade goes through until "RemoteRetrieveError: Failed to authenticate to CA REST API" happens at the step "Migrating certificate profiles to LDAP".

I've looked all over but couldn't find a fix or workaround. Has this been solved? Can I help?

BTW: suggest retitling this bug to "cannot upgrade freeipa-server: Failed to authenticate to CA REST API.

*) Will report separately, with patches.

Timo Aaltonen (tjaalton) wrote :

there is no dogtag-pki in 19.04, so you can't do that

Marco van Zwetselaar (zwets) wrote :

> there is no dogtag-pki in 19.04, so you can't do that

I'm aware. I built the package from Disco sources with the server packages enabled (ONLY_CLIENT=0), thinking that would be the closest to what will go into 20.04 LTS.

As I'm rolling out a fresh deployment, I could either go with Bionic and upgrade a live deployment to 20.04 LTS next year, or "slide into it" from pre-release packages while considering my deployment tentative (and possibly having to restart from scratch).

I'd like to go for the second, but I suppose starting from Disco source isn't the way to do this?

BTW, just did a fresh install of the Disco 4.7.2 (+ server) packages, and they work just fine. The issue is/was in the upgrade.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers