ipa-server-upgrade fail

Bug #1800631 reported by Antonio Falzarano on 2018-10-30
This bug affects 3 people
Affects Status Importance Assigned to Milestone
freeipa (Ubuntu)

Bug Description

when upgrade package from an old version to the last freeipa-server package 4.3.1, it fails on freeipa-server-upgrade command with this error:

2018-10-30T09:54:10Z INFO [Add default CA ACL]
2018-10-30T09:54:10Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
2018-10-30T09:54:10Z INFO Default CA ACL already added
2018-10-30T09:54:10Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
2018-10-30T09:54:10Z DEBUG File "/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 171, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_server_upgrade.py", line 48, in run
  File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/upgrade.py", line 1713, in upgrade
  File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/upgrade.py", line 1655, in upgrade_configuration
    set_sssd_domain_option('ipa_server_mode', 'True')
  File "/usr/lib/python2.7/dist-packages/ipaserver/install/server/upgrade.py", line 1268, in set_sssd_domain_option
    domain.set_option(option, value)
  File "/usr/lib/python2.7/dist-packages/SSSDConfig/__init__.py", line 1143, in set_option
    (self.name, option))

2018-10-30T09:54:10Z DEBUG The ipa-server-upgrade command failed, exception: NoOptionError: Section [mydomainmasked.tld] has no option [ipa_server_mode]
2018-10-30T09:54:10Z ERROR Unexpected error - see /var/log/ipaupgrade.log for details:
NoOptionError: Section [mydomainmasked.tld] has no option [ipa_server_mode]

More info,
there isn't un upgrade but a reinstall of freeipa-server package on the same 4.3.1 version,
that was removed before from an

apt install sssd-tools

This is sssd.conf https://pastebin.com/Ad31gVKe with some highlighted variables tested after the issue, to try to fix with no success

gianluca (amato) wrote :

I had a very similar problem (with bionic). I was able to upgrade to FreeIPA 4.3.1 by installing version 3.36.1 of the package libnss3, from the cosmic repositories. There is a bug in the version 3.35 distributed with bionic (see https://bugzilla.redhat.com/show_bug.cgi?id=1568271) which prevents upgrades (and not only... installing a replica IPA server was also failing for me).

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in freeipa (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.