Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1550555
Summary: | freeipa 4.6.1->4.6.3 upgrade breaks in ipa-server-upgrade: No such file or directory: '/var/lib/pki/pki-tomcat/conf/ca/CS.cfg' | |||
---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | James <james> | |
Component: | freeipa | Assignee: | IPA Maintainers <ipa-maint> | |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | |
Severity: | urgent | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 27 | CC: | abokovoy, frenaud, ipa-maint, jcholast, jhrozek, pvoborni, rcritten, ssorce | |
Target Milestone: | --- | Keywords: | Reopened | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | freeipa-4.6.3-2.fc27 freeipa-4.6.4-2.fc27 | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1577805 (view as bug list) | Environment: | ||
Last Closed: | 2018-08-28 11:55:11 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1577805 |
Description
James
2018-03-01 12:51:57 UTC
Had to roll back to 4.6.1, now back in action. So at least ipa-server-upgrade didn't hose the database... Upstream ticket: https://pagure.io/freeipa/issue/7409 Fixed upstream master: https://pagure.io/freeipa/c/95a45a2b0942a9ac38d5418b23821f7da1ce28a3 ipa-4-6: https://pagure.io/freeipa/c/f24a3aeb1f39a790b61bd362718cb2fd16cf9f43 Hold on, hold on. What do I have to do to test this without risking a broken database and having to start all over again? Just update to the fixed packages and that should do it. Even if the upgrade failed it wouldn't corrupt the database. Reopening. This is not fixed. Downgrading again. # rpm -q freeipa-server freeipa-server-4.6.3-2.fc27.x86_64 # systemctl status ipa ● ipa.service - Identity, Policy, Audit Loaded: loaded (/usr/lib/systemd/system/ipa.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Wed 2018-03-07 22:06:01 GMT; 39s ago Process: 20965 ExecStart=/usr/sbin/ipactl start (code=exited, status=1/FAILURE) Main PID: 20965 (code=exited, status=1/FAILURE) Mar 07 22:06:00 skipper.cb.ettle ipactl[20965]: [Verifying that root certificate is published] Mar 07 22:06:00 skipper.cb.ettle ipactl[20965]: IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-serve Mar 07 22:06:00 skipper.cb.ettle ipactl[20965]: [Errno 2] No such file or directory: '/var/lib/pki/pki-tomcat/conf/ca/CS.cfg' Mar 07 22:06:00 skipper.cb.ettle ipactl[20965]: The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more informat Mar 07 22:06:00 skipper.cb.ettle ipactl[20965]: See the upgrade log for more details and/or run /usr/sbin/ipa-server-upgrade again Mar 07 22:06:00 skipper.cb.ettle ipactl[20965]: Aborting ipactl Mar 07 22:06:01 skipper.cb.ettle systemd[1]: ipa.service: Main process exited, code=exited, status=1/FAILURE Mar 07 22:06:01 skipper.cb.ettle systemd[1]: Failed to start Identity, Policy, Audit. Mar 07 22:06:01 skipper.cb.ettle systemd[1]: ipa.service: Unit entered failed state. Mar 07 22:06:01 skipper.cb.ettle systemd[1]: ipa.service: Failed with result 'exit-code'. End of /var/log/ipaupgrade.log: 2018-03-07T22:06:00Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually. 2018-03-07T22:06:00Z DEBUG File "/usr/lib/python3.6/site-packages/ipapython/admintool.py", line 174, in execute return_value = self.run() File "/usr/lib/python3.6/site-packages/ipaserver/install/ipa_server_upgrade.py", line 50, in run server.upgrade() File "/usr/lib/python3.6/site-packages/ipaserver/install/server/upgrade.py", line 1999, in upgrade upgrade_configuration() File "/usr/lib/python3.6/site-packages/ipaserver/install/server/upgrade.py", line 1686, in upgrade_configuration ca.backup_config() File "/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", line 475, in backup_config shutil.copy(path, path + '.ipabkp') File "/usr/lib64/python3.6/shutil.py", line 241, in copy copyfile(src, dst, follow_symlinks=follow_symlinks) File "/usr/lib64/python3.6/shutil.py", line 120, in copyfile with open(src, 'rb') as fsrc: 2018-03-07T22:06:00Z DEBUG The ipa-server-upgrade command failed, exception: FileNotFoundError: [Errno 2] No such file or directory: '/var/lib/pki/pki-tomcat/conf/ca/CS.cfg' 2018-03-07T22:06:00Z ERROR [Errno 2] No such file or directory: '/var/lib/pki/pki-tomcat/conf/ca/CS.cfg' 2018-03-07T22:06:00Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information Looking at the SRPM those commits from Comment 3 simply aren't in 4.6.3-2 (ipaserver/install/server/upgrade.py). Patch0001 only deals with KRA-related stuff, but seems to be matching against code from that commit... You're right, I missed a patch. There were two issues, one hiding the other. I'll spin up a new build. freeipa-4.6.3-3.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-0a4399f314 OK - 4.6.3-3.fc27.x86_64 updated cleanly. Server rebooted, confirmed login with OTP, NFS and web interface work. Thanks, Rob! freeipa-4.6.3-3.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-0a4399f314 Fixed upstream ipa-4-5: https://pagure.io/freeipa/c/035f1cb24a228ba40b3e124d78a507be22aa52bd freeipa-4.6.4-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-0492828909 freeipa-4.6.4-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-0492828909 freeipa-4.6.4-2.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-39051f69b7 freeipa-4.6.4-2.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-39051f69b7 freeipa-4.6.4-2.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. |