1929940 – FreeIPA server deployment fails in current F34 and Rawhide composes

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1929940 - FreeIPA server deployment fails in current F34 and Rawhide composes

Summary: FreeIPA server deployment fails in current F34 and Rawhide composes

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	dogtag-pki
Sub Component:
Version:	34
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Matthew Harmsen
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	openqa AcceptedBlocker
Depends On:
Blocks:	F34BetaBlocker
TreeView+	depends on / blocked

Reported:	2021-02-18 01:33 UTC by Adam Williamson
Modified:	2021-03-05 02:12 UTC (History)
CC List:	10 users (show)
Fixed In Version:	dogtag-pki-10.10.5-1.fc34
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-03-05 02:12:45 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
log tarball from a failure on F34 (1.85 MB, application/octet-stream) 2021-02-18 01:41 UTC, Adam Williamson	no flags	Details
View All

Description Adam Williamson 2021-02-18 01:33:51 UTC

In current F34 and Rawhide, FreeIPA server deployment is failing in the same way as it is on F32 and F33 with the pending 389-ds-base updates:

https://bodhi.fedoraproject.org/updates/FEDORA-2021-e55a8d7545
https://bodhi.fedoraproject.org/updates/FEDORA-2021-23690b2925

See this comment from ab with some details:

https://bodhi.fedoraproject.org/updates/FEDORA-2021-e55a8d7545#comment-1883763

I'm filing a bug to track this from openQA and also to propose it as a 34 Beta blocker, because it is one, per "It must be possible to configure a Fedora Server system installed according to the above criteria as a FreeIPA domain controller, using the official deployment tools provided in the distribution FreeIPA packages" - https://fedoraproject.org/wiki/Basic_Release_Criteria#FreeIPA_server_requirements

Comment 1 Adam Williamson 2021-02-18 01:41:10 UTC

Created attachment 1757673 [details]
log tarball from a failure on F34

Comment 2 Geoffrey Marr 2021-02-22 19:49:45 UTC

Discussed during the 2021-02-22 blocker review meeting: [0]

The decision to classify this bug as an "AcceptedBlocker (Beta)" was made as it violates the following Basic criterion:

"It must be possible to configure a Fedora Server system installed according to the above criteria as a FreeIPA domain controller, using the official deployment tools provided in the distribution FreeIPA packages"

[0] https://meetbot.fedoraproject.org/fedora-blocker-review/2021-02-22/f34-blocker-review.2021-02-22-17.07.txt

Comment 3 Adam Williamson 2021-02-26 17:05:12 UTC

Any word on a fix for this? It's been broken for some time.

Comment 4 Alex Scheel 2021-03-01 14:27:22 UTC

This has been rebuilt into a side-tag for Fedora on Thursday:

 Side tag 'f35-build-side-37912' (id 37912) created.
 Side tag 'f34-build-side-37914' (id 37914) created.
 Side tag 'f33-build-side-37916' (id 37916) created.
 Side tag 'f32-build-side-37918' (id 37918) created.

It includes a rebuilt 389ds package where applicable and I believe a IPA update as well.

I'll let Bokovoy communicate overall state of side tag and when it will be merged.

I believe there's still some discussion as to whether or not we should rebuild f34 and rawhide pki-core inside the side tag to pick up an ELN fix.

Comment 5 Adam Williamson 2021-03-01 23:10:57 UTC

I think I actually saw an update where the tests passed. Now I have to find it again. :D

Comment 6 Fedora Update System 2021-03-02 00:08:30 UTC

FEDORA-2021-263244c071 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-263244c071

Comment 7 Alexander Bokovoy 2021-03-02 07:55:19 UTC

There are four Bodhi updates which include dogtag, 389-ds, and freeipa, all rebuilt with dependencies enforced in such a way that 389-ds CVE fix will not break them.

F32: https://bodhi.fedoraproject.org/updates/FEDORA-2021-dc1a4934a5
F33: https://bodhi.fedoraproject.org/updates/FEDORA-2021-7458e2d835
F34: https://bodhi.fedoraproject.org/updates/FEDORA-2021-263244c071
F35: https://bodhi.fedoraproject.org/updates/FEDORA-2021-c95b836c2f

Comment 8 Fedora Update System 2021-03-03 21:06:13 UTC

FEDORA-2021-263244c071 has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 9 Ben Cotton 2021-03-03 21:27:28 UTC

Setting to ON_QA since this is an accepted blocker and we want to make sure the openQA tests pass with these updates.

Comment 10 Adam Williamson 2021-03-05 02:12:45 UTC

They did, it's fixed.

Note You need to log in before you can comment on or make changes to this bug.