Bug 1161128
Summary: | Upgrade 3.3.5 to 4.1 failed | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Kosek <mkosek> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
Severity: | unspecified | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | jcholast, mkosek, pvoborni, rcritten, spoore |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.1.0-6.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-03-05 10:14:29 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Martin Kosek
2014-11-06 13:04:14 UTC
Fixed upstream master: https://fedorahosted.org/freeipa/changeset/730f33680b7254622659eec2e48399ef7033a477 ipa-4-1: https://fedorahosted.org/freeipa/changeset/5d65a2a3058aadff29e9af2a6fd3aab91607674f ipa-4-0: https://fedorahosted.org/freeipa/changeset/d6697b683d3f3517c41e5bbb4b9033fa860fd9d0 Upstream ticket: https://fedorahosted.org/freeipa/ticket/4708 Fixed upstream ipa-4-0: https://fedorahosted.org/freeipa/changeset/e5ec47992cd641def024cc77c07f98ca66b7b673 ipa-4-1: https://fedorahosted.org/freeipa/changeset/1b22a53717cd2ead8a8f3fec84d04dac698d8925 master: https://fedorahosted.org/freeipa/changeset/40ea328a78bec511377b464700e3add09cedc2b9 I will also link this bug to https://fedorahosted.org/freeipa/ticket/4622 which fixes another upgrade issue. #4622 Fixed upstream ipa-4-0: https://fedorahosted.org/freeipa/changeset/9a9eccb94bcade97edb8aa877aedc35c191745e5 ipa-4-1: https://fedorahosted.org/freeipa/changeset/65624c9d61ba0bf8a1e5e040357406712dd42245 master: https://fedorahosted.org/freeipa/changeset/f62c7843ffeda1e841719cb35f9f773f186780a6 Linking another upstream upgrade issue related to cn=ADTrust Agents,cn=privileges update tracked in https://fedorahosted.org/freeipa/ticket/4680 #4680 Fixed upstream master: https://fedorahosted.org/freeipa/changeset/2712b609cb1edb478aa6a55da1f6529befaa2edb ipa-4-1: https://fedorahosted.org/freeipa/changeset/60ff57b644e34b80784bd75c6c2da7a04d248b2c ipa-4-0: https://fedorahosted.org/freeipa/changeset/ae9e6842736f785b8b6e24493540c520a89e95a8 Martin, Did this one affect upgrades from 3.3.3 to 4.1.0 also? or just 3.3.5? Thanks, Scott Upgrade from 3.3.3 was also affected. Given the nature of the bugs, I think that simply testing if RHEL-7.0 cleanly upgrades to RHEL-7.1 is sufficient. Verified. Version :: ---> Package ipa-server.x86_64 0:3.3.3-28.el7 will be updated ---> Package ipa-server.x86_64 0:4.1.0-13.el7 will be an update Results :: # Confirm older RPM version (3.3.3): [root@rhel7-3 ~]# rpm -q ipa-server ipa-server-3.3.3-28.el7.x86_64 # Configure IPA: [root@rhel7-3 ~]# ipa-server-install --setup-dns --forwarder=192.168.122.1 -r EXAMPLE.COM -a Secret123 -p Secret123 -U ... # Check basic functionality: [root@rhel7-3 ~]# kinit admin Password for admin: [root@rhel7-3 ~]# ipa user-find -------------- 1 user matched -------------- User login: admin Last name: Administrator Home directory: /home/admin Login shell: /bin/bash UID: 1242000000 GID: 1242000000 Account disabled: False Password: True Kerberos keys available: True ---------------------------- Number of entries returned 1 ---------------------------- [root@rhel7-3 ~]# ipa host-find -------------- 1 host matched -------------- Host name: rhel7-3.example.com Principal name: host/rhel7-3.example.com Password: False Keytab: True Managed by: rhel7-3.example.com SSH public key fingerprint: 09:08:0E:9C:B1:31:B4:9C:BA:9A:CB:A4:C7:59:38:C0 (ecdsa-sha2-nistp256), 3B:1D:A4:75:73:86:11:35:51:0D:2A:B6:18:17:0B:C8 (ssh-rsa) ---------------------------- Number of entries returned 1 ---------------------------- [root@rhel7-3 ~]# ipa dnszone-find Zone name: 122.168.192.in-addr.arpa. Authoritative nameserver: rhel7-3.example.com. Administrator e-mail address: hostmaster.example.com. SOA serial: 1421164465 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Allow query: any; Allow transfer: none; Zone name: example.com Authoritative nameserver: rhel7-3.example.com. Administrator e-mail address: hostmaster.example.com. SOA serial: 1421164471 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Allow query: any; Allow transfer: none; ---------------------------- Number of entries returned 2 ---------------------------- # Upgrade: [root@rhel7-3 ~]# cat > /etc/yum.repos.d/beaker-rhel-7.1-server.repo << EOF1 ... EOF1 [root@rhel7-3 ~]# cat > /etc/yum.repos.d/beaker-rhel-7.1-server-optional.repo << EOF1 ... EOF1 [root@rhel7-3 ~]# yum -y update ipa-server sssd Loaded plugins: product-id, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. Resolving Dependencies --> Running transaction check ---> Package ipa-server.x86_64 0:3.3.3-28.el7 will be updated ---> Package ipa-server.x86_64 0:4.1.0-13.el7 will be an update ... Complete! # Check some basics after upgrade: [root@rhel7-3 ~]# ipa user-find -------------- 1 user matched -------------- User login: admin Last name: Administrator Home directory: /home/admin Login shell: /bin/bash UID: 1242000000 GID: 1242000000 Account disabled: False Password: True Kerberos keys available: True ---------------------------- Number of entries returned 1 ---------------------------- [root@rhel7-3 ~]# ipa host-find -------------- 1 host matched -------------- Host name: rhel7-3.example.com Principal name: host/rhel7-3.example.com Password: False Keytab: True Managed by: rhel7-3.example.com SSH public key fingerprint: 09:08:0E:9C:B1:31:B4:9C:BA:9A:CB:A4:C7:59:38:C0 (ecdsa-sha2-nistp256), 3B:1D:A4:75:73:86:11:35:51:0D:2A:B6:18:17:0B:C8 (ssh-rsa) ---------------------------- Number of entries returned 1 ---------------------------- [root@rhel7-3 ~]# ipa dnszone-find Zone name: example.com Active zone: TRUE Authoritative nameserver: rhel7-3.example.com. Administrator e-mail address: hostmaster.example.com. SOA serial: 1421166102 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Allow query: any; Allow transfer: none; Zone name: 122.168.192.in-addr.arpa. Active zone: TRUE Authoritative nameserver: rhel7-3.example.com. Administrator e-mail address: hostmaster.example.com. SOA serial: 1421166102 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Allow query: any; Allow transfer: none; ---------------------------- Number of entries returned 2 ---------------------------- # And just to confirm, make sure we've got the new version of IPA: [root@rhel7-3 ~]# rpm -q ipa-server ipa-server-4.1.0-13.el7.x86_64 [root@rhel7-3 ~]# Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0442.html |