Bug 1165351
| Summary: | Errata TPS test fails due to dependent packages not found | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Asha Akkiangady <aakkiang> |
| Component: | pki-core | Assignee: | Matthew Harmsen <mharmsen> |
| Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 7.1 | CC: | jgalipea, jpazdziora, ksiddiqu, nkinder, rpattath |
| Target Milestone: | rc | Keywords: | TestBlocker |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | pki-core-10.1.2-7.el7 | Doc Type: | Bug Fix |
| Doc Text: |
TPS testing during QE revealed that the shell scripts needed to be modified to work appropriately when invoked from a 'systemctl' process.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-03-05 08:19:49 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Asha Akkiangady
2014-11-18 20:33:15 UTC
(In reply to Asha Akkiangady from comment #0) > First QE want to know why "Requires: policycoreutils-python", why is this a > run time dependency. The installer uses semanage to do things such as port labelling, which allows us to work in SELinux enforcing mode. The policycoreutils-python package provides the semanage command: --------------------------------------------------------- [nkinder@localhost ~]$ rpm -ql policycoreutils-python ... /usr/sbin/semanage ... --------------------------------------------------------- > > Matthew, can you please do the following .. > > [1] Make sure that pki-core packages are built against the correct versions > of the build dependencies for RHEL 7.1 Builds run in brew, and the package level requirements work fine there. I don't think that there is a problem here. > [2] Please set the appropriate dependent erratas in the Errata Tool The TPS failures don't look like they are related to package dependencies, and I don't see anything in the reported errors that refers to policycoreutils-python. I see the following: 1. The 'VerifyTest' test in tps-rpmtest fails. This is related to the /usr/share/pki/etc/pki.conf configuration file template being modified in the %post phase of pki-base. This is done to allow us to set the 64-bit JNI path, which can't be set at build time since a noarch package might be built on a 32-bit system and installed on a 64-bit system. This is certainly something that can be addressed in the pki-base package by performing the sed at instance creation time on the real config file that is created form the template instead of modifying the template at RPM installation time. http://nest.test.redhat.com/mnt/qa/scratch/x86-64-7s-v1/2014:18533/tps/tps-rpmtest.html#VerifyTest-2-2-0 There is also a rpm verify failure for glibc-debuginfo, which seems unrelated. Was glibc-debuginfo manually installed on the TPS system? 2. The 'REBUILD' test in tps-srpmtest fails. This is related to a deprecation warning that is reported by the compiler. It seems that TPS is being more strict than Brew when it builds the packages (either by a build option, or a difference in the compiler used), or there is a version difference in whatever Java code that contains the now deprecated class. ------------------------------------------------------------------------- Note: com/netscape/cmsutil/crypto/CryptoUtil.java uses or overrides a deprecated API. ------------------------------------------------------------------------- http://nest.test.redhat.com/mnt/qa/scratch/x86-64-7s-v1/2014:18533/tps/tps-srpmtest.html#Rebuild%20Test-7-6-1 The following are the dependency failures I see... === InstallTest ===================== Install test FAILED Output from RPM Command: error: Failed dependencies: mvn(org.jboss.spec.javax.servlet:jboss-servlet-api_2.5_spec) is needed by resteasy-base-tjws-3.0.6-1.el7.noarch mvn(org.jboss.spec.javax.annotation:jboss-annotations-api_1.1_spec) is needed by resteasy-base-jaxrs-3.0.6-1.el7.noarch policycoreutils-python is needed by pki-server-10.1.2-4.el7.noarch Checked into 'DOGTAG_10_1_RHEL_BRANCH':
commit 5bed59556f48f0b6e01a0806e3621137b570d353
Author: Matthew Harmsen <mharmsen>
Date: Wed Nov 19 14:57:43 2014 -0700
Remove legacy multilib JNI_JAR_DIR logic
* Bugzilla Bug #1165351 - Errata TPS test fails due to dependent
packages not found
Based on Matt's comment https://bugzilla.redhat.com/show_bug.cgi?id=871171#c32 I am changing the status of the bug to ASSIGNED. The following was copied from https://bugzilla.redhat.com/show_bug.cgi?id=871171#c32: The following code snippet apparently does not work when invoked via the 'systemctl' process: # Dogtag 10 Conditional Variables jni_jar_dir=`source /usr/share/pki/etc/pki.conf && echo $JNI_JAR_DIR` # Override jni_jar_dir using a user-defined value if one exists jni_jar_dir=`source /etc/pki/pki.conf && echo $JNI_JAR_DIR` While this code was tested and found to work from shell scripts, the code within the '/usr/share/pki/scripts/operations' as called from the systemctl process will be changed to the following: # Use a user-defined value for jni_jar_dir if one exists jni_jar_dir=`source /etc/pki/pki.conf && echo $JNI_JAR_DIR` if [ -z ${jni_jar_dir} ] ; then # Otherwise set it to the default value jni_jar_dir=`source /usr/share/pki/etc/pki.conf && echo $JNI_JAR_DIR` fi (In reply to Matthew Harmsen from comment #9) > The following was copied from > https://bugzilla.redhat.com/show_bug.cgi?id=871171#c32: > > The following code snippet apparently does not work when invoked via the > 'systemctl' process: > > # Dogtag 10 Conditional Variables > jni_jar_dir=`source /usr/share/pki/etc/pki.conf && echo $JNI_JAR_DIR` > # Override jni_jar_dir using a user-defined value if one exists > jni_jar_dir=`source /etc/pki/pki.conf && echo $JNI_JAR_DIR` > > While this code was tested and found to work from shell scripts, the code > within the '/usr/share/pki/scripts/operations' as called from the systemctl > process will be changed to the following: > > # Use a user-defined value for jni_jar_dir if one exists > jni_jar_dir=`source /etc/pki/pki.conf && echo $JNI_JAR_DIR` > if [ -z ${jni_jar_dir} ] ; then > # Otherwise set it to the default value > jni_jar_dir=`source /usr/share/pki/etc/pki.conf && echo $JNI_JAR_DIR` > fi correction used (implemented similarly on all other shell tests): jni_jar_dir=`source /usr/share/pki/etc/pki.conf && source /etc/pki/pki.conf && echo $JNI_JAR_DIR` *** Bug 1168127 has been marked as a duplicate of this bug. *** IPA server install is now successful with build pki-ca-10.1.2-7.el7.noarch [root@dhcp207-1 ~]# rpm -q ipa-server pki-ca ipa-server-4.1.0-10.el7.x86_64 pki-ca-10.1.2-7.el7.noarch [root@dhcp207-1 ~]# [root@dhcp207-1 ~]# ipa-server-install --setup-dns --forwarder=10.65.201.89 --hostname=`hostname` -r TESTRELM.TEST -n testrelm.test -p xxxxxxxx -P xxxxxxxx -a xxxxxxxx -U ... Configuring NTP daemon (ntpd) [1/4]: stopping ntpd .. [4/4]: starting ntpd Done configuring NTP daemon (ntpd). Configuring directory server (dirsrv): Estimated time 1 minute [1/38]: creating directory server user ... .... [38/38]: configuring directory to start on boot Done configuring directory server (dirsrv). Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds [1/27]: creating certificate server user .. [27/27]: Configure HTTP to proxy connections Done configuring certificate server (pki-tomcatd). Configuring directory server (dirsrv): Estimated time 10 seconds [1/3]: configuring ssl for ds instance .. [3/3]: adding CA certificate entry Done configuring directory server (dirsrv). Configuring Kerberos KDC (krb5kdc): Estimated time 30 seconds [1/10]: adding sasl mappings to the directory ... [10/10]: configuring KDC to start on boot Done configuring Kerberos KDC (krb5kdc). Configuring kadmin [1/2]: starting kadmin [2/2]: configuring kadmin to start on boot Done configuring kadmin. Configuring ipa_memcached [1/2]: starting ipa_memcached [2/2]: configuring ipa_memcached to start on boot Done configuring ipa_memcached. Configuring ipa-otpd [1/2]: starting ipa-otpd [2/2]: configuring ipa-otpd to start on boot Done configuring ipa-otpd. Configuring the web interface (httpd): Estimated time 1 minute [1/15]: setting mod_nss port to 443 ... [15/15]: configuring httpd to start on boot Done configuring the web interface (httpd). Applying LDAP updates Restarting Directory server to apply updates [1/2]: stopping directory server [2/2]: starting directory server Done. Restarting the directory server Restarting the KDC Restarting the certificate server Configuring DNS (named) [1/12]: generating rndc key file ... [12/12]: changing resolv.conf to point to ourselves Done configuring DNS (named). Restarting named Global DNS configuration in LDAP server is empty You can use 'dnsconfig-mod' command to set global DNS options that would override settings in local named.conf files Restarting the web server ============================================================================== Setup complete Next steps: 1. You must make sure these network ports are open: TCP Ports: * 80, 443: HTTP/HTTPS * 389, 636: LDAP/LDAPS * 88, 464: kerberos * 53: bind UDP Ports: * 88, 464: kerberos * 53: bind * 123: ntp 2. You can now obtain a kerberos ticket using the command: 'kinit admin' This ticket will allow you to use the IPA tools (e.g., ipa user-add) and the web user interface. Be sure to back up the CA certificate stored in /root/cacert.p12 This file is required to create replicas. The password for this file is the Directory Manager password TPS tests passed Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0346.html |