Bug 1274905
Summary: | Upgrade of FreeIPA to Fedora 23 failed | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Martin Kosek <mkosek> |
Component: | freeipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 23 | CC: | abokovoy, awilliam, devin, fedora, fujisan43, ipa-maint, jhrozek, martin, mkosek, pbrobinson, pviktori, pvoborni, rcritten, rdieter, samuel-rhbugs, ssorce, tomek |
Target Milestone: | --- | Keywords: | CommonBugs |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | https://fedoraproject.org/wiki/Common_F23_bugs#freeipa-upgrade-fail | ||
Fixed In Version: | freeipa-4.2.3-1.fc23 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-11-03 18:19:54 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1274915 | ||
Bug Blocks: |
Description
Martin Kosek
2015-10-23 19:36:11 UTC
Related FreeIPA ticket that needs to be backported: https://fedorahosted.org/freeipa/ticket/5359 https://fedorahosted.org/freeipa/ticket/5360 has to be also backported - fails the upgrade too. This seems to be a major, major problem :/ should've been at least evaluated as a release blocker: you can't upgrade a Fedora Server running a supported role. This seems to be a complete nightmare to recover from. After hand-editing dse.ldif to drop the 'SUP ipaPublicKey' - running the upgrade script a second time after patching that problem adds the EQUALITY but doesn't drop the SUP - I got a bit further, but now it seems like nothing from https://fedorahosted.org/pki/ticket/1264#comment:1 has been applied on my system; all those changes are missing from /etc/pki/pki-tomcat/server.xml , so I hit that "java.lang.ClassNotFoundException: org.apache.catalina.core.JasperListener" error. At this point my FreeIPA server is more or less toast, which is obviously not good at all. I upgraded from 21 to 23 using dnf system-upgrade. Upgrades also encounter this: https://fedorahosted.org/pki/ticket/1310 To do the Tomcat 8 migration manually, do: pki-server migrate --tomcat 8 After manually fixing up the LDAP upgrade problem and running the Tomcat migration, my server seems to be more or less working again, but something seems to be causing Apache to make 'execmem' calls, which is forbidden by SELinux policy by default, and should not be necessary. I had to do "setsebool -P httpd_execmem 1" for now. Does anyone know what would be causing that? freeipa-4.2.3-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-4d94884a7e freeipa-4.2.3-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. |