Bug 1348976
Summary: | freeipa fails to start correctly after pki-core update on upgraded system | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Fraser Tweedale <ftweedal> |
Component: | pki-core | Assignee: | RHCS Maintainers <rhcs-maint> |
Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.3 | CC: | abokovoy, alee, arubin, edewata, extras-qa, ftweedal, ipa-maint, jhrozek, jpazdziora, ksiddiqu, kwright, mharmsen, mkosek, ndehadra, nkinder, pvoborni, rcritten, ssorce, tomek |
Target Milestone: | rc | Keywords: | CommonBugs |
Target Release: | 7.3 | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | pki-core-10.3.3-3.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | 1323400 | Environment: | |
Last Closed: | 2016-11-04 05:25:09 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1323400 | ||
Bug Blocks: |
Description
Fraser Tweedale
2016-06-22 12:30:24 UTC
Per PKI Bug Council of 06/23/2016: 10.3.4 On June 30, 2016, ftweedal checked fix into master: * 2dea243d51765e3a8f01f7680592143c842921ce IPA server version: ipa-server-4.4.0-12.el7.x86_64 PKI-server: pki-server-10.3.3-10.el7.noarch Verified the bug on the basis of below observations: 1. Verified that IPA server is successfully upgraded to latest version. 2. IPA server service is successfully restarted after the upgrade. # ipactl restart Stopping pki-tomcatd Service Restarting Directory Service Restarting krb5kdc Service Restarting kadmin Service Restarting named Service Restarting ipa_memcached Service Restarting httpd Service Restarting ipa-custodia Service Restarting ntpd Service Restarting pki-tomcatd Service Restarting ipa-otpd Service Restarting ipa-dnskeysyncd Service ipa: INFO: The ipactl command was successful 3. Kinit command is run successfully after the upgrade. # kinit admin Password for admin: 4. Also noticed following meesages inside logs : cat /var/log/pki/pki-tomcat/ca/debug | grep LDAPConnection, as expected due to persistent LDAP search to watch for changes to profiles [19/Sep/2016:16:46:37][profileChangeMonitor]: Profile change monitor: failed to get LDAPConnection. Retrying in 1 second. [19/Sep/2016:16:46:38][profileChangeMonitor]: Profile change monitor: failed to get LDAPConnection. Retrying in 1 second. at netscape.ldap.LDAPConnection.connect(Unknown Source) at netscape.ldap.LDAPConnection.connect(Unknown Source) at netscape.ldap.LDAPConnection.connect(Unknown Source) [19/Sep/2016:16:46:39][profileChangeMonitor]: Profile change monitor: failed to get LDAPConnection. Retrying in 1 second. [19/Sep/2016:16:46:40][profileChangeMonitor]: Profile change monitor: failed to get LDAPConnection. Retrying in 1 second. 5. Verified the same for following upgrade paths: - 7.2.z > 7.3 - 7.1.z > 7.3 # tail -10 /var/log/ipaupgrade.log 2016-09-19T20:48:39Z DEBUG response status 200 2016-09-19T20:48:39Z DEBUG response headers {'date': 'Mon, 19 Sep 2016 20:48:38 GMT', 'content-length': '168', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'} 2016-09-19T20:48:39Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.3.3-10.el7</Version></XMLResponse>' 2016-09-19T20:48:39Z DEBUG Starting external process 2016-09-19T20:48:39Z DEBUG args=/bin/systemctl stop pki-tomcatd 2016-09-19T20:48:40Z DEBUG Process finished, return code=0 2016-09-19T20:48:40Z DEBUG stdout= 2016-09-19T20:48:40Z DEBUG stderr= 2016-09-19T20:48:40Z INFO The IPA services were upgraded 2016-09-19T20:48:40Z INFO The ipa-server-upgrade command was successful Thus on the basis of above observations, marking status of bug to "VERIFIED". Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2396.html |