Bug 1404169

Summary: IPA upgrade of replica without DNS fails during restart of named-pkcs11
Product: Red Hat Enterprise Linux 7 Reporter: Marcel Kolaja <mkolaja>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Kaleem <ksiddiqu>
Severity: unspecified Docs Contact: Marc Muehlfeld <mmuehlfe>
Priority: high    
Version: 7.3CC: ipa-maint, jcholast, mbabinsk, mbasti, ndehadra, pvoborni, rcritten, tscherf
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-4.4.0-14.el7_3.2 Doc Type: Bug Fix
Doc Text:
The Identity Management (IdM) server upgrade procedure failed to detect if the DNS service on the host is managed by IdM. As a consequence, while upgrading an IdM replica that was installed without the DNS back end, the "named-pkcs11" service was restarted and the upgrade failed. The DNS installation status code has been fixed and now verifies correctly if IdM manages the BIND configuration file on the replica. As a result, upgrading IdM on a replica without DNS back end works correctly.
 Story Points: ---
Clone Of: 1401088 Environment:
Last Closed: 2017-01-17 18:23:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1401088    
Bug Blocks:    

Description Marcel Kolaja 2016-12-13 09:20:46 UTC 
This bug has been copied from bug #1401088 and has been proposed
to be backported to 7.3 z-stream (EUS).
Comment 3 Petr Vobornik 2016-12-13 10:04:52 UTC 
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/f0e09c42b76f229486e5dea097cd2b6602999943
ipa-4-4:
https://fedorahosted.org/freeipa/changeset/bf28d79afeff4575adc9ba0618b5acbf0cf51009
Comment 6 Martin Babinsky 2016-12-19 13:42:25 UTC 
Done.
Comment 7 Nikhil Dehadrai 2017-01-05 10:13:27 UTC 
IPA-server-version: ipa-server-4.4.0-14.el7_3.4.x86_64

Verified the bug on the basis of following points:

Steps: (Upgrade from 7.2.z to 7.3.2)
=====================================
1. Setup IPA MASTER and REPLICA at version 4.2 (In my case ipa-server-4.2.0-15.el7_2.19.x86_64) such that DNS is setup on IPA MASTER and REPLICA is setup without DNS.
2. Configure the respective repos for RHEL 7.3.2 on IPA master and REPLICA.
3. Upgrade the IPA MASTER using command "yum update -y 'ipa*' sssd".
4. Now upgrade the REPLICA using the same command in step 3.
5. Check if upgrade is successful both for IPA master and REPLICA.
6. Check for the ipa services on both the servers. (Use ipactl status)
7. Check for ipaupgrade.log for both the servers.


Observations:
==============
1. After step5, upgrade for both the server is successful.
2. After step6, the ipactl status command runs successfully and can also be restarted successfully.
3. After step7, the ipaupgrade.log reports upgrade process as successful for both the servers.
4. This issue is also NOT observed for similar setup for upgarde path 7.3 > 7.3.2.

Thus on the basis of above points marking status of bug to "VERIFIED".
Comment 10 errata-xmlrpc 2017-01-17 18:23:26 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0089.html