Bug 1477703
Summary: | IPA upgrade fails for latest ipa package | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Nikhil Dehadrai <ndehadra> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.4 | CC: | akasurde, amore, ftweedal, ksiddiqu, ndehadra, pvoborni, rcritten, tscherf |
Target Milestone: | rc | Keywords: | Regression |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.5.0-21.el7.1.2 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-04-10 16:43:55 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Nikhil Dehadrai
2017-08-02 16:21:30 UTC
Precise cause of *upgrade* failure is a bug in PKI upgrade scripts: <<EOF [root@auto-hv-01-guest03 localhost]# cat /var/log/pki/pki-server-upgrade-10.4.1.log Upgrading PKI server configuration at Thu Aug 3 03:46:16 EDT 2017. Upgrading from version 10.1.2 to 10.1.99: 1. Add TLS Range Support Upgrading from version 10.1.99 to 10.2.0: 1. Move web application context file 2. Replace Jettison with Jackson 3. Added RESTEasy client 4. Replace RESTEasy application class 5. Remove config path from web.xml Upgrading from version 10.2.0 to 10.2.1: No upgrade scriptlets. Tracker has been set to version 10.2.1. Upgrading from version 10.2.1 to 10.2.2: 1. Add TLS Range Support Upgrading from version 10.2.2 to 10.2.3: 1. Move Web application deployment locations 2. Enabled Web application auto deploy 3. Remove dependency on Jackson 2 Upgrading from version 10.2.3 to 10.2.4: 1. Fix instance work folder ownership 2. Fix bindPWPrompt for internalDB Upgrading from version 10.2.4 to 10.2.5: 1. Add missing OCSP Get Servlet Mapping to upgraded Dogtag 9 instances 2. Fix nuxwdog listener class Upgrading from version 10.2.5 to 10.2.6: 1. Add new KRA audit events Upgrading from version 10.2.6 to 10.3.0: 1. Remove inaccessable URLs from server.xml 2. Add Phone Home URLs to TPS section of server.xml. Upgrading from version 10.3.0 to 10.3.1: 1. Enable Tomcat ALLOW_ENCODED_SLASH parameter 2. Add authz realm constraint and default to registry Upgrading from version 10.3.1 to 10.3.2: No upgrade scriptlets. Tracker has been set to version 10.3.2. Upgrading from version 10.3.2 to 10.3.3: No upgrade scriptlets. Tracker has been set to version 10.3.3. Upgrading from version 10.3.3 to 10.4.0: 1. Fix JAVA_HOME path 2. Fix server library 3. Fix deployment descriptor ERROR: [Errno 2] No such file or directory: '/usr/share/pki/server/conf/Catalina/localhost/pki#admin.xml' Failed upgrading pki-tomcat instance. Upgrade failed in pki-tomcat: [Errno 2] No such file or directory: '/usr/share/pki/server/conf/Catalina/localhost/pki#admin.xml' --------------- System migrated --------------- EOF A separate ticket should be opened for this against pki-core. BUT due to possibility of mixed-version topology we also need to address the fact that the PKI 10.4-only version of the profile is imported when upgrading from IPA v4.1 or earlier. Upstream ticket: https://pagure.io/freeipa/issue/7097 Related pki-core BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1479663 Upstream PRs: - https://github.com/freeipa/freeipa/pull/964 - [ipa-4-5] https://github.com/freeipa/freeipa/pull/965 I still need to test these on RHEL explicitly (I have tested it with ipa v4.1 (f22) upgrade to ipa v4.5 (f26)) Now tested with RHEL 7.1 -> 7.4 upgrade; the fix works. Fixed upstream master: https://pagure.io/freeipa/c/79955189217fec328f2d561a4a1a23ddb29eac44 ipa-4-5: https://pagure.io/freeipa/c/87393daba6b414e3afe6e22e77c9b20e561e5302 Marking bz as verified on 7.1z > 7.5 Success 7.2z > 7.5 Success 7.3z > 7.5 Success Please see attachment for console log. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0918 |