Bug 1487509

Summary: pki-server-upgrade fails when upgrading from RHEL 7.1 [rhel-7.4.z]
Product: Red Hat Enterprise Linux 7 Reporter: Oneata Mircea Teodor <toneata>
Component: pki-coreAssignee: Fraser Tweedale <ftweedal>
Status: CLOSED ERRATA QA Contact: Asha Akkiangady <aakkiang>
Severity: urgent Docs Contact: Petr Bokoc <pbokoc>
Priority: urgent    
Version: 7.4CC: arubin, ftweedal, mharmsen, msauton, pbokoc, rpattath
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: pki-core-10.4.1-14.el7_4 Doc Type: Bug Fix
Doc Text:
* A bug in pki-server-upgrade caused it to attempt to locate a nonexistent file. As a consequence, the upgrade process failed to complete, and could possibly leave the PKI deployment in an invalid state. With this update, pki-server-upgrade has been modified to correctly handle cases where target files are missing, and PKI upgrades now work correctly.
 Story Points: ---
Clone Of: 1479663 Environment:
Last Closed: 2017-11-30 15:32:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1479663    
Bug Blocks:    

Description Oneata Mircea Teodor 2017-09-01 06:35:43 UTC 
This bug has been copied from bug #1479663 and has been proposed to be backported to 7.4 z-stream (EUS).
Comment 2 Matthew Harmsen 2017-09-05 15:39:47 UTC 
Fraser Tweedale 2017-08-13 21:40:26 EDT

Upstream commit: https://github.com/dogtagpki/pki/commit/d0a861923a27672d8633c87e21fb8596080e84af
Comment 4 Fraser Tweedale 2017-09-22 06:54:22 UTC 
Add doc text.
Comment 5 Roshni 2017-09-25 13:43:42 UTC 
Hi Fraser,

I see this working as expected in a non-HSM environment. Does it have to be tested in HSM environment? If so I will not be able test ipa-server-install because ipa with HSM is still not supported. I could install CA and KRA using RHEL 7.1 builds using HSM (non-FIPS) and try an upgrade.
Comment 6 Fraser Tweedale 2017-09-25 23:20:18 UTC 
Roshni,

There is no need to verify this with HSM.  It is not crypto-related.
Comment 7 Roshni 2017-09-26 16:33:57 UTC 
[root@auto-hv-01-guest06 ~]# rpm -qi pki-server
Name        : pki-server
Version     : 10.4.1
Release     : 15.el7_4
Architecture: noarch
Install Date: Fri 22 Sep 2017 03:20:26 PM EDT
Group       : System Environment/Base
Size        : 4649891
License     : GPLv2
Signature   : (none)
Source RPM  : pki-core-10.4.1-15.el7_4.src.rpm
Build Date  : Mon 18 Sep 2017 10:00:51 PM EDT
Build Host  : ppc-016.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - PKI Server Framework

Verification steps:
1. ipa-server-install on a rhel 7.1 server.
2. successfully upgraded to rhel 7.4z builds
Comment 10 errata-xmlrpc 2017-11-30 15:32:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:3301