Bug 1493410
| Summary: | ipa-server-upgrade timeouts on wait_for_open ports expecting IPA services listening on IPv6 ports [rhel-7.4.z] | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Oneata Mircea Teodor <toneata> |
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
| Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 7.4 | CC: | abokovoy, aheverle, atolani, cobrown, ddas, ekeck, fbarreto, gparente, ipa-maint, jstephen, ksiddiqu, lkimlick, minyu, mkosek, msauton, ndehadra, pvoborni, pvomacka, rcritten, tkrizek, tscherf |
| Target Milestone: | rc | Keywords: | Regression, ZStream |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-4.5.0-21.el7_4.2.2 | Doc Type: | If docs needed, set a value |
| Doc Text: |
Prior to this update, Identity Management (IdM) did not operate with the IPv6 stack disabled on the machine due to the use of a unified Linux networking API to handle both IPv6 and IPv4 connections. Consequently, it was not possible to upgrade the Red Hat Enterprise Linux IdM. The bug has been fixed, and validation of the IPv6 stack now works as expected.
|
Story Points: | --- |
| Clone Of: | 1477367 | Environment: | |
| Last Closed: | 2017-10-19 15:12:49 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1477367 | ||
| Bug Blocks: | |||
|
Description
Oneata Mircea Teodor
2017-09-20 07:04:40 UTC
Fixed upstream master: https://pagure.io/freeipa/c/dc47a4b85f289e8acfaf507d94f991570f04bd03 https://pagure.io/freeipa/c/cc72db67e2eaede577c3129d572b85e9c2ba593c https://pagure.io/freeipa/c/038d1920657c6fd349f8414ed173a9c97681a602 ipa-4-6: https://pagure.io/freeipa/c/cc72db67e2eaede577c3129d572b85e9c2ba593c https://pagure.io/freeipa/c/038d1920657c6fd349f8414ed173a9c97681a602 ipa-4-5: https://pagure.io/freeipa/c/bdf9a34dffdf4d7925208e5df9f69e3927b88858 https://pagure.io/freeipa/c/b5970862a5b22c4272c00be1d31e1d50f3b7c14c https://pagure.io/freeipa/c/756734351410077ab7b102a9a7a5264a62bcb0e0 IPA server version: ipa-server-4.5.0-21.el7_4.2.2.x86_64
Verified the bug on the basis of following observations:
1) When IPA server (having IPv6 disabled) is upgraded from RHEL 7.3.z > RHEL 7.4update1, the upgrade fails with following error:
[root@dhcp200-204 ~]# rpm -q ipa-server
ipa-server-4.4.0-14.el7_3.7.x86_64
[root@dhcp200-204 ~]# ip addr | grep inet6
[root@dhcp200-204 ~]# # Add repo for RHEL 7.4 update1
[root@dhcp200-204 ~]# yum -y update 'ipa*' sssd
IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
Timeout exceeded
The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
[root@dhcp200-204 ~]# tail -1 /var/log/ipaupgrade.log
2017-09-26T12:04:32Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
[root@dhcp200-204 ~]# tail -f /var/log/ipaupgrade.log
File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 300, in start
self.wait_for_open_ports(self.service_instance(instance_name))
File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 270, in wait_for_open_ports
self.api.env.startup_timeout)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 1227, in wait_for_open_ports
raise socket.timeout("Timeout exceeded")
2017-09-26T12:04:32Z DEBUG The ipa-server-upgrade command failed, exception: timeout: Timeout exceeded
2017-09-26T12:04:32Z ERROR Timeout exceeded
2017-09-26T12:04:32Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
^C
[root@dhcp200-204 ~]# rpm -q ipa-server
ipa-server-4.5.0-21.el7_4.1.2.x86_64
2) When IPA server (having IPv6 disabled) is upgraded from RHEL 7.3.z > RHEL 7.4update2, the upgrade still fails but this this time with following error logging:
[root@dhcp200-204 ~]# rpm -q ipa-server
ipa-server-4.4.0-14.el7_3.7.x86_64
[root@dhcp200-204 ~]# ip addr | grep inet6
[root@dhcp200-204 ~]# # Add repo for RHEL 7.4 update2
[root@dhcp200-204 ~]# yum -y update 'ipa*' sssd
IPv6 stack is enabled in the kernel but there is no interface that has ::1 address assigned. Add ::1 address resolution to 'lo' interface. You might need to enable IPv6 on the interface 'lo' in sysctl.conf.
The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
[root@dhcp200-204 ~]# ipactl status
Directory Service: STOPPED
Directory Service must be running in order to obtain status of other services
ipa: INFO: The ipactl command was successful
[root@dhcp200-204 ~]# rpm -q ipa-server
ipa-server-4.5.0-21.el7_4.2.2.x86_64
[root@dhcp200-204 ~]# tail -f /var/log/ipaupgrade.log
2017-09-26T12:36:45Z ERROR IPv6 stack is enabled in the kernel but there is no interface that has ::1 address assigned. Add ::1 address resolution to 'lo' interface. You might need to enable IPv6 on the interface 'lo' in sysctl.conf.
2017-09-26T12:36:45Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 45, in run
server.upgrade_check(self.options)
File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1866, in upgrade_check
sys.exit(1)
2017-09-26T12:36:45Z DEBUG The ipa-server-upgrade command failed, exception: SystemExit: 1
2017-09-26T12:36:45Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
Thus based on above observations and comment#6, marking status of bug to "VERIFIED"
*** Bug 1492100 has been marked as a duplicate of this bug. *** Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2935 |