Bug 1773516
| Summary: | IPA upgrade fails for latest ipa package when adtrust is installed [rhel-8.1.0.z] | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Oneata Mircea Teodor <toneata> |
| Component: | ipa | Assignee: | Thomas Woerner <twoerner> |
| Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 8.1 | CC: | abokovoy, ipa-qe, ksiddiqu, ndehadra, rcritten, tscherf, twoerner |
| Target Milestone: | rc | Keywords: | Regression, ZStream |
| Target Release: | 8.0 | Flags: | pm-rhel:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 1757064 | Environment: | |
| Last Closed: | 2019-12-17 10:47:13 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1757064, 1773550 | ||
| Bug Blocks: | |||
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:4268 |
ipa-server version: ipa-server-4.8.0-13.module+el8.1.0+4923+c6efe041.x86_64 Verified the bug on the basis of following observations: 1) Setup IPA server at RHEL80 with trust installed. [ci-vm-10-0-153-200.h] :: [ 10:01:47 ] :: [ PASS ] :: Command ' /usr/sbin/ipa-server-install --setup-dns --auto-forwarders --reverse-zone=153.0.10.in-addr.arpa. --allow-zone-overlap --hostname=ci-vm-10-0-153-200.testrelm.test -r TESTRELM.TEST -n testrelm.test -p Secret123 -a Secret123 --ip-address=10.0.153.200 -U' (Expected 0, got 0) [ci-vm-10-0-153-200.h] :: [ 10:44:10 ] :: [ BEGIN ] :: Running 'rpm -q ipa-server 389-ds-base bind bind-dyndb-ldap pki-ca sssd-ipa' [ci-vm-10-0-153-200.h] ipa-server-4.7.1-11.module+el8+2842+7481110c.x86_64 [ci-vm-10-0-153-200.h] 389-ds-base-1.4.0.20-10.module+el8.0.0+3096+101825d5.x86_64 [ci-vm-10-0-153-200.h] bind-9.11.4-17.P2.el8_0.1.x86_64 [ci-vm-10-0-153-200.h] bind-dyndb-ldap-11.1-13.module+el8+2555+b334d87b.x86_64 [ci-vm-10-0-153-200.h] pki-ca-10.6.9-2.module+el8+2728+a4ad6bba.noarch [ci-vm-10-0-153-200.h] sssd-ipa-2.0.0-43.el8_0.3.x86_64 [ci-vm-10-0-153-200.h] :: [ 10:44:10 ] :: [ PASS ] :: Command 'rpm -q ipa-server 389-ds-base bind bind-dyndb-ldap pki-ca sssd-ipa' (Expected 0, got 0) [ci-vm-10-0-153-200.h] :: [ 10:23:52 ] :: [ BEGIN ] :: Running 'echo Secret123 | ipa trust-add ipaad2k16cin.test --admin Administrator --range-type=ipa-ad-trust --password --two-way=True' [ci-vm-10-0-153-200.h] ---------------------------------------------------------- [ci-vm-10-0-153-200.h] Added Active Directory trust for realm "ipaad2k16cin.test" [ci-vm-10-0-153-200.h] ---------------------------------------------------------- [ci-vm-10-0-153-200.h] Realm name: ipaad2k16cin.test [ci-vm-10-0-153-200.h] Domain NetBIOS name: IPAAD2K16CIN [ci-vm-10-0-153-200.h] Domain Security Identifier: S-1-5-21-2842256260-195550463-1751006347 [ci-vm-10-0-153-200.h] Trust direction: Two-way trust [ci-vm-10-0-153-200.h] Trust type: Active Directory domain [ci-vm-10-0-153-200.h] Trust status: Established and verified [ci-vm-10-0-153-200.h] :: [ 10:23:54 ] :: [ PASS ] :: Command 'echo Secret123 | ipa trust-add ipaad2k16cin.test --admin Administrator --range-type=ipa-ad-trust --password --two-way=True' (Expected 0, got 0) [ci-vm-10-0-153-200.h] :: [ 10:23:54 ] :: [ BEGIN ] :: Running 'systemctl stop sssd' [ci-vm-10-0-153-200.h] :: [ 10:23:54 ] :: [ PASS ] :: Command 'systemctl stop sssd' (Expected 0, got 0) [ci-vm-10-0-153-200.h] :: [ 10:23:54 ] :: [ BEGIN ] :: Running 'rm -frv /var/lib/sss/{db,mc}/*' [ci-vm-10-0-153-200.h] removed '/var/lib/sss/db/cache_implicit_files.ldb' [ci-vm-10-0-153-200.h] removed '/var/lib/sss/db/cache_testrelm.test.ldb' [ci-vm-10-0-153-200.h] removed '/var/lib/sss/db/ccache_TESTRELM.TEST' [ci-vm-10-0-153-200.h] removed '/var/lib/sss/db/config.ldb' [ci-vm-10-0-153-200.h] removed '/var/lib/sss/db/sssd.ldb' [ci-vm-10-0-153-200.h] removed '/var/lib/sss/db/timestamps_implicit_files.ldb' [ci-vm-10-0-153-200.h] removed '/var/lib/sss/db/timestamps_testrelm.test.ldb' [ci-vm-10-0-153-200.h] removed '/var/lib/sss/mc/group' [ci-vm-10-0-153-200.h] removed '/var/lib/sss/mc/initgroups' [ci-vm-10-0-153-200.h] removed '/var/lib/sss/mc/passwd' [ci-vm-10-0-153-200.h] :: [ 10:23:54 ] :: [ PASS ] :: Command 'rm -frv /var/lib/sss/{db,mc}/*' (Expected 0, got 0) [ci-vm-10-0-153-200.h] :: [ 10:23:54 ] :: [ BEGIN ] :: Running 'systemctl start sssd' [ci-vm-10-0-153-200.h] :: [ 10:23:55 ] :: [ PASS ] :: Command 'systemctl start sssd' (Expected 0, got 0) [ci-vm-10-0-153-200.h] :: [ 10:23:55 ] :: [ BEGIN ] :: Running 'ipa trust-find ipaad2k16cin.test' [ci-vm-10-0-153-200.h] --------------- [ci-vm-10-0-153-200.h] 1 trust matched [ci-vm-10-0-153-200.h] --------------- [ci-vm-10-0-153-200.h] Realm name: ipaad2k16cin.test [ci-vm-10-0-153-200.h] Domain NetBIOS name: IPAAD2K16CIN [ci-vm-10-0-153-200.h] Domain Security Identifier: S-1-5-21-2842256260-195550463-1751006347 [ci-vm-10-0-153-200.h] Trust type: Active Directory domain [ci-vm-10-0-153-200.h] UPN suffixes: tomupn14.in, upn2016.in, testupnsuffix.test, testupnsuffix [ci-vm-10-0-153-200.h] ---------------------------- [ci-vm-10-0-153-200.h] Number of entries returned 1 [ci-vm-10-0-153-200.h] ---------------------------- [ci-vm-10-0-153-200.h] :: [ 10:23:55 ] :: [ PASS ] :: Command 'ipa trust-find ipaad2k16cin.test' (Expected 0, got 0) [ci-vm-10-0-153-200.h] :: [ 10:29:56 ] :: [ BEGIN ] :: Running 'id administrator' [ci-vm-10-0-153-200.h] uid=879000500(administrator) gid=879000500(administrator) groups=879000500(administrator),879000518(schema admins),879000519(enterprise admins),879000512(domain admins),879000513(domain users),879000520(group policy creator owners) [ci-vm-10-0-153-200.h] :: [ 10:29:56 ] :: [ PASS ] :: Command 'id administrator' (Expected 0, got 0) 2) Upgrade the Ipa server to RHEL 81z [ci-vm-10-0-153-200.h] :: [ 10:44:29 ] :: [ BEGIN ] :: Initiating upgrade Process :: actually running 'yum -y update' . . . [ci-vm-10-0-153-200.h] :: [ 10:56:28 ] :: [ PASS ] :: Initiating upgrade Process (Expected 0, got 0) [ci-vm-10-0-153-200.h] :: [ 10:56:28 ] :: [ BEGIN ] :: Running 'tail -1 /var/log/ipaupgrade.log | grep 'The ipa-server-upgrade command was successful'' [ci-vm-10-0-153-200.h] 2019-12-06T15:55:26Z INFO The ipa-server-upgrade command was successful [ci-vm-10-0-153-200.h] :: [ 10:56:28 ] :: [ PASS ] :: Command 'tail -1 /var/log/ipaupgrade.log | grep 'The ipa-server-upgrade command was successful'' (Expected 0, got 0) [ci-vm-10-0-153-200.h] :: [ 10:59:55 ] :: [ BEGIN ] :: Running 'rpm -q ipa-server 389-ds-base bind bind-dyndb-ldap pki-ca sssd-ipa' [ci-vm-10-0-153-200.h] ipa-server-4.8.0-13.module+el8.1.0+4923+c6efe041.x86_64 [ci-vm-10-0-153-200.h] 389-ds-base-1.4.1.3-7.module+el8.1.0+4150+5b8c2c1f.x86_64 [ci-vm-10-0-153-200.h] bind-9.11.4-26.P2.el8.x86_64 [ci-vm-10-0-153-200.h] bind-dyndb-ldap-11.1-14.module+el8.1.0+4098+f286395e.x86_64 [ci-vm-10-0-153-200.h] pki-ca-10.7.3-1.module+el8.1.0+3964+500fc130.noarch [ci-vm-10-0-153-200.h] sssd-ipa-2.2.0-19.el8.x86_64 [ci-vm-10-0-153-200.h] :: [ 10:59:56 ] :: [ PASS ] :: Command 'rpm -q ipa-server 389-ds-base bind bind-dyndb-ldap pki-ca sssd-ipa' (Expected 0, got 0) 3) Validate trust after upgrade using id command [ci-vm-10-0-153-200.h] :: [ 11:08:00 ] :: [ BEGIN ] :: Running 'id administrator' [ci-vm-10-0-153-200.h] uid=879000500(administrator) gid=879000500(administrator) groups=879000500(administrator),879000518(schema admins),879000519(enterprise admins),879000512(domain admins),879000513(domain users),879000520(group policy creator owners) [ci-vm-10-0-153-200.h] :: [ 11:08:00 ] :: [ PASS ] :: Command 'id administrator' (Expected 0, got 0) Thus on the basis of above observations marking the status of bug to "VERIFIED"