Bug 1810683
| Summary: | unable to add new IdM servers under RHEL 7.6 and now also under 7.7 after upgrading for possible fixes | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Dave <dsimes> | ||||
| Component: | ipa | Assignee: | Florence Blanc-Renaud <frenaud> | ||||
| Status: | CLOSED DUPLICATE | QA Contact: | ipa-qe <ipa-qe> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 7.7 | CC: | abokovoy, ftweedal, rcritten, tscherf | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2020-04-28 22:17:51 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Dave
2020-03-05 17:49:32 UTC
Please provide additional logs (Dogtag logs and IPA installation logs from /var/log/). Fraser, could you please look into them? Created attachment 1667875 [details]
kra & ipa logs
It seems likely to be a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1754845. Customer should update to pki-core-10.5.16-6.el7_7 on all servers. (In reply to Fraser Tweedale from comment #14) > It seems likely to be a duplicate of > https://bugzilla.redhat.com/show_bug.cgi?id=1754845. > Customer should update to pki-core-10.5.16-6.el7_7 on all servers. updated to latest 7.7 channel.. we still cannot bring up a replica, it's failing in a different location during the replica install, and this time it had not yet created a /var/log/kra directory. this time we were joining awsw-p-aci-prdipa13 and it was attaching to the cl-rhm-0253 IPA server [root@awsw-p-aci-prdipa13 ~]# rpm -q pki-server ipa-server pki-server-10.5.16-6.el7_7.noarch ipa-server-4.6.5-11.el7_7.4.x86_64 [root@cl-rhm-0253 ~]# rpm -q pki-server ipa-server pki-server-10.5.16-6.el7_7.noarch ipa-server-4.6.5-11.el7_7.4.x86_64 attaching ipa install logs from 13 and kra logs from 253 so, this system was successfully a server (replica) in the past. We uninstalled it to test the new rpm's. The problem is doing any testing in production. Partly because we've brought production down at least twice trying to add a replica, where it added itself to the SRV records but failed to fully become a server, and kerberos was broken, so we couldn't get to the UI, nor could we kinit as admin command-line to attempt to fix any thing. Currently, w/the virus situation, they are critical of doing any changes to live systems for fear the pertinent people may become unavailable. Anyhow, the cert has an old date from when it was previously a replica: Valid from: Fri Feb 28 12:03:10 2020 UTC Valid to: Mon Feb 28 12:03:10 2022 UTC Even so, it would seem it should be able to manage a cert of the same name, it was given admin rights to configure everything it needed to become a full server. We 'could' uninstall it, make sure there are no remnants for this system (except in the CA), and try again, or should we hold off so we could troubleshoot further? The case moved on from the initial PKI-related issue (updating to 7.7.z resolved it). The current issue is quite different. The case has also been inactive (waiting on customer) for a couple of weeks. What is the next step? Can we close this BZ? the KRA issue was resolved with the new rpm's, we have gotten past the problem system, and have added 4 new servers since applying the new rpm's uninstall/mangedby issue cloned to a new BZ this one can be closed as resolved Thanks; closing as duplicate. *** This bug has been marked as a duplicate of bug 1754845 *** |