Bug 1820318

Summary:	FreeIPA server upgrade to pki-core 10.8.3 fails due to pki-server upgrade choking on an interactive response
Product:	[Fedora] Fedora	Reporter:	Adam Williamson <awilliam>
Component:	pki-core	Assignee:	Matthew Harmsen <mharmsen>
Status:	CLOSED DUPLICATE	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	high	Docs Contact:
Priority:	unspecified
Version:	rawhide	CC:	alee, ascheel, dmoluguw, edewata, kwright, mharmsen
Target Milestone:	---
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2020-04-02 18:59:00 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Adam Williamson 2020-04-02 18:25:05 UTC

I just noticed my F31 FreeIPA server wasn't working. When I logged into it and investigated, I saw this in the IPA upgrade log:

===

Upgrading PKI server configuration on Sat 14 Mar 2020 06:02:24 AM PDT.
WARNING: Directory already exists: /var/log/pki/server/upgrade/10.8.0/1/oldfiles/var/lib/pki/pki-tomcat
WARNING: Directory already exists: /var/log/pki/server/upgrade/10.8.0/4/oldfiles/etc/pki/pki-tomcat
WARNING: Directory already exists: /var/log/pki/server/upgrade/10.8.0/4/oldfiles/etc/pki/pki-tomcat
WARNING: Directory already exists: /var/log/pki/server/upgrade/10.8.0/5/oldfiles/etc/pki/pki-tomcat
WARNING: Directory already exists: /var/log/pki/server/upgrade/10.8.0/6/oldfiles/etc/pki/pki-tomcat
ERROR: expected str, bytes or os.PathLike object, not NoneType
ERROR: Upgrade failed in pki-tomcat/ca: expected str, bytes or os.PathLike object, not NoneType
Upgrading from version 10.7.3 to 10.8.0:
No upgrade scriptlets.
Tracker has been set to version 10.8.0.

Upgrading from version 10.8.0 to 10.8.2:
1. Fix common folder
2. Remove LDAP setup files from instance folder
3. Fix links to default Tomcat files
4. Remove unused UserDatabase from server.xml
5. Remove pki.policy from instance folder
6. Remove empty custom.policy from instance folder

Upgrading from version 10.8.2 to 10.8.3:
1. Fix EC admin certificate profile
Failed upgrading pki-tomcat/ca subsystem.

Continue (Yes/No) [Y]? ERROR: EOF when reading a line

===

It seems to be choking because it's expecting an interactive response. Of course the upgrade process should *never* require an interactive response because it runs in RPM scriptlets.

If I run 'ipa-server-upgrade' interactively at a console it also fails. If I run 'pki-server upgrade -v --validate' (command suggested by zdzichu) it fails with the same "EOF when reading a line" error. But if I just run 'pki-server upgrade' with no other args, it actually waits for me to answer 'Y', then completes successfully. After that I could run ipa-server-upgrade successfully, and my server is now back working again. But I shouldn't have needed to do that and it shouldn't have broken my server.

Comment 1 Dinesh Prasanth 2020-04-02 18:59:00 UTC

THe interactive response should not be needed and should default to Y. The issue you see
in "Fix EC admin certificate profile" is due to a known bug which is fixed in 10.9 (not pushed it).

Closing this as duplicate.

*** This bug has been marked as a duplicate of bug 1814242 ***

Comment 2 Adam Williamson 2020-04-02 19:14:25 UTC

aha, thanks for the explanation. Sorry for not spotting the other report - I didn't see it as it's assigned to dogtag-pki, and I looked for bugs against pki-core.