Bug 1899661
Summary: | FreeIPA server deployment fails since Fedora-Rawhide-20201119.n.0 with bind "initializing DST: no engine" error | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Adam Williamson <awilliam> |
Component: | bind-dyndb-ldap | Assignee: | Petr Vobornik <pvoborni> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | abokovoy, dns-sig, nagy.martin, pemensik, pvoborni, robatino, vonsch |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | openqa | ||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-11-30 17:29:20 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1829022 |
Description
Adam Williamson
2020-11-19 18:14:04 UTC
Oh, bad me, I made an assumption that turns out wrong - the upgrade tests aren't failing on exactly this, though they're still failing on a bind problem. bind crashes on startup after the upgrade, then the clients can't resolve names. I'll file a separate bug for that crash. I think this is due to a spec changes I did in freeipa.spec. In particular, this line is breaking %{with bind_pkcs11} logic: https://src.fedoraproject.org/rpms/freeipa/blob/master/f/freeipa.spec#_115 I addressed that in https://github.com/freeipa/freeipa/pull/5279/files#diff-79e7e776c34748018cf388f4492c4b28a4212e1ed49dfd826c34d370106233d1L110-L115 but it is not yet merged as we haven't yet completed the unification of the spec files. I'm doing a build now. https://koji.fedoraproject.org/koji/taskinfo?taskID=55896678 should address this issue. Filed https://bugzilla.redhat.com/show_bug.cgi?id=1899744 for the bind crash on upgrade. With bug 1899744 fixed with bind-dyndb-ldap 11.6-1.fc34, and python3-dns downgraded to Fedora 33 version (bug 1902061), I get successful deployment of IPA master and replica on Rawhide. Well, in openQA tests we seem to be still failing in named startup. Different error, though, and it happens slightly later than this one did: Nov 30 05:14:09 ipa001.domain.local named[33077]: unable to open directory 'dyndb-ldap', working directory is '/var/named': permission denied Nov 30 05:14:09 ipa001.domain.local named[33077]: LDAP config validation failed for database 'ipa': permission denied Nov 30 05:14:09 ipa001.domain.local named[33077]: dynamic database 'ipa' configuration failed: permission denied Nov 30 05:14:09 ipa001.domain.local named[33077]: loading configuration: permission denied Nov 30 05:14:09 ipa001.domain.local named[33077]: exiting (due to fatal error) Nov 30 05:14:09 ipa001.domain.local systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE Nov 30 05:14:09 ipa001.domain.local systemd[1]: named.service: Failed with result 'exit-code'. Nov 30 05:14:09 ipa001.domain.local systemd[1]: Failed to start Berkeley Internet Name Domain (DNS). so I think we can say this one is fixed, and I'll file a new bug. |