Bug 1913089
Summary: | ipaupgrade failed due to set incorrect location of ldif | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Takahiro HASHIMOTO <thashimo> | ||||
Component: | ipa | Assignee: | Thomas Woerner <twoerner> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | ipa-qe <ipa-qe> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | CentOS Stream | CC: | abokovoy, bstinson, carl, frenaud, jens-peter.kubsch, jwboyer, ksiddiqu, rcritten, tscherf | ||||
Target Milestone: | rc | Keywords: | Triaged | ||||
Target Release: | 8.0 | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2021-02-15 07:23:35 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Takahiro HASHIMOTO
2021-01-05 23:17:21 UTC
Upstream ticket: https://pagure.io/freeipa/issue/8634 It is failing trying to deploy the ACME service. I think that is a relatively safe workaround. The downside is that ACME will be deployed but it will not work with that version of dogtag. This affects new installations as well. Once a version of dogtag that provides the distributed ACME service (10.10.0+) then I believe it will just start working. I'd also strongly recommend to remove the symlink after installation/upgrade. It is only used once and when the pki-10.10.x packages land if it still exists then rpm may overwrite files. (In reply to Rob Crittenden from comment #3) > I'd also strongly recommend to remove the symlink after > installation/upgrade. It is only used once and when the pki-10.10.x packages > land if it still exists then rpm may overwrite files. Rob, thanks for your quick response and advice!! I've removed it on my environment. A new pki-core build is coming to CentOS Stream, it will bring pki 10.10 in a couple days -- dist-git already updated but the compose does not yet contain the builds. Once it is done, this bug will fix itself as FreeIPA will properly require pki-acme for pki-core 10.10. We also have a tightening PR on FreeIPA side to not configure ACME if pki-core version is below 10.10. So please close this bug once you are able to verify that an updated pki-core 10.10 build landed in CentOS Stream. https://git.centos.org/modules/pki-core/c/1dbc0e3ce47cccbbb08738701ea8a7f3fba41cfc?branch=c8s-stream-10.6 Fixed upstream master: https://pagure.io/freeipa/c/85d4f2d9c6f8ef7a9bd9a016d894ad273c58b6d2 Fixed upstream ipa-4-9: https://pagure.io/freeipa/c/3aeb9b8e40cc526fd5c5162158b9cc5755670f66 *** Bug 1917476 has been marked as a duplicate of this bug. *** $ podman run -ti quay.io/centos/centos:stream8 /bin/bash [root@171ba42fee31 /]# dnf module info pki-core:10.6 Last metadata expiration check: 0:00:10 ago on Mon Feb 15 07:16:33 2021. Name : pki-core Stream : 10.6 Version : 8040020210121175224 Context : d4d99205 Architecture : x86_64 Profiles : Default profiles : Repo : appstream Summary : PKI Core module for PKI 10.6 or later Description : A module for PKI Core packages for PKI version 10.6 or later. Requires : pki-deps:[10.6] : platform:[el8] Artifacts : jss-0:4.8.1-1.module_el8.4.0+651+f152bdd4.src : jss-0:4.8.1-1.module_el8.4.0+651+f152bdd4.x86_64 : jss-debuginfo-0:4.8.1-1.module_el8.4.0+651+f152bdd4.x86_64 : jss-debugsource-0:4.8.1-1.module_el8.4.0+651+f152bdd4.x86_64 : jss-javadoc-0:4.8.1-1.module_el8.4.0+651+f152bdd4.x86_64 : ldapjdk-0:4.22.0-1.module_el8.4.0+627+e8937f0b.noarch : ldapjdk-0:4.22.0-1.module_el8.4.0+627+e8937f0b.src : ldapjdk-javadoc-0:4.22.0-1.module_el8.4.0+627+e8937f0b.noarch : pki-acme-0:10.10.3-1.module_el8.4.0+651+f152bdd4.noarch : pki-base-0:10.10.3-1.module_el8.4.0+651+f152bdd4.noarch : pki-base-java-0:10.10.3-1.module_el8.4.0+651+f152bdd4.noarch : pki-ca-0:10.10.3-1.module_el8.4.0+651+f152bdd4.noarch : pki-core-0:10.10.3-1.module_el8.4.0+651+f152bdd4.src : pki-core-debuginfo-0:10.10.3-1.module_el8.4.0+651+f152bdd4.x86_64 : pki-core-debugsource-0:10.10.3-1.module_el8.4.0+651+f152bdd4.x86_64 : pki-kra-0:10.10.3-1.module_el8.4.0+651+f152bdd4.noarch : pki-server-0:10.10.3-1.module_el8.4.0+651+f152bdd4.noarch : pki-symkey-0:10.10.3-1.module_el8.4.0+651+f152bdd4.x86_64 : pki-symkey-debuginfo-0:10.10.3-1.module_el8.4.0+651+f152bdd4.x86_64 : pki-tools-0:10.10.3-1.module_el8.4.0+651+f152bdd4.x86_64 : pki-tools-debuginfo-0:10.10.3-1.module_el8.4.0+651+f152bdd4.x86_64 : python3-pki-0:10.10.3-1.module_el8.4.0+651+f152bdd4.noarch : tomcatjss-0:7.6.1-1.module_el8.4.0+627+e8937f0b.noarch : tomcatjss-0:7.6.1-1.module_el8.4.0+627+e8937f0b.src Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled, [a]ctive [root@171ba42fee31 /]# Based on the comments in https://bugzilla.redhat.com/show_bug.cgi?id=1913089#c9 and package existence in following centos 8 stream repo, moving this to closed now. http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os/Packages/pki-ca-10.10.3-1.module_el8.4.0+651+f152bdd4.noarch.rpm |