Bug 1957768
Summary: | ipa-server-upgrade is failing while upgrading rhel8.3 to rhel8.4 | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Mohammad Rizwan <myusuf> | |
Component: | ipa | Assignee: | Thomas Woerner <twoerner> | |
Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> | |
Severity: | urgent | Docs Contact: | lmcgarry | |
Priority: | unspecified | |||
Version: | 8.4 | CC: | lmcgarry, pcech, pvoborni, rcritten, ssidhaye, toneata, tscherf, twoerner | |
Target Milestone: | beta | Keywords: | Triaged, ZStream | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | ipa-4.9.5-1 | Doc Type: | If docs needed, set a value | |
Doc Text: |
.Upgrading an IdM server from RHEL 8.3 to RHEL 8.4 fails if pki-ca package version is earlier than 10.10.5
The IdM server upgrade program, `ipa-server-upgrade`, fails if the `pki-ca` package version is earlier than 10.10.5. As the required files do not exist in these versions, the IdM server upgrade does not complete successfully both at package installation and when `ipa-server-upgrade` or `ipactl` are executed.
To resolve this issue, upgrade the `pki-*` packages to version 10.10.5 or higher and run the `ipa-server-upgrade` command again.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1959984 (view as bug list) | Environment: | ||
Last Closed: | 2021-11-09 18:29:22 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1959984 |
Description
Mohammad Rizwan
2021-05-06 12:38:46 UTC
This is upgrading a non-ACME-capable installation to an ACME-capable one. A file existence check needs to be added. Upstream ticket: https://pagure.io/freeipa/issue/8832 Upstream PR https://github.com/freeipa/freeipa/pull/5756 Fixed upstream master: https://pagure.io/freeipa/c/8dac8ad834164062ef0a49d20c7bfcdf1773fbe5 Fixed upstream ipa-4-9: https://pagure.io/freeipa/c/1aa3f7a7fd24c651aafde150351328148fd517be Kaleem discovered an important point. The version of pki-ca matters. The failing test uses pki-ca-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch which lacks ACME support. Kaleem tested with pki-ca-10.10.5-2.module+el8.4.0+10466+9830f79e.noarch which works because it is ACME-capable so ACME was deployed and the missing directory and files exist. So the workaround if this happens is to upgrade the pki-* packages and re-run ipa-server-upgrade. We need to bump the Requires in ipa.spec from 10.9.0-0.4 to 10.10.5 and ideally include the upstream patch as well for correctness. Build used for verification: ipa-client-4.9.5-1.module+el8.5.0+11410+91a33fe4.x86_64 ipa-client-common-4.9.5-1.module+el8.5.0+11410+91a33fe4.noarch ipa-common-4.9.5-1.module+el8.5.0+11410+91a33fe4.noarch ipa-healthcheck-0.7-6.module+el8.5.0+11410+91a33fe4.noarch ipa-healthcheck-core-0.7-6.module+el8.5.0+11410+91a33fe4.noarch ipa-selinux-4.9.2-4.module+el8.4.0+11156+94d209c1.noarch ipa-server-4.9.5-1.module+el8.5.0+11410+91a33fe4.x86_64 ipa-server-common-4.9.5-1.module+el8.5.0+11410+91a33fe4.noarch ipa-server-dns-4.9.5-1.module+el8.5.0+11410+91a33fe4.noarch ipa-server-trust-ad-4.9.5-1.module+el8.5.0+11410+91a33fe4.x86_64 Repo Used: http://download.eng.bos.redhat.com/rhel-8/nightly/RHEL-8/latest-RHEL-8.5.0/compose/AppStream/x86_64/os/Packages/ Test Results: 2021-07-02T04:27:53 collecting ... collected 5 items 2021-07-02T04:27:53 2021-07-02T04:37:46 src/ipa_upgrade/test_upgrade.py::TestExternalCA::test_upgrade_external_ca PASSED [ 20%] 2021-07-02T04:37:47 src/ipa_upgrade/test_upgrade.py::TestExternalCA::test_upgrade_logs PASSED [ 40%] 2021-07-02T04:38:42 src/ipa_upgrade/test_upgrade.py::TestExternalCA::test_upgrade_services PASSED [ 60%] 2021-07-02T04:38:44 src/ipa_upgrade/test_upgrade.py::TestExternalCA::test_user_verification PASSED [ 80%] 2021-07-02T04:39:12 src/ipa_upgrade/test_upgrade.py::TestExternalCA::test_upgrade_teardown PASSED [100%] 2021-07-02T04:39:12 2021-07-02T04:39:12 - generated xml file: /home/jenkins/workspace/trigger-test-suite-tool/test-suite/junit.xml - 2021-07-02T04:39:12 - generated html file: file:///home/jenkins/workspace/trigger-test-suite-tool/test-suite/report.html - 2021-07-02T04:39:12 ========================== 5 passed in 679.00 seconds ========================== Attaching report.html for reference. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ipa bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:4230 |