Bug 2005897

Summary: ipa-server-install command fails to install IPA server after install/uninstall some security packages
Product: Red Hat Enterprise Linux 7 Reporter: Daniel Filho <dcamilof>
Component: ipaAssignee: Florence Blanc-Renaud <frenaud>
Status: CLOSED DUPLICATE QA Contact: ipa-qe <ipa-qe>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.9CC: abokovoy, rcritten, tscherf
Target Milestone: rcFlags: frenaud: needinfo?
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-09-22 18:13:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 8 Florence Blanc-Renaud 2021-09-20 14:27:10 UTC 
According to the attached list of installed rpms:
389-ds-base-1.3.10.2-12.el7_9.x86_64 
pki-server-10.5.18-12.el7_9.noarch
ipa-server-4.6.8-5.el7_9.4.x86_64

The customer is hitting known issue Bug 1949136 - PKI instance creation failed with new 389-ds-base build [rhel-7.9.z] and should also apply pki (https://access.redhat.com/errata/RHBA-2021:2315) and ipa (https://access.redhat.com/errata/RHBA-2021:2324) updates.

As a general rule, please refer to https://access.redhat.com/articles/11258, especially the following sentence:
----- 8< -----
Applying package updates on Red Hat Enterprise Linux 7

Before installing an update, make sure all previously released errata relevant to the system have been applied.
----- >8 -----

Please let me know if it solves the issue, and I will close this BZ as a duplicate.
Comment 10 Florence Blanc-Renaud 2021-09-22 18:13:47 UTC 
> Customer question.
> -----
> If these new versions fix a broken version of 389-ds-base-1.3.10.2-12.el7_9.x86_64, but why these packages did not get downloaded when we used below command?
> 
>    yum --security update   --downloadonly --downloaddir=/tmp/security_rpms  
> 
> even though 389-ds-base-1.3.10.2-12.el7_9.x86_64 broken version of RPM gets downloaded via patch update.
> -----

"yum update --downloadonly" doesn't apply the updates but only downloads the rpms. Extract from the man page yum(8):
----- 8< -----
       --downloadonly
              Download the resolved package set without performing any rpm transaction (install/upgrade/erase).
----- >8 -----

If the command to apply the updates was focused on 389-ds packages only, the other packages would not get updated (for instance dnf update /tmp/security_rpms/389-ds-*.rpm).

I am closing this issue as a duplicate of BZ #1949136.

*** This bug has been marked as a duplicate of bug 1949136 ***