| Summary: | IPA Master Upgrade failed with argument of type 'NoneType' is not iterable | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Scott Poore <spoore> | ||||||||||
| Component: | ipa | Assignee: | Rob Crittenden <rcritten> | ||||||||||
| Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> | ||||||||||
| Severity: | unspecified | Docs Contact: | |||||||||||
| Priority: | unspecified | ||||||||||||
| Version: | 6.3 | CC: | jgalipea, mkosek | ||||||||||
| Target Milestone: | rc | ||||||||||||
| Target Release: | --- | ||||||||||||
| Hardware: | Unspecified | ||||||||||||
| OS: | Unspecified | ||||||||||||
| Whiteboard: | |||||||||||||
| Fixed In Version: | ipa-2.2.0-8.el6 | Doc Type: | Bug Fix | ||||||||||
| Doc Text: |
No documentation needed.
|
Story Points: | --- | ||||||||||
| Clone Of: | Environment: | ||||||||||||
| Last Closed: | 2012-06-20 13:26:17 UTC | Type: | --- | ||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||
| Documentation: | --- | CRM: | |||||||||||
| Verified Versions: | Category: | --- | |||||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
| Attachments: |
|
||||||||||||
Created attachment 573777 [details]
IPA Master ipaupgrade.log
Created attachment 573778 [details]
IPA Master dirsrv/slapd errors.log file
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2594 Created attachment 573780 [details]
IPA Master dirsrv/slapd access log file
Created attachment 573781 [details]
IPA Master ipaserver-install.log
Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/16b38d39b36eb0b39a77720e30ac4321e902e66b ipa-2-2: https://fedorahosted.org/freeipa/changeset/5b895af4065c6415fe7e9f5f2682c5ea63450d39 Verified.
Version :: ipa-server-2.2.0-8.el6.x86_64
Automated Test Results ::
Automated results not available from beaker jobs just yet but, here is a manual execution. Upgrade succeeded as did a check of test data. Then, confirming bug seen and logs will be checked here:
# upgrade_bz_808201
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [ LOG ] :: upgrade_bz_808201: IPA Master Upgrade failed with argument of type 'NoneType' is not iterable
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [13:48:53] :: Machine in recipe is MASTER
:: [13:48:53] :: Restarting IPA services
Restarting Directory Service
Shutting down dirsrv:
PKI-IPA... [ OK ]
TESTRELM-COM... [ OK ]
Starting dirsrv:
PKI-IPA... [ OK ]
TESTRELM-COM... [ OK ]
Restarting KDC Service
Stopping Kerberos 5 KDC: [ OK ]
Starting Kerberos 5 KDC: [ OK ]
Restarting KPASSWD Service
Stopping Kerberos 5 Admin Server: [ OK ]
Starting Kerberos 5 Admin Server: [ OK ]
Restarting DNS Service
Stopping named: . [ OK ]
Starting named: [ OK ]
Restarting MEMCACHE Service
Stopping ipa_memcached: [ OK ]
Starting ipa_memcached: [ OK ]
Restarting HTTP Service
Stopping httpd: [ OK ]
Starting httpd: [Mon Apr 09 13:49:11 2012] [warn] worker ajp://localhost:9447/ already used by another worker
[Mon Apr 09 13:49:11 2012] [warn] worker ajp://localhost:9447/ already used by another worker
[ OK ]
Restarting CA Service
Stopping pki-ca: [ OK ]
Starting pki-ca: [ OK ]
:: [ PASS ] :: Running 'ipactl restart'
:: [13:49:51] :: Check for Kerberos error from ipa user-find command
:: [ PASS ] :: Running 'ipa user-find > /tmp/errormsg.out 2>&1'
:: [13:49:58] :: check for NoneType is not iterable error in /var/log/ipaupgrade
:: [ PASS ] :: BZ 808201 not found...ipa user-find after upgrade succeeded. No error returned.
result_server not set, assuming developer mode.
Setting 192.168.122.101 to state upgrade_bz_808201.35
:: [ PASS ] :: Running 'rhts-sync-set -s 'upgrade_bz_808201.35' -m 192.168.122.101'
Manual Test Results ::
# ipa user-find
---------------
3 users matched
---------------
User login: admin
Last name: Administrator
Home directory: /home/admin
Login shell: /bin/bash
UID: 977800000
GID: 977800000
Account disabled: False
Password: True
Kerberos keys available: True
User login: jack
First name: First
Last name: Last
Home directory: /home/jack
Login shell: /bin/sh
UID: 977800003
GID: 977800003
Account disabled: False
Password: True
Kerberos keys available: True
User login: jill
First name: First
Last name: Last
Home directory: /home/jill
Login shell: /bin/sh
UID: 977800004
GID: 977800004
Account disabled: False
Password: True
Kerberos keys available: True
----------------------------
Number of entries returned 3
----------------------------
# grep "Upgrade failed with argument of type" /var/log/ipaupgrade.log
#
# rpm -q ipa-server
ipa-server-2.2.0-8.el6.x86_64
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
No documentation needed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html |
Description of problem: Attempting to upgrade the IPA master in a master and replica configuration failed. Master and replica both running 2.1.3. Attempted to upgrade master to 2.2.0-5. From command output, it appeared as if the master upgrade succeeded. Attempting to run ipa commands afterwards though shows kerberos errors. Inspection of the ipaupgrade.log file shows the errors listed in the summary. Version-Release number of selected component (if applicable): # rpm -q ipa-server 389-ds-base krb5-server bind-dyndb-ldap pki-common ipa-server-2.2.0-5.el6.x86_64 389-ds-base-1.2.10.2-4.el6.x86_64 krb5-server-1.9-32.el6.x86_64 bind-dyndb-ldap-1.1.0-0.5.b1.el6.x86_64 pki-common-9.0.3-24.el6.noarch How reproducible: So far, it appears that it is always reproducable. Steps to Reproduce: 1. <setup ipa 2.1.3-9 master on RHEL6.2 > 2. <setup ipa 2.1.3-9 replica on RHEL6.2> 3. <setup ipa 2.1.3-9 client on RHEL6.2> # this may be optional but, it's what I was doing. 4. <add some test data to IPA> 5. <add yum repos for RHEL6.3 and/or IPA 2.2.0-5> 6. yum -u update 'ipa*' 7. kdestroy 8. kinit admin 9. ipa user-find 10. less /var/log/ipaupgrade.log Actual results: # ipa user-find ipa: ERROR: Kerberos error: did not receive Kerberos credentials/ Expected results: returns user list per normal operations. Additional info: /var/log/ipaupgrade.log entries: 2012-03-29T18:47:49Z DEBUG me to qe-blade-12.testrelm.com 2012-03-29T18:47:49Z ERROR Upgrade failed with argument of type 'NoneType' is not iterable 2012-03-29T18:47:49Z DEBUG Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/ipaserver/install/upgradeinstance.py", line 107, in __upgrade self.modified = ld.update(self.files) File "/usr/lib/python2.6/site-packages/ipaserver/install/ldapupdate.py", line 792, in update updates = api.Backend.updateclient.update(PRE_UPDATE, self.dm_password, self.ldapi, self.live_run) File "/usr/lib/python2.6/site-packages/ipaserver/install/plugins/updateclient.py", line 135, in update (restart, apply_now, res) = self.run(update.name, **kw) File "/usr/lib/python2.6/site-packages/ipaserver/install/plugins/updateclient.py", line 165, in run return self.Updater[method](**kw) #pylint: disable=E1101 File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 1347, in __call__ return self.execute(**options) File "/usr/lib/python2.6/site-packages/ipaserver/install/plugins/fix_replica_memberof.py", line 46, in execute if 'memberof' not in replica.nsDS5ReplicatedAttributeList: TypeError: argument of type 'NoneType' is not iterable