Bug 1208461
| Summary: | IPA CA master server update stuck on checking getStatus via https | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Vaclav Adamec <vaclav.adamec> | ||||
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 7.1 | CC: | jcholast, mbasti, rcritten, spoore, tbabej, tscherf, vaclav.adamec | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | ipa-4.2.0-0.1.alpha1.el7 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2015-11-19 12:00:31 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Hello, I can not find in ipaupgrade.log that IPA upgrade stopped httpd before CA check. Can you please check /var/log/httpd/error_log if there is an error which causes the httpd server is down? Hi, no luck to get it, I can replay it, but there is no info about service stop (but it's fully running before, during installation it stops or died) Ok nevermind, we plan to change this detection of the CA status. I was just curious, why was the httpd server stopped. Upstream ticket: https://fedorahosted.org/freeipa/ticket/4994 Fixed upstream master: https://fedorahosted.org/freeipa/changeset/3c86b0ef3e684d45301ae2c2452932ea4f279f08 How do I test this? Just check that the getStatus runs cleanly and returns something like this in the log: The CA status is: running Do I require multiple replicas for this test or can this be verified with 1 IPA Master? Thanks, Scott Meant to mark this needinfo. What actually needs to be checked here is that the original problem is resolved, that is, the upgrade from ipa-server-4.1.0-18.el7.x86_64 does not get stucked if performed on the CA master. Single master should be enough. Verified.
Version ::
ipa-server-4.2.0-12.el7.x86_64
Results ::
[root@rhel7-5 ~]# rpm -q ipa-server
ipa-server-4.1.0-18.el7_1.4.x86_64
[root@rhel7-5 ~]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
ipa_memcached Service: RUNNING
httpd Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa: INFO: The ipactl command was successful
# added RHEL7.2 repos
[root@rhel7-5 ~]# yum clean all
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Cleaning repos: beaker-rhel-7-updates beaker-rhel-7-updates-optional beaker-rhel-7.1-optional
: beaker-rhel-7.1-server idmqe-extras rhel-7.2-server rhel-7.2-server-optional
Cleaning up everything
[root@rhel7-5 ~]# yum update -y
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
...
Replaced:
ipa-server.x86_64 0:4.1.0-18.el7_1.4 libipa_hbac-python.x86_64 0:1.12.2-58.el7_1.17
Complete!
[root@rhel7-5 ~]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
ipa_memcached Service: RUNNING
httpd Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful
[root@rhel7-5 ~]# ipactl restart
Stopping pki-tomcatd Service
Restarting Directory Service
Restarting krb5kdc Service
Restarting kadmin Service
Restarting named Service
Restarting ipa_memcached Service
Restarting httpd Service
Restarting pki-tomcatd Service
Restarting ipa-otpd Service
Restarting ipa-dnskeysyncd Service
ipa: INFO: The ipactl command was successful
[root@rhel7-5 ~]# less /var/log/ipaupgrade.log
[root@rhel7-5 ~]# head -3 /var/log/ipaupgrade.log
2015-10-06T12:48:11Z DEBUG Logging to /var/log/ipaupgrade.log
2015-10-06T12:48:11Z DEBUG ipa-server-upgrade was invoked with arguments [] and options: {'skip_version_check': False, 'log_file': None, 'force': False, 'verbose': False, 'quiet': True}
2015-10-06T12:48:11Z DEBUG IPA version 4.2.0-12.el7
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2362.html |
Created attachment 1010100 [details] IPA upgrade log Description of problem: Upgrade ipa-server-4.1.0-18.el7.x86_64 to ipa-server-4.1.0-18.el7_1.3.x86_64 on master CA server Version-Release number of selected component (if applicable): ipa-server-4.1.0-18.el7.x86_64 tried: ipa-server-4.1.0-18.el7_1.3.x86_64 How reproducible: Install ipa-server-4.1.0-18.el7.x86_64, setup ipa system and replicas, add some testing servers than try to upgrade to ipa-server-4.1.0-18.el7_1.3.x86_64 on CA master. Actual results: Upgrade is ok on replicas, but on CA server it stucked, it tries to get result from "https://<ca_server>:443/ca/admin/ca/getStatus'" but it stops httpd service before this check, If you start httpd process during this steps it than upgrade response with: 2015-04-02T10:19:20Z DEBUG The CA status is: running 2015-04-02T10:19:20Z INFO The ipa-upgradeconfig command was successful and everything is ok. Expected results: Seamless upgrade in minor version updates Additional info: