Bug 1250724 - FreeIPA install fails during dogtag setup
FreeIPA install fails during dogtag setup
Product: Fedora
Classification: Fedora
Component: pki-core (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Matthew Harmsen
Fedora Extras Quality Assurance
RejectedBlocker AcceptedFreezeException
Depends On: 1245786 1344804
Blocks: F23AlphaFreezeException
  Show dependency treegraph
Reported: 2015-08-05 16:18 EDT by Stephen Gallagher
Modified: 2016-09-22 14:19 EDT (History)
10 users (show)

See Also:
Fixed In Version: pki-core-10.2.6-5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-09-22 14:19:27 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
IPA server install log (234.50 KB, text/plain)
2015-08-05 16:18 EDT, Stephen Gallagher
no flags Details

  None (edit)
Description Stephen Gallagher 2015-08-05 16:18:48 EDT
Created attachment 1059640 [details]
IPA server install log

Description of problem:
Running ipa-server-install fails. The error log implies that the problem occurs during dogtag pki setup.

Version-Release number of selected component (if applicable):

How reproducible:
Every time

Steps to Reproduce:
1. Run ipa-server-install with appropriate values

Actual results:
Installation fails with errors in the attached file

Expected results:
Installation succeeds

Additional info:
Comment 1 Stephen Gallagher 2015-08-05 16:20:06 EDT
For the record, the FreeIPA version is freeipa-server-4.1.4-5.fc23.x86_64
Comment 2 Fedora Blocker Bugs Application 2015-08-05 16:23:33 EDT
Proposed as a Blocker for 23-beta by Fedora user sgallagh using the blocker tracking app because:

 "The core functional requirements for all Featured Server Roles must be met, but it is acceptable if moderate workarounds are necessary to achieve this."

Due to this bug, it is impossible to deploy the Domain Controller Role (a Featured Server Role in Fedora 23)
Comment 3 Stephen Gallagher 2015-08-05 16:24:42 EDT
Meant to block Alpha...
Comment 4 Mike Ruckman 2015-08-05 16:29:55 EDT
+1 Alpha blocker
Comment 5 Endi Sukma Dewata 2015-08-05 17:02:02 EDT
This is caused by a new method added in a recent version of Tomcat which will be fixed with a new TomcatJSS build (bug #1245786).
Comment 6 Endi Sukma Dewata 2015-08-05 17:55:56 EDT
This is fixed by installing tomcatjss-7.1.3-1.fc23 package. The pki-core dependency will be updated soon.
Comment 7 Adam Williamson 2015-08-05 20:57:07 EDT
I'm -1 blocker. Let me explain: sgallagh doesn't think this needs to go on the DVD, as roles usually come from the network and it's fairly unusual for someone to install the deps from the DVD. We have a 'reasonable workarounds allowed' caveat in the criteria to allow for this.

This doesn't even really need to be pushed stable, as network role deployments should pull from updates-testing in any case (as it's enabled by default).
Comment 8 Stephen Gallagher 2015-08-05 21:05:21 EDT
To be clear, this fix still needed to be there. It's just that we happen to have a little wiggle-room on how we deliver it (we don't need to force a respin of the install media *just* for this). For the purposes of bookkeeping, I agree with the -1 blocker (as that would be defined as requiring it on the DVD). That said, if the release slipped for other reasons, I'd be +1 FE to putting this fix on subsequent respins.

That said, thank you for the fast turnaround on this. It's much appreciated.
Comment 9 Mike Ruckman 2015-08-07 13:19:35 EDT
This was discussed in the 2015-08-06 Go/No-Go meeting. It was denied as a blocker due to the wiggle room provided in the criterion. Accepted as an FE if we slip and have to respin.
Comment 10 Endi Sukma Dewata 2015-09-30 23:59:07 EDT
This was fixed in the following ticket:

Note You need to log in before you can comment on or make changes to this bug.