Bug 1298097 - IPA server upgrade fails from RHEL 7.0 to RHEL 7.2 using "yum update ipa* sssd"
Summary: IPA server upgrade fails from RHEL 7.0 to RHEL 7.2 using "yum update ipa* sssd"
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.2
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Namita Soman
URL:
Whiteboard:
Depends On: 1286635
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-01-13 09:00 UTC by Jan Kurik
Modified: 2016-02-16 10:58 UTC (History)
12 users (show)

Fixed In Version: ipa-4.2.0-15.el7_2.5
Doc Type: Bug Fix
Doc Text:
The ipa packages require openssl packages of version 1.0.1e-42 or later. Previously, this requirement was missing from the spec file. As a consequence, upgrade of an IdM server could fail upon creating a SoftHSM database. With this update, the dependency on the correct version of openssl has been added to the spec file. As a result, the SoftHSM database is created and the upgrade is successful.
Clone Of: 1286635
Environment:
Last Closed: 2016-02-16 10:58:32 UTC
Target Upstream Version:

Attachments (Terms of Use)
Verification steps / logs for bug 1298097 (3.47 KB, text/plain)
2016-01-27 11:09 UTC, Nikhil Dehadrai 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:0211 0 normal SHIPPED_LIVE ipa bug fix update 2016-02-16 15:57:02 UTC

Description Jan Kurik 2016-01-13 09:00:51 UTC 
This bug has been copied from bug #1286635 and has been proposed
to be backported to 7.2 z-stream (EUS).
Comment 5 Nikhil Dehadrai 2016-01-25 18:09:03 UTC 
IPA server 7.0: ipa-server-3.3.3-28.el7.x86_64
IPA server 7.2 update 2: ipa-server-4.2.0-15.el7_2.4.x86_64

Tested the bug with following steps for RHEL 7.2 update 2:
1. Setup RHEL7.0 host with IPA master
2. Add RHEl7.2 and RHEL 7.2 update repos on the system.
3. Run command #yum update ipa* sssd
4. Verify the logs for yum update process along with ipaupgrade process.
# tail -f /var/log/messages
# tail -f /var/log/ipaupgrade.log
# tail -f /var/log/yum.log

Actual results:
1. After step4, Following error message is displayed at the screen:
IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
Unexpected error - see /var/log/ipaupgrade.log for details:
CalledProcessError: Command ''/usr/bin/softhsm2-util' '--init-token' '--slot' '0' '--label' 'ipaDNSSEC' '--pin' XXXXXXXX '--so-pin' XXXXXXXX' returned non-zero exit status 1

2. ipa-upgrade is successful (rpm -qa | grep ipa-server*)
3. openssl version is not updated (remains as openssl-1.0.1e-34.el7.x86_64 in my case)

On the basis of above observations, the error message is still observed while upgrade ipa-server from RHEL 7.0 to RHEL 7.2 update 2, thus marking the status of bug to "ASSIGNED".
Comment 6 Martin Bašti 2016-01-25 18:11:56 UTC 
We investigated it, and it requires to have specified epoch in specfile for opnssl, otherwise yum will not update openssl package.


Requires(pre): openssl >= 1:1.0.1e-42
Requires: openssl >= 1:1.0.1e-42
Comment 8 Nikhil Dehadrai 2016-01-27 11:08:24 UTC 
IPA server 7.0: ipa-server-3.3.3-28.el7.x86_64
IPA server 7.2 update 2: ipa-server-4.2.0-15.el7_2.5.x86_64

Verified the bug with following steps for RHEL 7.2 update 2:
1. Setup RHEL7.0 host with IPA master
2. Add RHEl7.2 and RHEL 7.2 update repos on the system.
3. Run command #yum update ipa* sssd
4. Once the update process is complete, Verified that upgrade of ipa-server to 4.2.0-15.el7_2.5 is successful.
5. Verified that no failure messages related to IPA update process are reported inside following log files:
# tail -f /var/log/messages
# tail -f /var/log/ipaupgrade.log
# tail -f /var/log/yum.log
6. Also verified that ipa server is updated successfully even when command #yum update is used.

Thus on the basis of above observations, marking the status of bug to "VERIFIED".

Please refer the attachment for logs related to this upgrade process.
Comment 9 Nikhil Dehadrai 2016-01-27 11:09:49 UTC 
Created attachment 1118757 [details]
Verification steps / logs for bug 1298097
Comment 11 errata-xmlrpc 2016-02-16 10:58:32 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0211.html
Note You need to log in before you can comment on or make changes to this bug.