Bug 1298097 - IPA server upgrade fails from RHEL 7.0 to RHEL 7.2 using "yum update ipa* sssd"
IPA server upgrade fails from RHEL 7.0 to RHEL 7.2 using "yum update ipa* sssd"
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
7.2
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: IPA Maintainers
Namita Soman
: ZStream
Depends On: 1286635
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-13 04:00 EST by Jan Kurik
Modified: 2016-02-16 05:58 EST (History)
12 users (show)

See Also:
Fixed In Version: ipa-4.2.0-15.el7_2.5
Doc Type: Bug Fix
Doc Text:
The ipa packages require openssl packages of version 1.0.1e-42 or later. Previously, this requirement was missing from the spec file. As a consequence, upgrade of an IdM server could fail upon creating a SoftHSM database. With this update, the dependency on the correct version of openssl has been added to the spec file. As a result, the SoftHSM database is created and the upgrade is successful.
Story Points: ---
Clone Of: 1286635
Environment:
Last Closed: 2016-02-16 05:58:32 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Verification steps / logs for bug 1298097 (3.47 KB, text/plain)
2016-01-27 06:09 EST, Nikhil Dehadrai
no flags Details

  None (edit)
Description Jan Kurik 2016-01-13 04:00:51 EST
This bug has been copied from bug #1286635 and has been proposed
to be backported to 7.2 z-stream (EUS).
Comment 5 Nikhil Dehadrai 2016-01-25 13:09:03 EST
IPA server 7.0: ipa-server-3.3.3-28.el7.x86_64
IPA server 7.2 update 2: ipa-server-4.2.0-15.el7_2.4.x86_64

Tested the bug with following steps for RHEL 7.2 update 2:
1. Setup RHEL7.0 host with IPA master
2. Add RHEl7.2 and RHEL 7.2 update repos on the system.
3. Run command #yum update ipa* sssd
4. Verify the logs for yum update process along with ipaupgrade process.
# tail -f /var/log/messages
# tail -f /var/log/ipaupgrade.log
# tail -f /var/log/yum.log

Actual results:
1. After step4, Following error message is displayed at the screen:
IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
Unexpected error - see /var/log/ipaupgrade.log for details:
CalledProcessError: Command ''/usr/bin/softhsm2-util' '--init-token' '--slot' '0' '--label' 'ipaDNSSEC' '--pin' XXXXXXXX '--so-pin' XXXXXXXX' returned non-zero exit status 1

2. ipa-upgrade is successful (rpm -qa | grep ipa-server*)
3. openssl version is not updated (remains as openssl-1.0.1e-34.el7.x86_64 in my case)

On the basis of above observations, the error message is still observed while upgrade ipa-server from RHEL 7.0 to RHEL 7.2 update 2, thus marking the status of bug to "ASSIGNED".
Comment 6 Martin Bašti 2016-01-25 13:11:56 EST
We investigated it, and it requires to have specified epoch in specfile for opnssl, otherwise yum will not update openssl package.


Requires(pre): openssl >= 1:1.0.1e-42
Requires: openssl >= 1:1.0.1e-42
Comment 8 Nikhil Dehadrai 2016-01-27 06:08:24 EST
IPA server 7.0: ipa-server-3.3.3-28.el7.x86_64
IPA server 7.2 update 2: ipa-server-4.2.0-15.el7_2.5.x86_64

Verified the bug with following steps for RHEL 7.2 update 2:
1. Setup RHEL7.0 host with IPA master
2. Add RHEl7.2 and RHEL 7.2 update repos on the system.
3. Run command #yum update ipa* sssd
4. Once the update process is complete, Verified that upgrade of ipa-server to 4.2.0-15.el7_2.5 is successful.
5. Verified that no failure messages related to IPA update process are reported inside following log files:
# tail -f /var/log/messages
# tail -f /var/log/ipaupgrade.log
# tail -f /var/log/yum.log
6. Also verified that ipa server is updated successfully even when command #yum update is used.

Thus on the basis of above observations, marking the status of bug to "VERIFIED".

Please refer the attachment for logs related to this upgrade process.
Comment 9 Nikhil Dehadrai 2016-01-27 06:09 EST
Created attachment 1118757 [details]
Verification steps / logs for bug 1298097
Comment 11 errata-xmlrpc 2016-02-16 05:58:32 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0211.html

Note You need to log in before you can comment on or make changes to this bug.