Bug 1367022 - The ipa-server-upgrade command failed when named-pkcs11 does not happen to run during dnf upgrade
Summary: The ipa-server-upgrade command failed when named-pkcs11 does not happen to ru...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.3
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Kaleem
URL:
Whiteboard:
Depends On: 1365669
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-15 09:38 UTC by Jan Pazdziora
Modified: 2016-11-04 06:01 UTC (History)
14 users (show)

Fixed In Version: ipa-4.4.0-8.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1365669
Environment:
Last Closed: 2016-11-04 06:01:13 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2404 normal SHIPPED_LIVE ipa bug fix and enhancement update 2016-11-03 13:56:18 UTC

Comment 6 Nikhil Dehadrai 2016-09-19 14:58:17 UTC
IPA-server version: ipa-server-4.4.0-12.el7.x86_64
---------------------

Verified the bug on the basis of following observations:
1. Verified that after stoping "named-pkcs11" using "downloadonly" option updates are downloaded successfully. 
# systemctl stop named-pkcs11

# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: STOPPED
ipa_memcached Service: RUNNING
httpd Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful

# yum --downloadonly update 'ipa*' sssd

2. Noticed that on running update again , following message is observed at console

# yum -y update 'ipa*' sssd

  Cleanup    : libini_config-1.2.0-25.el7.x86_64                                                               141/141 
DNS query for vm-idm-016.testrelm.test. A failed: The DNS operation timed out after 30.0005340576 seconds
Skipping update of global DNS forwarder in LDAP: Unable to determine if local server is using an IP address belonging to an automatic empty zone. Consider changing forwarding policy to "only". DNS exception: The DNS operation timed out after 30.0005340576 seconds
  Verifying  : sssd-1.14.0-42.el7.x86_64                                                                         1/141 

3. Verified that ipa-server install task was run successfully within ipaupgrade.log and also the ipa-server package was updated.

# tail -10 /var/log/ipaupgrade.log 
2016-09-19T13:33:38Z DEBUG response status 200
2016-09-19T13:33:38Z DEBUG response headers {'date': 'Mon, 19 Sep 2016 13:33:38 GMT', 'content-length': '168', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'}
2016-09-19T13:33:38Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.3.3-10.el7</Version></XMLResponse>'
2016-09-19T13:33:38Z DEBUG Starting external process
2016-09-19T13:33:38Z DEBUG args=/bin/systemctl stop pki-tomcatd@pki-tomcat.service
2016-09-19T13:33:39Z DEBUG Process finished, return code=0
2016-09-19T13:33:39Z DEBUG stdout=
2016-09-19T13:33:39Z DEBUG stderr=
2016-09-19T13:33:39Z INFO The IPA services were upgraded
2016-09-19T13:33:39Z INFO The ipa-server-upgrade command was successful

# rpm -q ipa-server
ipa-server-4.4.0-12.el7.x86_64

# kinit admin
Password for admin@TESTRELM.TEST: 

# cat /var/log/ipaupgrade.log | grep "DNS operation"
2016-09-19T13:32:07Z ERROR DNS query for vm-idm-016.testrelm.test. A failed: The DNS operation timed out after 30.0005340576 seconds
2016-09-19T13:32:07Z ERROR Skipping update of global DNS forwarder in LDAP: Unable to determine if local server is using an IP address belonging to an automatic empty zone. Consider changing forwarding policy to "only". DNS exception: The DNS operation timed out after 30.0005340576 seconds

# ipactl restart
Stopping pki-tomcatd Service
Restarting Directory Service
Restarting krb5kdc Service
Restarting kadmin Service
Restarting named Service
Restarting ipa_memcached Service
Restarting httpd Service
Restarting ipa-custodia Service
Restarting ntpd Service
Restarting pki-tomcatd Service
Restarting ipa-otpd Service
Restarting ipa-dnskeysyncd Service
ipa: INFO: The ipactl command was successful

# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
ipa_memcached Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
ntpd Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful

Thus on the basis of above observations, marking the status of bug to "VERIFIED".

Comment 8 errata-xmlrpc 2016-11-04 06:01:13 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html


Note You need to log in before you can comment on or make changes to this bug.