Bug 1368604
| Summary: | HE_APPLIANCE_ENGINE_SETUP_FAIL - Setup found legacy kerberos/ldap directory intergration | ||
|---|---|---|---|
| Product: | [oVirt] ovirt-hosted-engine-setup | Reporter: | Jiri Belka <jbelka> |
| Component: | General | Assignee: | Simone Tiraboschi <stirabos> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Jiri Belka <jbelka> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 2.0.1.4 | CC: | bugs, didi, melewis, mgoldboi, mkalinin, rhodain, sbonazzo, stirabos, ylavi |
| Target Milestone: | ovirt-4.0.4 | Flags: | rule-engine:
ovirt-4.0.z+
rule-engine: blocker+ mgoldboi: planning_ack+ sbonazzo: devel_ack+ mavital: testing_ack+ |
| Target Release: | 2.0.2 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Enhancement | |
| Doc Text: |
With this update, Red Hat Virtualization no longer supports legacy directory integration. A check has been added to the upgrade procedure as the migration to a new aaa provider can only be performed on Red Hat Virtualization 3.6.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-09-26 12:37:38 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Integration | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1369747 | ||
| Bug Blocks: | |||
|
Description
Jiri Belka
2016-08-19 22:31:36 UTC
Can be problematic if legacy kerberos/ldap directory servers run as VMs and were shutted down during this migration process :/ Thus another rollback-upgrade, start IPA and AD, and then I would try to use https://github.com/machacekondra/ovirt-engine-kerbldap-migration (In reply to Jiri Belka from comment #0) > Description of problem: > > There's no check for legacy kerberos/ldap directory intergration and thus > migration fails almost in the end. From engine-setup's POV, it fails right when it should have failed, during stage "Validation". From appliance upgrade tool POV, this is indeed late into the game. Perhaps we should allow asking the user whether to try running engine-setup again, after the user hopefully manually fixes things. We should add this validation before we start appliance upgrade like other checks we do. (In reply to Yaniv Dary from comment #4) > We should add this validation before we start appliance upgrade like other > checks we do. We ask the user to manually backup the engine and provide the backup file. Then we do some verification on this backup file. We can add something there for current bug. If we find there a new aaa setup, fine. Otherwise we should probably tell the user to manually handle this (upgrade to new aaa), backup again and provide new backup. This will not save all of the spent time but some of it. We can also provide a new, unrelated tool which we didn't introduce so far, say "check-migration-to-4.0-readiness" to run on the engine (not host). Either package in 3.6.9 or provide it as an independent tool to be copied and ran. Such a tool can also help bug 1368589 and similar stuff. Didi please work with Simone on this. ok, ovirt-hosted-engine-setup-2.0.2.2-2.el7ev.noarch
...
[ INFO ] Connecting to the Engine
[ ERROR ] ['ad-w2k8r2.example.com']: such AAA domains are still configured in a deprecated way that is not compatible with the current release; please upgrade them to ovirt-engine-extension mechanism before proceeding.
[ ERROR ] Failed to execute stage 'Environment customization': Unsupported AAA mechanism
[ INFO ] Stage: Clean up
[ INFO ] Stage: Pre-termination
[ INFO ] Stage: Termination
[ ERROR ] Hosted Engine upgrade failed
Log file is located at /var/log/ovirt-hosted-engine-setup/ovirt-hosted-engine-setup-20160916161859-1x9wnl.log
|