Red Hat Bugzilla – Bug 1447284
Upgrade from ipa-4.1 fails when enabling KDC proxy
Last modified: 2017-08-01 05:50:15 EDT
This bug is created as a clone of upstream ticket: https://pagure.io/freeipa/issue/6920 During an upgrade from IPA 4.1, when upgrade script attempts to enable KDC proxy by creating an LDAP entry in `cn=KDC,cn=vm,cn=master,cn=ipa,cn=etc,dc=example,dc=com` it fails, because the parent entry does not exist. This is a regression was introduced by b1a1e104391c84cb9af7b0a7c8748c8652442ddb /var/log/ipaupgrade.log ``` 2017-05-02T07:11:19Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute return_value = self.run() File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 46, in run server.upgrade() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1869, in upgrade upgrade_configuration() File "/usr/lib/python2.7/site-packages/ipaserver/install/server/upgrade.py", line 1658, in upgrade_configuration http.enable_kdcproxy() File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py", line 437, in enable_kdcproxy 'KDC', self.fqdn, [u'kdcProxyEnabled'], self.suffix) File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 214, in set_service_entry_config api.Backend.ldap2.add_entry(entry) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 1504, in add_entry self.conn.add_s(str(entry.dn), list(attrs.items())) File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__ self.gen.throw(type, value, traceback) File "/usr/lib/python2.7/site-packages/ipapython/ipaldap.py", line 966, in error_handler raise errors.NotFound(reason=arg_desc or 'no such entry') ```
master: https://pagure.io/freeipa/c/999706fcdfa7fd4206a2399aa578fb00753d9978 https://pagure.io/freeipa/c/4b8ab77dd4800bd9c6b822502462ee649c88c663 https://pagure.io/freeipa/c/ebefb281775d5bd5f32459ac597af78781d7dbf5 Not moving to POST, waiting for 4.5 patches
ipa-4-5: * cdefa3030fba0f9a79f65f91aec84a44795c17f5 python2-ipalib: add missing python dependency * 1662b0ef2fff6ee002afd99f86b9075a603b6027 installer service: fix typo in service entry * d10d5066aa60288703f2cf4b1a8dd7ed0aab8842 upgrade: add missing suffix to http instance Moving to POST.
IPA-server-version: ipa-server-4.5.0-12.el7.x86_64 Tested the bug for IPA upgrade from Rhel 7.1.z to Rhel 7.4 ( ipa 4.5.0.12) and it failed as per the observations listed in BZ#1451804
IPA server version: ipa-server-4.5.0-13.el7.x86_64 Tested the bug with following observations: 1) Verified that upgrade of IPA server to latest version is successful. 2) No errors/ failures are observed during upgrade process. 3) All the basic commands work successfully after upgrade. 4) Verified the same for other upgrade paths: - RHEL 7.1.z > Rhel 7.4 - RHEL 7.2.z > Rhel 7.4 - RHEL 7.3 > Rhel 7.4 - RHEL 7.3.z > Rhel 7.4 5) For log through UI after upgrade we are unable to login for which a separate bug is logged BZ#1451733 Thus on the basis of above observations, marking status of bug to "VERIFIED"
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2304