Hide Forgot
Description of problem: Currently the code that upgrades/uninstall simple services (like ipa-otpd, ipa_memcached) assumes that the simple service in question is always fully installed and has a systemd service file available. This, however, is not always true (e.g. in containerized environments) and can cause problems during upgrades of ipa-server container (as reported in https://bugzilla.redhat.com/show_bug.cgi?id=1454719). The service installers/uninstallers must be able to gracefuly handle these situations and additionally check whether the component in question really is available on the system for management Version-Release number of selected component (if applicable): ipa-server 4.5.0-13.el7 Additional info: See https://bugzilla.redhat.com/show_bug.cgi?id=1454719 for a bug caused by this defect and a reproducer.
Upstream ticket: https://pagure.io/freeipa/issue/6977
Fixed upstream ipa-4-5: https://pagure.io/freeipa/c/6114150de20a7d8371c7383f619cd0fefe339cbf master: https://pagure.io/freeipa/c/8b6f8ed7d47542b9bd8b7453a8a0e202ed1db97d
ipa-server-version: ipa-server-4.5.0-15.el7.x86_64 Verified the bug on the basis of following observations: 1. Verified that when "/usr/lib/systemd/system/ipa_memcached.service" is removed and ipa-server is upgraded, then following warning message is removed during upgrade process: warning: file /usr/lib/systemd/system/ipa_memcached.service: remove failed: No such file or directory 2. After upgrade process is complete no errors are observed, see below: [root@inferno ~]# tail -1 /var/log/ipaupgrade.log 2017-06-07T10:03:21Z INFO The ipa-server-upgrade command was successful [root@inferno ~]# rpm -q ipa-server ipa-server-4.5.0-15.el7.x86_64 [root@inferno ~]# kinit admin Password for admin@TESTRELM.TEST: [root@inferno ~]# ipactl status Directory Service: RUNNING krb5kdc Service: RUNNING kadmin Service: RUNNING named Service: RUNNING httpd Service: RUNNING ipa-custodia Service: RUNNING ntpd Service: RUNNING pki-tomcatd Service: RUNNING ipa-otpd Service: RUNNING ipa-dnskeysyncd Service: RUNNING ipa: INFO: The ipactl command was successful [root@inferno ~]# ipactl restart Stopping pki-tomcatd Service Restarting Directory Service Restarting krb5kdc Service Restarting kadmin Service Restarting named Service Restarting httpd Service Restarting ipa-custodia Service Restarting ntpd Service Restarting pki-tomcatd Service Restarting ipa-otpd Service Restarting ipa-dnskeysyncd Service ipa: INFO: The ipactl command was successful [root@inferno ~]# ls -l /usr/lib/systemd/system/ipa_memcached.service ls: cannot access /usr/lib/systemd/system/ipa_memcached.service: No such file or directory [root@inferno ~]# ipa user-find -------------- 1 user matched -------------- User login: admin Last name: Administrator Home directory: /home/admin Login shell: /bin/bash Principal alias: admin@TESTRELM.TEST UID: 1075400000 GID: 1075400000 Account disabled: False ---------------------------- Number of entries returned 1 ---------------------------- [root@inferno ~]# ipa host-find -------------- 1 host matched -------------- Host name: inferno.testrelm.test Principal name: host/inferno.testrelm.test@TESTRELM.TEST Principal alias: host/inferno.testrelm.test@TESTRELM.TEST SSH public key fingerprint: SHA256:LF8wIaQeKN6ww4llCkbPs6IuinEPL1O9At2QpyE23Qw (ssh-rsa), SHA256:8jo0PBAD920N1MPQ/Kns9cspcu97gixeAvatoNbc4o0 (ssh-ed25519), SHA256:8Yi1pl7+Nm8jaBwDDI3mjGnxVFqehziZ1CedR8sLjI0 (ecdsa- sha2-nistp256) ---------------------------- Number of entries returned 1 ---------------------------- [root@inferno ~]# cat /var/log/httpd/error_log | grep -rn "maximum recursion depth" [root@inferno ~]# cat /var/log/httpd/error_log | grep -rn "recursion" [root@inferno ~]# cat /var/log/httpd/error_log | grep -rn "maximum" [root@inferno ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.65.206.77 inferno.testrelm.test inferno [root@inferno ~]# ipa user-show User login: admin User login: admin Last name: Administrator Home directory: /home/admin Login shell: /bin/bash Principal alias: admin@TESTRELM.TEST UID: 1075400000 GID: 1075400000 Account disabled: False Password: True Member of groups: admins, trust admins Kerberos keys available: True [root@inferno ~]# cat /var/log/httpd/error_log | grep -rn "gssapi" [root@inferno ~]# cat /var/log/httpd/error_log | grep -rn "GSSError" 3. Verified the same for following upgrade paths: - Rhel 7.3.z > 7.4 - Rhel 7.3 GA > 7.4 - Rhel 7.2.z > 7.4 Thus on the basis of above observations marking status of bug to "VERIFIED"
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2304